Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / doc / a71ch / a71ch_sss.html
blob: 9188cefaeb7e3c5753534f94fb78165d4a78d68f [file] [log] [blame]
<!DOCTYPE html>
<!--
Copyright 2019 NXP
This software is owned or controlled by NXP and may only be used
strictly in accordance with the applicable license terms. By expressly
accepting such terms or by downloading, installing, activating and/or
otherwise using the software, you are agreeing that you have read, and
that you agree to comply with and are bound by, such license terms. If
you do not agree to be bound by the applicable license terms, then you
may not retain, install, activate or otherwise use the software.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title>10.1. A71CH and SSS API &#8212; Plug &amp; Trust MW v03.00.05 documentation</title>
<link rel="stylesheet" href="../_static/bootstrap-sphinx.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" type="text/css" href="../_static/graphviz.css" />
<script id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
<script src="../_static/jquery.js"></script>
<script src="../_static/underscore.js"></script>
<script src="../_static/doctools.js"></script>
<script src="../_static/language_data.js"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="10.2. Miscellaneous" href="a71ch_miscellaneous.html" />
<link rel="prev" title="10. A71CH" href="../a71ch.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<script type="text/javascript" src="../_static/js/jquery-1.11.0.min.js "></script>
<script type="text/javascript" src="../_static/js/jquery-fix.js "></script>
<script type="text/javascript" src="../_static/bootstrap-3.3.7/js/bootstrap.min.js "></script>
<script type="text/javascript" src="../_static/bootstrap-sphinx.js "></script>
</head><body>
<div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<!-- .btn-navbar is used as the toggle for collapsed navbar content -->
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="../toc.html"><span><img src="../_static/NXP_logo_JPG.jpg"></span>
MW</a>
<span class="navbar-text navbar-version pull-left"><b>v03.00.05</b></span>
</div>
<div class="collapse navbar-collapse nav-collapse">
<ul class="nav navbar-nav">
<li class="dropdown globaltoc-container">
<a role="button"
id="dLabelGlobalToc"
data-toggle="dropdown"
data-target="#"
href="../toc.html">TOC <b class="caret"></b></a>
<ul class="dropdown-menu globaltoc"
role="menu"
aria-labelledby="dLabelGlobalToc"><ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html">1. NXP Plug &amp; Trust Middleware</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../organization-of-documentation.html">1.1. Organization of Documentation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../folder-structure.html">1.2. Folder Structure</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sw-prerequisites.html">1.3. List of Platform Prerequisites</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../changes/index.html">2. Changes</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../changes/pending.html">2.1. Pending Refactoring items</a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/pending.html#known-limitations">2.2. Known limitations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_05.html">2.3. Release <code class="docutils literal notranslate"><span class="pre">v03.00.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_04.html">2.4. Release <code class="docutils literal notranslate"><span class="pre">v03.00.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_03.html">2.5. Release <code class="docutils literal notranslate"><span class="pre">v03.00.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_02.html">2.6. Release <code class="docutils literal notranslate"><span class="pre">v03.00.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_16_01.html">2.7. Release <code class="docutils literal notranslate"><span class="pre">v02.16.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_16_00.html">2.8. Release <code class="docutils literal notranslate"><span class="pre">v02.16.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_15_00.html">2.9. Release <code class="docutils literal notranslate"><span class="pre">v02.15.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_14_00.html">2.10. Release <code class="docutils literal notranslate"><span class="pre">v02.14.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html">2.11. Release <code class="docutils literal notranslate"><span class="pre">v02.12.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-04">2.12. Release <code class="docutils literal notranslate"><span class="pre">v02.12.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-03">2.13. Release <code class="docutils literal notranslate"><span class="pre">v02.12.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-02">2.14. Release <code class="docutils literal notranslate"><span class="pre">v02.12.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-01">2.15. Release <code class="docutils literal notranslate"><span class="pre">v02.12.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-00">2.16. Release <code class="docutils literal notranslate"><span class="pre">v02.12.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_03.html">2.17. Release <code class="docutils literal notranslate"><span class="pre">v02.11.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_01.html">2.18. Internal Release <code class="docutils literal notranslate"><span class="pre">v02.11.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_00.html">2.19. Release <code class="docutils literal notranslate"><span class="pre">v02.11.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_10_00.html">2.20. Release <code class="docutils literal notranslate"><span class="pre">v02.10.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_09_00.html">2.21. Release <code class="docutils literal notranslate"><span class="pre">v02.09.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_07_00.html">2.22. Release <code class="docutils literal notranslate"><span class="pre">v02.07.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_06_00.html">2.23. Release <code class="docutils literal notranslate"><span class="pre">v02.06.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html">2.24. Release <code class="docutils literal notranslate"><span class="pre">v02.05.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html#release-v02-04-00">2.25. Release <code class="docutils literal notranslate"><span class="pre">v02.04.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html#release-02-03-00">2.26. Release <code class="docutils literal notranslate"><span class="pre">02.03.00</span></code></a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../stack/index.html">3. Plug &amp; Trust MW Stack</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../stack/features.html">3.1. Features</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/features.html#plug-trust-mw-block-diagram">3.2. Plug &amp; Trust MW : Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sss-apis.html">3.3. SSS APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/se05xfeatures.html">3.4. SSS APIs: SE051 vs SE050</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/param_checks.html">3.5. Parameter Check &amp; Conventions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/i2cm.html">3.6. I2CM / Secure Sensor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/logging.html">3.7. Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/feature-file.html">3.8. Feature File - <code class="docutils literal notranslate"><span class="pre">fsl_sss_ftr.h</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/platf-scp-from-fs.html">3.9. Using Platform SCP Keys from File System</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects.html">3.10. Auth Objects</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-userid.html">3.11. Auth Objects : UserID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-aeskey.html">3.12. Auth Objects : AESKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-eckey.html">3.13. Auth Objects : ECKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html">3.14. Key Id Range and Purpose</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html#authentication-keys">3.15. Authentication Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html#trust-provisioned-keyids">3.16. Trust provisioned KeyIDs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sss/ex/doc/puf-scp03.html">3.17. SCP03 with PUF</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sss/doc/sss_heap_management.html">3.18. SSS Heap Management</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../building/index.html">4. Building / Compiling</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../building/windows.html">4.1. Windows Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../building/frdm-k64f-sdk.html">4.2. Import MCUXPresso projects from SDK</a></li>
<li class="toctree-l2"><a class="reference internal" href="../building/frdm-k64f-cmake.html">4.3. Freedom K64F Build (CMake - Advanced)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../building/imx6.html">4.4. i.MX Linux Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../building/rpi3.html">4.5. Raspberry Pi Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../building/cmake.html">4.6. CMake</a></li>
<li class="toctree-l2"><a class="reference internal" href="../scripts/cmake_options.html">4.7. CMake Options</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../demos/index.html">5. Demo and Examples</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#demo-list">5.1. Demo List</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#sss-api-examples">5.2. SSS API Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#cloud-demos">5.3. Cloud Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#linux-specific-demos">5.4. Linux Specific Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#opc-ua-example">5.5. OPC-UA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#arm-psa-example">5.6. ARM PSA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#se05x-examples">5.7. SE05X Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#openssl-examples">5.8. OpenSSL Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#semslite-examples">5.12. Semslite examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/index.html#puf-examples">5.13. PUF examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html">6.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#building-and-running-the-edgelock-2go-agent">6.2. Building and running the EdgeLock 2GO agent</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#datastore-keystore">6.3. Datastore / Keystore</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#connection-to-the-edgelock-2go-cloud-service">6.4. Connection to the EdgeLock 2GO cloud service</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#claim-codes">6.5. Claim Codes</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/edgelock2go_agent_apis.html">6.6. API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/readme_usage_examples.html">6.7. Usage Examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../semslite/doc/index.html">7. SEMS Lite Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_overview.html">7.1. SEMS Lite Overview (Only for SE051)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_package.html">7.2. Update Package</a></li>
<li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_usage.html">7.3. SEMS Lite Agent Usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_mgmt_api.html">7.4. SEMS Lite management APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_process.html">7.5. SEMS Lite Agent Package Load Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_api.html">7.6. APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_known_issue.html">7.7. SEMS Lite Known Issue</a></li>
<li class="toctree-l2"><a class="reference internal" href="../semslite/doc/demo_update.html">7.8. SEMS Lite DEMOs</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../plugins/index.html">8. Plugins / Add-ins</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../sss/plugin/openssl/scripts/readme.html">8.1. Introduction on OpenSSL engine</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sss/plugin/mbedtls/scripts/readme.html">8.2. Introduction on mbedTLS ALT Implementation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sss/plugin/psa/Readme.html">8.3. Platform Security Architecture</a></li>
<li class="toctree-l2"><a class="reference internal" href="../plugins/akm.html">8.4. Android Key master</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sss/plugin/open62541/readme.html">8.5. Introduction on Open62541 (OPC UA stack)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../plugins/wifiEAP/wifiEAP.html">8.6. WiFi EAP Demo with Raspberry Pi3</a></li>
<li class="toctree-l2"><a class="reference internal" href="../plugins/pkcs11.html">8.7. PKCS#11 Standalone Library</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../cli-tool.html">9. CLI Tool</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../pycli/doc/introduction.html">9.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pycli/doc/block-diagram.html">9.2. Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pycli/doc/pre-steps.html">9.3. Steps needed before running <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pycli/doc/running.html">9.4. Running the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool - Windows</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pycli/Provisioning/readme.html">9.5. CLI Provisioning</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pycli/doc/readme_usage_examples.html">9.6. Usage Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_commands_list.html">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_data_format.html">9.8. CLI Data formats</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_object_policy.html">9.9. Object Policies Through ssscli</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/upload_se05x_using_pycli.html">9.10. Upload keys and certificates to SE05X using ssscli tool</a></li>
</ul>
</li>
<li class="toctree-l1 current"><a class="reference internal" href="../a71ch.html">10. A71CH</a><ul class="current">
<li class="toctree-l2 current"><a class="current reference internal" href="#">10.1. A71CH and SSS API</a></li>
<li class="toctree-l2"><a class="reference internal" href="a71ch_miscellaneous.html">10.2. Miscellaneous</a></li>
<li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li>
<li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li>
<li class="toctree-l2"><a class="reference internal" href="a71ch_configure_tool.html">10.5. A71CH Legacy Configure Tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../appendix.html">11. Appendix</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../appendix/glossary.html">11.1. Glossary</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/vcom.html">11.2. APDU Commands over VCOM</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/vs2019-setup.html">11.3. Visual Studio 2019 Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/ide_mcux.html">11.4. Setting up MCUXPresso IDE</a></li>
<li class="toctree-l2"><a class="reference internal" href="../dev-platforms.html">11.5. Development Platforms</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/se_uid.html">11.6. How to get SE Platform Information and UID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/version_info.html">11.7. Version Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../demos/Certificate_Chains/Readme.html">11.8. Certificate Chains</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/rjct_server.html">11.9. JRCP_v1 Server</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/platfscp.html">11.10. Using own Platform SCP03 Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../appendix/apdu_write_to_buffer.html">11.11. Write APDU to buffer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../api/api_list.html">11.12. Plug &amp; Trust MW APIs</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li class="dropdown">
<a role="button"
id="dLabelLocalToc"
data-toggle="dropdown"
data-target="#"
href="#">Page <b class="caret"></b></a>
<ul class="dropdown-menu localtoc"
role="menu"
aria-labelledby="dLabelLocalToc"><ul>
<li><a class="reference internal" href="#">10.1. A71CH and SSS API</a><ul>
<li><a class="reference internal" href="#introduction">10.1.1. Introduction</a></li>
<li><a class="reference internal" href="#a71ch-api-to-sss-api-mapping">10.1.2. A71CH API to SSS API mapping</a></li>
<li><a class="reference internal" href="#mixing-sss-api-and-a71ch-api">10.1.3. Mixing SSS API and A71CH API</a><ul>
<li><a class="reference internal" href="#ecc-example">10.1.3.1. ECC Example</a></li>
<li><a class="reference internal" href="#aes-key-wrapping-example">10.1.3.2. AES key wrapping Example</a></li>
</ul>
</li>
<li><a class="reference internal" href="#sss-object-identifier-to-a71ch-internal-storage-mapping">10.1.4. SSS Object Identifier to A71CH Internal storage mapping</a><ul class="simple">
</ul>
</li>
</ul>
</li>
</ul>
</ul>
</li>
<li>
<a href="../a71ch.html" title="Previous Chapter: 10. A71CH"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm hidden-tablet">&laquo; 10. A71CH</span>
</a>
</li>
<li>
<a href="a71ch_miscellaneous.html" title="Next Chapter: 10.2. Miscellaneous"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm hidden-tablet">10.2. Miscellaneous &raquo;</span>
</a>
</li>
</ul>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-3">
<div id="sidebar" class="bs-sidenav" role="complementary">
<div class="sidebar-header">
<h3>Plug &amp; Trust MW</h3>
</div>
<div class="row">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html">1. NXP Plug &amp; Trust Middleware</a></li>
<li class="toctree-l1"><a class="reference internal" href="../changes/index.html">2. Changes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../stack/index.html">3. Plug &amp; Trust MW Stack</a></li>
<li class="toctree-l1"><a class="reference internal" href="../building/index.html">4. Building / Compiling</a></li>
<li class="toctree-l1"><a class="reference internal" href="../demos/index.html">5. Demo and Examples</a></li>
<li class="toctree-l1"><a class="reference internal" href="../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../semslite/doc/index.html">7. SEMS Lite Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../plugins/index.html">8. Plugins / Add-ins</a></li>
<li class="toctree-l1"><a class="reference internal" href="../cli-tool.html">9. CLI Tool</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../a71ch.html">10. A71CH</a><ul class="current">
<li class="toctree-l2 current"><a class="current reference internal" href="#">10.1. A71CH and SSS API</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#introduction">10.1.1. Introduction</a></li>
<li class="toctree-l3"><a class="reference internal" href="#a71ch-api-to-sss-api-mapping">10.1.2. A71CH API to SSS API mapping</a></li>
<li class="toctree-l3"><a class="reference internal" href="#mixing-sss-api-and-a71ch-api">10.1.3. Mixing SSS API and A71CH API</a></li>
<li class="toctree-l3"><a class="reference internal" href="#sss-object-identifier-to-a71ch-internal-storage-mapping">10.1.4. SSS Object Identifier to A71CH Internal storage mapping</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="a71ch_miscellaneous.html">10.2. Miscellaneous</a></li>
<li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li>
<li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li>
<li class="toctree-l2"><a class="reference internal" href="a71ch_configure_tool.html">10.5. A71CH Legacy Configure Tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../appendix.html">11. Appendix</a></li>
</ul>
</div>
<div class="row">
<form class="form" action="../search.html" method="get">
<div class="form-group">
<label for="Search">Search:</label>
<input type="text" name="q" class="form-control" placeholder="Search" />
</div>
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
</div>
<div class="body col-md-9 content" role="main">
<div class="section" id="a71ch-and-sss-api">
<span id="se05x-a71ch-sss"></span><h1><span class="section-number">10.1. </span>A71CH and SSS API<a class="headerlink" href="#a71ch-and-sss-api" title="Permalink to this headline">ΒΆ</a></h1>
<div class="section" id="introduction">
<h2><span class="section-number">10.1.1. </span>Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">ΒΆ</a></h2>
<p>The Plug&amp;Trust Middleware provides support for the A71CH secure element through the SSS API.
The full scope of the A71CH legacy API or the HLSE API is not covered by the SSS API.
For use cases where this applies it’s possible to use both SSS and A71CH API’s (<a class="reference internal" href="#se05x-a71ch-combined-api"><span class="std std-ref">Mixing SSS API and A71CH API</span></a>).</p>
<p>The A71CH support as included in the Plug&amp;Trust Middleware, is derived from the
<code class="docutils literal notranslate"><span class="pre">A71CH</span> <span class="pre">Host</span> <span class="pre">Software</span> <span class="pre">package</span></code> as available on www.nxp.com/a71ch.
The <code class="docutils literal notranslate"><span class="pre">hostlib</span></code> directory contains refactored code that was previously published on www.nxp.com/a71ch.</p>
<p>This Plug&amp;Trust Middleware provides the following additional functionality related to the A71CH:</p>
<ul class="simple">
<li><p>Compatibility with OpenSSL 1.1</p></li>
<li><p>Support for the SSS API</p></li>
<li><p>Cloud demos using SSS API</p></li>
<li><p>OpenSSL Engine using SSS API</p></li>
</ul>
<p>The following - as previously contained in the <code class="docutils literal notranslate"><span class="pre">A71CH</span> <span class="pre">Host</span> <span class="pre">Software</span> <span class="pre">package</span></code> -
is no longer supported:</p>
<ul class="simple">
<li><p>Cloud demos using A71CH API (replaced by SSS API based cloud demos)</p></li>
</ul>
<p>The SW build system is based upon cmake.</p>
</div>
<div class="section" id="a71ch-api-to-sss-api-mapping">
<h2><span class="section-number">10.1.2. </span>A71CH API to SSS API mapping<a class="headerlink" href="#a71ch-api-to-sss-api-mapping" title="Permalink to this headline">ΒΆ</a></h2>
<p>The following table provides an overview of the A71CH API’s that can be
replaced by SSS API’s. As the usage of the SSS API is conceptually different
from the A71CH API, there is no one-to-one replacement of API calls.
Please consult <a class="reference internal" href="../sss-apis.html#sss-apis"><span class="std std-ref">SSS APIs</span></a> for an introduction on using the SSS API and
the applicable examples in <a class="reference internal" href="../sss/ex/doc/sss-api-examples.html#sssexamples"><span class="std std-numref">Section 5.2.1</span></a> <a class="reference internal" href="../sss/ex/doc/sss-api-examples.html#sssexamples"><span class="std std-ref">SSS API Examples</span></a>.</p>
<p>The SSS Session concept - as applicable to A71CH - is restricted to establishing a connection between
Host and Secure Element. Establishing an SCP03 session is orthogonal to the Session concept.</p>
<p>SSS specific policies are not applicable to A71CH.</p>
<table class="docutils align-default">
<colgroup>
<col style="width: 33%" />
<col style="width: 33%" />
<col style="width: 33%" />
</colgroup>
<tbody>
<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">A71CH</span> <span class="pre">or</span> <span class="pre">HLSE</span> <span class="pre">API</span></code></p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">SSS</span> <span class="pre">equivalent</span> <span class="pre">available</span></code></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p><strong>a71ch_crypto_derive</strong></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_HkdfExpandSymKey</p></td>
<td><p>YES</p></td>
<td><p>sss_derive_key_*</p></td>
</tr>
<tr class="row-even"><td><p>A71_HkdfSymKey</p></td>
<td><p>YES</p></td>
<td><p>sss_derive_key_*</p></td>
</tr>
<tr class="row-odd"><td><p>A71_PskDeriveMasterSecret</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_EcdhPskDeriveMasterSecret</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GetHmacSha256</p></td>
<td><p>YES</p></td>
<td><p>sss_mac_*</p></td>
</tr>
<tr class="row-even"><td><p>A71_HmacSha256Init</p></td>
<td><p>YES</p></td>
<td><p>sss_mac_*</p></td>
</tr>
<tr class="row-odd"><td><p>A71_HmacSha256Update</p></td>
<td><p>YES</p></td>
<td><p>sss_mac_*</p></td>
</tr>
<tr class="row-even"><td><p>A71_HmacSha256Final</p></td>
<td><p>YES</p></td>
<td><p>sss_mac_*</p></td>
</tr>
<tr class="row-odd"><td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p><strong>a71ch_crypto_ecc</strong></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GenerateEccKeyPair</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_generate_key</p></td>
</tr>
<tr class="row-even"><td><p>A71_GenerateEccKeyPairWithChallenge</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GenerateEccKeyPairWithCode</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_EccSign</p></td>
<td><p>YES</p></td>
<td><p>sss_asymmetric_sign_digest</p></td>
</tr>
<tr class="row-odd"><td><p>A71_EccNormalizedAsnSign</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_EccRestrictedSign</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_EccVerify</p></td>
<td><p>YES</p></td>
<td><p>sss_asymmetric_verify_digest</p></td>
</tr>
<tr class="row-even"><td><p>A71_EcdhGetSharedSecret</p></td>
<td><p>YES</p></td>
<td><p>sss_derive_key_*</p></td>
</tr>
<tr class="row-odd"><td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p><strong>a71ch_module</strong></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GetCredentialInfo</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_GetModuleInfo</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GetUniqueID</p></td>
<td><p>YES</p></td>
<td><p>sss_session_prop_get_au8</p></td>
</tr>
<tr class="row-even"><td><p>A71_GetCertUid</p></td>
<td><p>YES</p></td>
<td><p>sss_session_prop_get_au9</p></td>
</tr>
<tr class="row-odd"><td><p>A71_GetUnlockChallenge</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_GetKeyPairChallenge</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GetPublicKeyChallenge</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_GetRandom</p></td>
<td><p>YES</p></td>
<td><p>sss_rng_get_random</p></td>
</tr>
<tr class="row-odd"><td><p>A71_CreateClientHelloRandom</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_GetRestrictedKeyPairInfo</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GetSha256</p></td>
<td><p>YES</p></td>
<td><p>sss_digest_one_go</p></td>
</tr>
<tr class="row-even"><td><p>A71_Sha256Init/Update/Final</p></td>
<td><p>YES</p></td>
<td><p>sss_digest_*</p></td>
</tr>
<tr class="row-odd"><td><p>A71_InjectLock</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_LockModule</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_UnlockModule</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_SetTlsLabel</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_EccVerifyWithKey</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p><strong>a71ch_sst</strong></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_Erase_*_WithChallenge</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_Erase_*_WithCode</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_EraseEccKeyPair</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_erase_key</p></td>
</tr>
<tr class="row-odd"><td><p>A71_EraseEccPublicKey</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_erase_key</p></td>
</tr>
<tr class="row-even"><td><p>A71_EraseSymKey</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_Freeze_*_WithChallenge</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_Freeze_*_WithCode</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_FreezeEccKeyPair</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_freeze_key</p></td>
</tr>
<tr class="row-even"><td><p>A71_FreezeEccPublicKey</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_freeze_key</p></td>
</tr>
<tr class="row-odd"><td><p>A71_FreezeGpData</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_FreezeSymKey</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GetCounter</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_GetEccKeyPairUsage</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GetEccPublicKey</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_get_key</p></td>
</tr>
<tr class="row-even"><td><p>A71_GetGpData</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_GetPublicKeyEccKeyPair</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_get_key</p></td>
</tr>
<tr class="row-even"><td><p>A71_IncrementCounter</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_SetConfigKey</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_SetCounter</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_SetEccKeyPair</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_set_key</p></td>
</tr>
<tr class="row-even"><td><p>A71_SetEccPublicKey</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_set_key</p></td>
</tr>
<tr class="row-odd"><td><p>A71_SetGpData</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_SetGpDataWithLockCheck</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_SetRfc3394WrappedAesKey</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>A71_SetRfc3394WrappedConfigKey</p></td>
<td><p>NO</p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>A71_SetSymKey</p></td>
<td><p>YES</p></td>
<td><p>sss_key_store_set_key</p></td>
</tr>
<tr class="row-even"><td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p><strong>HLSE</strong></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>HLSE_GetObjectAttribute</p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>HLSE_SetObjectAttribute</p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>HLSE_EraseObject</p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>HLSE_CreateObject</p></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="mixing-sss-api-and-a71ch-api">
<span id="se05x-a71ch-combined-api"></span><h2><span class="section-number">10.1.3. </span>Mixing SSS API and A71CH API<a class="headerlink" href="#mixing-sss-api-and-a71ch-api" title="Permalink to this headline">ΒΆ</a></h2>
<p>The Plug&amp;Trust Middleware contains two examples illustrating how to use both the SSS API and
the A71CH API from the same application.</p>
<div class="section" id="ecc-example">
<h3><span class="section-number">10.1.3.1. </span>ECC Example<a class="headerlink" href="#ecc-example" title="Permalink to this headline">ΒΆ</a></h3>
<p>The example uses the SSS API to sign and verify the digest. The example is available at <code class="docutils literal notranslate"><span class="pre">.../simw-top/demos/a71ch/ex_a71ch_sss_ecc.c</span></code>.</p>
<div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="n">status</span> <span class="o">=</span> <span class="n">sss_asymmetric_context_init</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ctx_asymm</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">pCtx</span><span class="o">-&gt;</span><span class="n">session</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">keyPair</span><span class="p">,</span> <span class="n">kAlgorithm_SSS_SHA256</span><span class="p">,</span> <span class="n">kMode_SSS_Sign</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
<span class="n">signatureLen</span> <span class="o">=</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">signature</span><span class="p">);</span>
<span class="cm">/* Do Signing */</span>
<span class="n">LOG_I</span><span class="p">(</span><span class="s">&quot;Do Signing&quot;</span><span class="p">);</span>
<span class="n">LOG_MAU8_I</span><span class="p">(</span><span class="s">&quot;digest&quot;</span><span class="p">,</span> <span class="n">digest</span><span class="p">,</span> <span class="n">digestLen</span><span class="p">);</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_asymmetric_sign_digest</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ctx_asymm</span><span class="p">,</span> <span class="n">digest</span><span class="p">,</span> <span class="n">digestLen</span><span class="p">,</span> <span class="n">signature</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">signatureLen</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
<span class="n">LOG_MAU8_I</span><span class="p">(</span><span class="s">&quot;signature&quot;</span><span class="p">,</span> <span class="n">signature</span><span class="p">,</span> <span class="n">signatureLen</span><span class="p">);</span>
<span class="n">LOG_I</span><span class="p">(</span><span class="s">&quot;Signing Successful !!!&quot;</span><span class="p">);</span>
<span class="n">sss_asymmetric_context_free</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ctx_asymm</span><span class="p">);</span>
</pre></div>
</div>
<p>Next the example uses an A71CH API (A71_GetPublicKeyEccKeyPair) to retrieve the public key from the A71CH.
The A71CH specific key index is retrieved from the SSS object matching the key pair.</p>
<div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="cm">/* Access the A71CH with the (legacy) Host API */</span>
<span class="n">SST_Index_t</span> <span class="n">keyIdx</span> <span class="o">=</span> <span class="p">(((</span><span class="n">sss_sscp_object_t</span> <span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="n">keyPair</span><span class="p">)</span><span class="o">-&gt;</span><span class="n">slotId</span><span class="p">)</span> <span class="o">&amp;</span> <span class="mh">0x0F</span><span class="p">;</span>
<span class="n">U8</span> <span class="n">pubEccKeyScratch</span><span class="p">[</span><span class="mi">128</span><span class="p">];</span>
<span class="n">U16</span> <span class="n">pubEccKeyScratchLen</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="n">LOG_I</span><span class="p">(</span><span class="s">&quot;A71_GetPublicKeyEccKeyPair(0x%02x)&quot;</span><span class="p">,</span> <span class="n">keyIdx</span><span class="p">);</span>
<span class="n">pubEccKeyScratchLen</span> <span class="o">=</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">pubEccKeyScratch</span><span class="p">);</span>
<span class="n">sw</span> <span class="o">=</span> <span class="n">A71_GetPublicKeyEccKeyPair</span><span class="p">(</span><span class="n">keyIdx</span><span class="p">,</span> <span class="n">pubEccKeyScratch</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">pubEccKeyScratchLen</span><span class="p">);</span>
<span class="n">status</span> <span class="o">=</span> <span class="p">((</span><span class="n">sw</span> <span class="o">==</span> <span class="n">SW_OK</span><span class="p">)</span> <span class="o">?</span> <span class="nl">kStatus_SSS_Success</span> <span class="p">:</span> <span class="n">kStatus_SSS_Fail</span><span class="p">);</span>
</pre></div>
</div>
</div>
<div class="section" id="aes-key-wrapping-example">
<h3><span class="section-number">10.1.3.2. </span>AES key wrapping Example<a class="headerlink" href="#aes-key-wrapping-example" title="Permalink to this headline">ΒΆ</a></h3>
<p>The example uses the SSS API to set the AES key and the A71CH API to set the same AES key which is wrapped.
Further to verify if the wrapped key is injected properly, a hkdf key is derived using both AES keys.
The example is available at <code class="docutils literal notranslate"><span class="pre">.../simw-top/demos/a71ch/ex_a71ch_sss_aes_wrap_key</span></code>.</p>
<p>Injecting wrapped AES key starts with setting AES key which is used as KEK,</p>
<div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_init</span><span class="p">(</span><span class="o">&amp;</span><span class="n">aesObj1</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">pCtx</span><span class="o">-&gt;</span><span class="n">ks</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_allocate_handle</span><span class="p">(</span><span class="o">&amp;</span><span class="n">aesObj1</span><span class="p">,</span>
<span class="n">MAKE_TEST_ID</span><span class="p">(</span><span class="n">__LINE__</span><span class="p">),</span>
<span class="n">kSSS_KeyPart_Default</span><span class="p">,</span>
<span class="n">kSSS_CipherType_AES</span><span class="p">,</span>
<span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey</span><span class="p">),</span>
<span class="n">kKeyObject_Mode_Persistent</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_store_set_key</span><span class="p">(</span><span class="o">&amp;</span><span class="n">pCtx</span><span class="o">-&gt;</span><span class="n">ks</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">aesObj1</span><span class="p">,</span> <span class="n">aesKey</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey</span><span class="p">),</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey</span><span class="p">)</span> <span class="o">*</span> <span class="mi">8</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
</pre></div>
</div>
<p>Now inject the wrapped AES key using the A71CH API - A71_SetRfc3394WrappedAesKey.
Wrapped key length should be 24 bytes.
Large keys can be set by calling the A71_SetRfc3394WrappedAesKey API multiple times and
by incrementing the key index every time.</p>
<div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="n">keyIdx</span> <span class="o">=</span> <span class="p">(((</span><span class="n">sss_sscp_object_t</span> <span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="n">aesObj1</span><span class="p">)</span><span class="o">-&gt;</span><span class="n">slotId</span><span class="p">)</span> <span class="o">&amp;</span> <span class="mh">0x0F</span><span class="p">;</span>
<span class="cm">/* Set wrapped aes key - aesKey1 */</span>
<span class="n">sw</span> <span class="o">=</span> <span class="n">A71_SetRfc3394WrappedAesKey</span><span class="p">(</span><span class="n">keyIdx</span><span class="p">,</span> <span class="n">wapped_AesKey1_0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">wapped_AesKey1_0</span><span class="p">));</span>
<span class="n">status</span> <span class="o">=</span> <span class="p">((</span><span class="n">sw</span> <span class="o">==</span> <span class="n">SW_OK</span><span class="p">)</span> <span class="o">?</span> <span class="nl">kStatus_SSS_Success</span> <span class="p">:</span> <span class="n">kStatus_SSS_Fail</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
<span class="n">sw</span> <span class="o">=</span> <span class="n">A71_SetRfc3394WrappedAesKey</span><span class="p">(</span><span class="n">keyIdx</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="n">wapped_AesKey1_1</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">wapped_AesKey1_1</span><span class="p">));</span>
<span class="n">status</span> <span class="o">=</span> <span class="p">((</span><span class="n">sw</span> <span class="o">==</span> <span class="n">SW_OK</span><span class="p">)</span> <span class="o">?</span> <span class="nl">kStatus_SSS_Success</span> <span class="p">:</span> <span class="n">kStatus_SSS_Fail</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
</pre></div>
</div>
<p>Now verify if wrapped key injected is set correctly.</p>
<div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="cm">/* 1 - Calculate HKDF key with wrapped AES key injected - aesKey1 */</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">calculate_hkdf_key</span><span class="p">(</span><span class="n">pCtx</span><span class="p">,</span> <span class="n">aesObj1</span><span class="p">,</span> <span class="n">MAKE_TEST_ID</span><span class="p">(</span><span class="n">__LINE__</span><span class="p">),</span> <span class="n">HkdfKey1</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">HkdfKey1Len</span><span class="p">);</span>
<span class="cm">/* 2 - Inject aesKey1 AES key and calculate HKDF key */</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_init</span><span class="p">(</span><span class="o">&amp;</span><span class="n">aesObj2</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">pCtx</span><span class="o">-&gt;</span><span class="n">ks</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_allocate_handle</span><span class="p">(</span><span class="o">&amp;</span><span class="n">aesObj2</span><span class="p">,</span>
<span class="n">MAKE_TEST_ID</span><span class="p">(</span><span class="n">__LINE__</span><span class="p">),</span>
<span class="n">kSSS_KeyPart_Default</span><span class="p">,</span>
<span class="n">kSSS_CipherType_AES</span><span class="p">,</span>
<span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey1</span><span class="p">),</span>
<span class="n">kKeyObject_Mode_Persistent</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_store_set_key</span><span class="p">(</span><span class="o">&amp;</span><span class="n">pCtx</span><span class="o">-&gt;</span><span class="n">ks</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">aesObj2</span><span class="p">,</span> <span class="n">aesKey1</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey1</span><span class="p">),</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey1</span><span class="p">)</span> <span class="o">*</span> <span class="mi">8</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
<span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">calculate_hkdf_key</span><span class="p">(</span><span class="n">pCtx</span><span class="p">,</span> <span class="n">aesObj2</span><span class="p">,</span> <span class="n">MAKE_TEST_ID</span><span class="p">(</span><span class="n">__LINE__</span><span class="p">),</span> <span class="n">HkdfKey2</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">HkdfKey2Len</span><span class="p">);</span>
<span class="cm">/* 3 - compare both hkdf keys generated */</span>
<span class="k">if</span> <span class="p">(</span><span class="mi">0</span> <span class="o">!=</span> <span class="n">memcmp</span><span class="p">(</span><span class="n">HkdfKey1</span><span class="p">,</span> <span class="n">HkdfKey2</span><span class="p">,</span> <span class="n">HkdfKey1Len</span><span class="p">))</span> <span class="p">{</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">kStatus_SSS_Fail</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="sss-object-identifier-to-a71ch-internal-storage-mapping">
<h2><span class="section-number">10.1.4. </span>SSS Object Identifier to A71CH Internal storage mapping<a class="headerlink" href="#sss-object-identifier-to-a71ch-internal-storage-mapping" title="Permalink to this headline">ΒΆ</a></h2>
<p>The SSS API uses a 32 bit unsigned value as key (object) identifier.
The A71CH GP Storage contains the mapping between these key identifiers and A71CH
internal storage as a dedicated data object of 160 byte.</p>
<p>The resulting A71CH KeyStore can contain upto:</p>
<ul class="simple">
<li><p>4 ECC Key Pairs</p></li>
<li><p>3 ECC Public Keys</p></li>
<li><p>8 Symmetric Keys</p></li>
<li><p>4 Certificates</p></li>
</ul>
<p>Any additional data object storage is only available through HLSE API calls (<a class="reference internal" href="a71ch_legacy_hlse_api.html#se05x-legacy-hlse-api"><span class="std std-ref">A71CH Legacy HLSE (Generic) API</span></a>).</p>
</div>
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container">
<p class="pull-right">
<a href="#">Back to top</a>
</p>
<p>
&copy; Copyright 2018-2020, NXP.<br/>
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 2.4.1.<br/>
</p>
</div>
</footer>
</body>
</html>