hostlib/hostLib/a71ch/ex/ex_ecc_nohc.c - a71ch-crypto-support - Git at Google

 /**
  * @file ex_ecc_nohc.c
  * @author NXP Semiconductors
  * @version 1.0
  * @par License
  *
  * Copyright 2016 NXP
  * SPDX-License-Identifier: Apache-2.0
  *
  * @par Description
  * Demonstrate basic ECC crypto functionality without relying on ECC Host Crypto functionality
  */

 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>

 #include "a71ch_ex.h"
 #include "ax_util.h"
 #include "a71_debug.h"
 #include "sm_types.h"
 #include "sm_apdu.h"
 #include "tst_sm_util.h"
 #include "tst_a71ch_util.h"
 #include "nxLog_hostLib.h"

 static U8 exEccNoHostCrypto(U8 initMode);

 /**
  * Demonstrate ECC crypto functionality of A71CH without relying on Host Crypto:
  * - ::exEccNoHostCrypto
  *
  */
 U8 exEccNohc()
 {
     U8 result = 1;
     LOG_I( "-----------Start exEccNohc()------------");

     DEV_ClearChannelState();

     // Use ECC in plain communication mode
     result &= exEccNoHostCrypto(INIT_MODE_RESET);

     // Use ECC with channel encryption on
     result &= exEccNoHostCrypto(INIT_MODE_RESET_DO_SCP03);

     // overall result
     LOG_I( "-----------End exEccNohc(), result = %s------------", ((result == 1)? "OK": "FAILED"));

     return result;
 }

 /**
  * Demonstrate ECC crypto functionality of A71CH without relying on Host Crypto
  *
  * @param[in] initMode Visit the documentation of ::a71chInitModule for more information on this parameter
  */
 static U8 exEccNoHostCrypto(U8 initMode) {
     U8 result = 1;
     U8 pubEccKey0[128];
     U16 pubEccKey0Len = 0;
     U8 pubEccKey1[128];
     U16 pubEccKey1Len = 0;
     U8 pubEccKeyScratch[128];
     U16 pubEccKeyScratchLen = 0;

     const U8 eccPubKeyTlsNist256_0[] = {
         0x04,
         0x82, 0xCB, 0xC1, 0xE5, 0x9A, 0xE2, 0x6E, 0xE8, 0xB2, 0x0C, 0x82, 0x2F, 0xE1,
         0xD4, 0x6E, 0x65, 0xA4, 0xD8, 0xA8, 0xFB, 0x5A, 0xF3, 0x79, 0x98, 0x54, 0x00, 0x5B, 0x01, 0x6D,
         0xC1, 0xA9, 0x9F, 0x40, 0xC4, 0x45, 0x8F, 0x96, 0x8F, 0xBE, 0xA0, 0x75, 0xEF, 0x49, 0x4F, 0xE8,
         0x2A, 0x18, 0xE2, 0xAD, 0xE1, 0x05, 0xD9, 0xE0, 0x95, 0x32, 0xFD, 0xFB, 0xF2, 0x74, 0x12, 0x63,
         0x60, 0xB8, 0x89,
     };

     const U8 eccPrivKeyTlsNist256_0[] = {
         0x23, 0x37, 0x76, 0x3B, 0xBC, 0xC1, 0xA0, 0x29, 0x6C, 0xF6, 0x01, 0x63, 0x56, 0xC1, 0x94, 0x9E,
         0x8D, 0x74, 0x43, 0x1A, 0xDE, 0x35, 0x7A, 0xBE, 0x27, 0x23, 0x97, 0x3E, 0xEE, 0x25, 0x63, 0x98,
     };

     const U8 eccPubKeyTlsNist256_1[] = {
         0x04, 0x9B, 0x97, 0x98, 0x9E, 0x9B, 0x19, 0x15, 0x66, 0xE0, 0xDD, 0x7D, 0x11, 0x01, 0x41, 0xFB,
         0xF3, 0x11, 0x44, 0x5E, 0x40, 0xF5, 0xC6, 0x1E, 0x5C, 0x4B, 0x0F, 0x94, 0x31, 0x14, 0x8D, 0x9F,
         0x01, 0xBA, 0x77, 0x3D, 0xEB, 0xCE, 0xA4, 0x3C, 0xD0, 0x15, 0x10, 0x2D, 0x26, 0x3B, 0xD2, 0x64,
         0x57, 0xAE, 0xD7, 0x82, 0xCA, 0xBC, 0xFE, 0xBD, 0xFB, 0x5C, 0x3C, 0x8F, 0xDA, 0xEC, 0xFD, 0x1C,
         0x1D
     };

     const U8 eccPrivKeyTlsNist256_1[] = {
         0x0D, 0xBE, 0x36, 0xF7, 0x3A, 0x56, 0xC0, 0xF6, 0xB7, 0xB9, 0xCA, 0x70, 0x76, 0x7D, 0xB4, 0x86,
         0xC5, 0xA8, 0xE1, 0x1E, 0xAB, 0x6E, 0x6E, 0x15, 0xDE, 0xE0, 0xE4, 0x9C, 0x61, 0x0D, 0x03, 0xE4
     };

     const U8 eccPubKeyCANist256_0[] = {
         0x04, 0xC7, 0x84, 0x4F, 0x17, 0x11, 0x94, 0x70, 0x33, 0x1C, 0xDD, 0x99, 0x84, 0x3B, 0xA3, 0x27,
         0x60, 0xEA, 0x30, 0x01, 0x75, 0xB6, 0xCC, 0x31, 0x1B, 0xE0, 0x39, 0x2B, 0x99, 0x24, 0xD3, 0x83,
         0x56, 0x22, 0x47, 0x62, 0x33, 0x8C, 0xE5, 0x83, 0x61, 0x14, 0x2C, 0x73, 0x01, 0x97, 0x7A, 0xAD,
         0x1D, 0x38, 0x9A, 0x7E, 0x52, 0x83, 0xBE, 0x8A, 0x0D, 0x88, 0xCC, 0x2D, 0xAB, 0x67, 0x1E, 0xE6,
         0x11
     };

 //  U8 eccPrivKeyCANist256_0[] = {
 //      0x93, 0x25, 0x07, 0xCE, 0x72, 0x50, 0xD6, 0x2B, 0x70, 0x43, 0xE3, 0x59, 0xDD, 0x31, 0xDB, 0x62,
 //      0x11, 0x1D, 0x78, 0x1D, 0x9D, 0x6A, 0xB5, 0x68, 0x32, 0xA9, 0x32, 0x41, 0xEB, 0xAD, 0xED, 0x03
 //  };

     const U8 eccPubKeyCANist256_1[] = {
         0x04, 0x03, 0x61, 0x37, 0x33, 0xEC, 0xF7, 0x42, 0x37, 0x96, 0x6F, 0x0E, 0x13, 0x83, 0x91, 0xF7,
         0x60, 0xDD, 0x61, 0x54, 0x3D, 0x68, 0xA9, 0x0F, 0xDE, 0x23, 0x4B, 0xD8, 0xC4, 0x51, 0xE8, 0x06,
         0xD7, 0xF4, 0xDE, 0x4D, 0x2C, 0x4F, 0x9D, 0x08, 0x67, 0x4C, 0xF3, 0x54, 0xAD, 0xB3, 0xCC, 0x4D,
         0xE9, 0x2E, 0xEF, 0xC4, 0xCA, 0xA8, 0x6D, 0x99, 0x71, 0xF7, 0x15, 0xC4, 0x0C, 0x60, 0x3A, 0xB9,
         0xE2
     };

 //  U8 eccPrivKeyCANist256_1[] = {
 //      0x88, 0xC9, 0xC5, 0x80, 0xBB, 0x5E, 0xD8, 0x61, 0x6C, 0x8E, 0xE9, 0x63, 0x64, 0x42, 0x06, 0xA2,
 //      0x47, 0x9E, 0x0D, 0x16, 0xB1, 0xAE, 0xF3, 0x14, 0x98, 0x18, 0x00, 0x17, 0x2E, 0x59, 0xE1, 0xED
 //  };

     const U8 eccPubKeySpareNist256_1[] = {
         0x04, 0x28, 0x93, 0x33, 0xBF, 0x94, 0xF3, 0x48, 0x83, 0xCE, 0x8E, 0x91, 0x25, 0x96, 0x04, 0xC7,
         0x66, 0xA6, 0x8F, 0xBB, 0xB5, 0x5C, 0x49, 0x13, 0x2B, 0x3D, 0x12, 0x8E, 0xD6, 0x34, 0x8F, 0x62,
         0x2B, 0x7C, 0x91, 0x39, 0x7E, 0xC6, 0x65, 0x3B, 0xCD, 0xF1, 0xEC, 0x9B, 0xBA, 0xCB, 0x33, 0xAB,
         0x6D, 0x70, 0x72, 0x93, 0x06, 0x7C, 0xCF, 0x0D, 0xFE, 0xE6, 0x95, 0x6D, 0x51, 0xD2, 0x26, 0x10,
         0x02
     };

 //  U8 eccPrivKeySpareNist256_1[] = {
 //      0x71, 0xEA, 0x34, 0x9B, 0x3C, 0x17, 0x3F, 0x40, 0x4F, 0xFE, 0xC1, 0xE4, 0xB5, 0xF3, 0xFD, 0xCD,
 //      0x58, 0x55, 0x27, 0xF8, 0x8B, 0xA1, 0x4E, 0xCD, 0x5D, 0x3C, 0x0D, 0xF0, 0x45, 0xE0, 0xD5, 0x27
 //  };

     const U8 hash[] = {
         0xAA, 0xBB, 0x34, 0x9B, 0x3C, 0x17, 0x3F, 0x40, 0x4F, 0xFE, 0xC1, 0xE4, 0xB5, 0xF3, 0xFD, 0x00,
         0xBB, 0xAA, 0x27, 0xF8, 0x8B, 0xA1, 0x4E, 0xCD, 0x5D, 0x3C, 0x0D, 0xF0, 0x45, 0xE0, 0xD5, 0x11
     };
     const U16 hashLen = sizeof(hash);

     U8 signature[128];
     U16 signatureLen = sizeof(signature);

     U16 err;
     U16 expectedPubKeyLen = 0;
     // U16 expectedPrivKeyLen = 0;

     U8 isOk = 0;
     U8 sharedSecret[256];
     U16 sharedSecretLen = 0;

     U8 sharedSecret_0_1[32];
     U16 sharedSecret_0_1_Len = sizeof(sharedSecret_0_1);

     U8 sharedSecret_1_0[32];
     U16 sharedSecret_1_0_Len = sizeof(sharedSecret_1_0);

     SST_Index_t keyIdx = 0x00;

     LOG_I( "-----------Start exEccNoHostCrypto(%s)------------", getInitModeAsString(initMode));

     // Initialize the A71CH (Debug mode restrictions may apply)
     result &= a71chInitModule(initMode);
     assert(result);

     keyIdx = A71CH_KEY_PAIR_0;
     LOG_I( "A71_GenerateEccKeyPair(0x%02x)", keyIdx);
     err = A71_GenerateEccKeyPair(keyIdx);
     result &= AX_CHECK_SW(err, SW_OK, "err");

     keyIdx = A71CH_KEY_PAIR_1;
     LOG_I( "A71_GenerateEccKeyPair(0x%02x)", keyIdx);
     err = A71_GenerateEccKeyPair(keyIdx);
     result &= AX_CHECK_SW(err, SW_OK, "err");

     pubEccKey0Len = sizeof(pubEccKey0);
     expectedPubKeyLen = 65;
     keyIdx = A71CH_KEY_PAIR_0;
     LOG_I( "A71_GetPublicKeyEccKeyPair(0x%02x)", keyIdx);
     err = A71_GetPublicKeyEccKeyPair(keyIdx, pubEccKey0, &pubEccKey0Len);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     result &= AX_CHECK_U16(pubEccKey0Len, expectedPubKeyLen, "pubEccKey0Len");
     axPrintByteArray("pubEccKey0", pubEccKey0, pubEccKey0Len, AX_COLON_32);

     pubEccKey1Len = sizeof(pubEccKey1);
     expectedPubKeyLen = 65;
     keyIdx = A71CH_KEY_PAIR_1;
     LOG_I( "A71_GetPublicKeyEccKeyPair(0x%02x)", keyIdx);
     err = A71_GetPublicKeyEccKeyPair(keyIdx, pubEccKey1, &pubEccKey1Len);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     result &= AX_CHECK_U16(pubEccKey1Len, expectedPubKeyLen, "pubEccKey1Len");
     axPrintByteArray("pubEccKey1", pubEccKey1, pubEccKey1Len, AX_COLON_32);

     // Overwrite the ECC keyPair at index 0 & 1
     keyIdx = A71CH_KEY_PAIR_0;
     LOG_I("A71_SetEccKeyPair(0x%02x)", keyIdx);
     err = A71_SetEccKeyPair(keyIdx, eccPubKeyTlsNist256_0, (U16)sizeof(eccPubKeyTlsNist256_0),
         eccPrivKeyTlsNist256_0, (U16)sizeof(eccPrivKeyTlsNist256_0));
     result &= AX_CHECK_SW(err, SW_OK, "err");

     keyIdx = A71CH_KEY_PAIR_1;
     LOG_I("A71_SetEccKeyPair(0x%02x)", keyIdx);
     err = A71_SetEccKeyPair(keyIdx, eccPubKeyTlsNist256_1, (U16)sizeof(eccPubKeyTlsNist256_1),
         eccPrivKeyTlsNist256_1, (U16)sizeof(eccPrivKeyTlsNist256_1));
     result &= AX_CHECK_SW(err, SW_OK, "err");

     // Check whether public key (of keypair) was written succesfully.
     pubEccKeyScratchLen = sizeof(pubEccKeyScratch);
     expectedPubKeyLen = 65;
     keyIdx = A71CH_KEY_PAIR_0;
     LOG_I( "SST_GetPublicKeyECCKeyPair(0x%02x)", keyIdx);
     err = A71_GetPublicKeyEccKeyPair(keyIdx, pubEccKeyScratch, &pubEccKeyScratchLen);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     result &= AX_CHECK_U16(pubEccKeyScratchLen, expectedPubKeyLen, "pubEccKeyScratchLen");
     result &= AX_COMPARE_BYTE_ARRAY("pubEccKeyScratch", pubEccKeyScratch, pubEccKeyScratchLen,
         "eccPubKeyTlsNist256_0", eccPubKeyTlsNist256_0, (U16)sizeof(eccPubKeyTlsNist256_0), AX_COLON_32);

     pubEccKeyScratchLen = sizeof(pubEccKeyScratch);
     expectedPubKeyLen = 65;
     keyIdx = A71CH_KEY_PAIR_1;
     LOG_I( "SST_GetPublicKeyECCKeyPair(0x%02x)", keyIdx);
     err = A71_GetPublicKeyEccKeyPair(keyIdx, pubEccKeyScratch, &pubEccKeyScratchLen);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     result &= AX_CHECK_U16(pubEccKeyScratchLen, expectedPubKeyLen, "pubEccKeyScratchLen");
     result &= AX_COMPARE_BYTE_ARRAY("pubEccKeyScratch", pubEccKeyScratch, pubEccKeyScratchLen,
         "eccPubKeyTlsNist256_1", eccPubKeyTlsNist256_1, (U16)sizeof(eccPubKeyTlsNist256_1), AX_COLON_32);

     // Overwrite the ECC Public Key at index 0 & 1
     keyIdx = A71CH_PUBLIC_KEY_0;
     LOG_I("A71_SetEccPublicKey(0x%02x)", keyIdx);
     err = A71_SetEccPublicKey(keyIdx, eccPubKeyCANist256_0, (U16)sizeof(eccPubKeyCANist256_0));
     result &= AX_CHECK_SW(err, SW_OK, "err");

     keyIdx = A71CH_PUBLIC_KEY_1;
     LOG_I("A71_SetEccPublicKey(0x%02x)", keyIdx);
     err = A71_SetEccPublicKey(keyIdx, eccPubKeyCANist256_1, (U16)sizeof(eccPubKeyCANist256_1));
     result &= AX_CHECK_SW(err, SW_OK, "err");

     // Check whether public key at index 1 was written succesfully.
     pubEccKeyScratchLen = sizeof(pubEccKeyScratch);
     expectedPubKeyLen = 65;
     keyIdx = A71CH_PUBLIC_KEY_1;
     LOG_I( "A71_GetEccPublicKey(0x%02x)", keyIdx);
     err = A71_GetEccPublicKey(keyIdx, pubEccKeyScratch, &pubEccKeyScratchLen);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     result &= AX_CHECK_U16(pubEccKeyScratchLen, expectedPubKeyLen, "pubEccKeyScratchLen");
     result &= AX_COMPARE_BYTE_ARRAY("pubEccKeyScratch", pubEccKeyScratch, pubEccKeyScratchLen,
         "eccPubKeyCANist256_1", eccPubKeyCANist256_1, sizeof(eccPubKeyCANist256_1), AX_COLON_32);

     // Check whether public key at index 0 was written succesfully.
     pubEccKeyScratchLen = sizeof(pubEccKeyScratch);
     expectedPubKeyLen = 65;
     keyIdx = A71CH_PUBLIC_KEY_0;
     LOG_I("A71_GetEccPublicKey(0x%02x)", keyIdx);
     err = A71_GetEccPublicKey(keyIdx, pubEccKeyScratch, &pubEccKeyScratchLen);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     result &= AX_CHECK_U16(pubEccKeyScratchLen, expectedPubKeyLen, "pubEccKeyScratchLen");
     result &= AX_COMPARE_BYTE_ARRAY("pubEccKeyScratch", pubEccKeyScratch, pubEccKeyScratchLen,
         "eccPubKeyCANist256_0", eccPubKeyCANist256_0, sizeof(eccPubKeyCANist256_0), AX_COLON_32);

     // Generate a shared secret with keypair on index 0 and a spare public key
     keyIdx = A71CH_KEY_PAIR_0;
     LOG_I("A71_EcdhGetSharedSecret(0x%02x, SpareKey)", keyIdx);
     sharedSecretLen = sizeof(sharedSecret);
     err = A71_EcdhGetSharedSecret(keyIdx, eccPubKeySpareNist256_1, (U16)sizeof(eccPubKeySpareNist256_1), sharedSecret, &sharedSecretLen);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     axPrintByteArray("sharedSecret", sharedSecret, sharedSecretLen, AX_COLON_32);

     // Generate a shared secret using the two provisioned key pairs in the two possible modes
     // Check: SharedSecret(Priv_0, Pub_1) == SharedSecret(Priv_1, Pub_0)
     keyIdx = A71CH_KEY_PAIR_0;
     LOG_I("A71_EcdhGetSharedSecret(0x%02x, Pub_1)", keyIdx);
     sharedSecret_0_1_Len = sizeof(sharedSecret_0_1);
     err = A71_EcdhGetSharedSecret(keyIdx, eccPubKeyTlsNist256_1, (U16)sizeof(eccPubKeyTlsNist256_1), sharedSecret_0_1, &sharedSecret_0_1_Len);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     axPrintByteArray("sharedSecret_0_1", sharedSecret_0_1, sharedSecret_0_1_Len, AX_COLON_32);

     keyIdx = A71CH_KEY_PAIR_1;
     LOG_I("A71_EcdhGetSharedSecret(0x%02x, Pub_0)", keyIdx);
     sharedSecret_1_0_Len = sizeof(sharedSecret_1_0);
     err = A71_EcdhGetSharedSecret(keyIdx, eccPubKeyTlsNist256_0, (U16)sizeof(eccPubKeyTlsNist256_0), sharedSecret_1_0, &sharedSecret_1_0_Len);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     axPrintByteArray("sharedSecret_1_0", sharedSecret_1_0, sharedSecret_1_0_Len, AX_COLON_32);

     result &= AX_COMPARE_BYTE_ARRAY("sharedSecret_0_1", sharedSecret_0_1, sharedSecret_0_1_Len,
         "sharedSecret_1_0", sharedSecret_1_0, sharedSecret_1_0_Len, AX_COLON_32);

     // Sign a Hash (retrieving the native A71CH signature format)
     keyIdx = A71CH_KEY_PAIR_0;
     signatureLen = sizeof(signature);
     LOG_I("A71_EccSign(0x%02x)", keyIdx);
     err = A71_EccSign(keyIdx, hash, hashLen, signature, &signatureLen);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     axPrintByteArray("signature", signature, signatureLen, AX_COLON_32);

     // Now verify the signature on the A71CH
     LOG_I("A71_EccVerifyWithKey(Pub_0)");
     err = A71_EccVerifyWithKey(eccPubKeyTlsNist256_0, (U16)sizeof(eccPubKeyTlsNist256_0), hash, hashLen,
         signature, signatureLen, &isOk);
     result &= AX_CHECK_SW(err, SW_OK, "err");
     result &= AX_CHECK_U8(isOk, 0x01, "Signature did not verify correctly");

     LOG_I( "-----------End exEccNoHostCrypto(%s), result = %s------------", getInitModeAsString(initMode), ((result == 1)? "OK": "FAILED"));
     return result;
 }
	/**
	* @file ex_ecc_nohc.c
	* @author NXP Semiconductors
	* @version 1.0
	* @par License
	*
	* Copyright 2016 NXP
	* SPDX-License-Identifier: Apache-2.0
	*
	* @par Description
	* Demonstrate basic ECC crypto functionality without relying on ECC Host Crypto functionality
	*/

	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <assert.h>

	#include "a71ch_ex.h"
	#include "ax_util.h"
	#include "a71_debug.h"
	#include "sm_types.h"
	#include "sm_apdu.h"
	#include "tst_sm_util.h"
	#include "tst_a71ch_util.h"
	#include "nxLog_hostLib.h"

	static U8 exEccNoHostCrypto(U8 initMode);

	/**
	* Demonstrate ECC crypto functionality of A71CH without relying on Host Crypto:
	* - ::exEccNoHostCrypto
	*
	*/
	U8 exEccNohc()
	{
	U8 result = 1;
	LOG_I( "-----------Start exEccNohc()------------");

	DEV_ClearChannelState();

	// Use ECC in plain communication mode
	result &= exEccNoHostCrypto(INIT_MODE_RESET);

	// Use ECC with channel encryption on
	result &= exEccNoHostCrypto(INIT_MODE_RESET_DO_SCP03);

	// overall result
	LOG_I( "-----------End exEccNohc(), result = %s------------", ((result == 1)? "OK": "FAILED"));

	return result;
	}

	/**
	* Demonstrate ECC crypto functionality of A71CH without relying on Host Crypto
	*
	* @param[in] initMode Visit the documentation of ::a71chInitModule for more information on this parameter
	*/
	static U8 exEccNoHostCrypto(U8 initMode) {
	U8 result = 1;
	U8 pubEccKey0[128];
	U16 pubEccKey0Len = 0;
	U8 pubEccKey1[128];
	U16 pubEccKey1Len = 0;
	U8 pubEccKeyScratch[128];
	U16 pubEccKeyScratchLen = 0;

	const U8 eccPubKeyTlsNist256_0[] = {
	0x04,
	0x82, 0xCB, 0xC1, 0xE5, 0x9A, 0xE2, 0x6E, 0xE8, 0xB2, 0x0C, 0x82, 0x2F, 0xE1,
	0xD4, 0x6E, 0x65, 0xA4, 0xD8, 0xA8, 0xFB, 0x5A, 0xF3, 0x79, 0x98, 0x54, 0x00, 0x5B, 0x01, 0x6D,
	0xC1, 0xA9, 0x9F, 0x40, 0xC4, 0x45, 0x8F, 0x96, 0x8F, 0xBE, 0xA0, 0x75, 0xEF, 0x49, 0x4F, 0xE8,
	0x2A, 0x18, 0xE2, 0xAD, 0xE1, 0x05, 0xD9, 0xE0, 0x95, 0x32, 0xFD, 0xFB, 0xF2, 0x74, 0x12, 0x63,
	0x60, 0xB8, 0x89,
	};

	const U8 eccPrivKeyTlsNist256_0[] = {
	0x23, 0x37, 0x76, 0x3B, 0xBC, 0xC1, 0xA0, 0x29, 0x6C, 0xF6, 0x01, 0x63, 0x56, 0xC1, 0x94, 0x9E,
	0x8D, 0x74, 0x43, 0x1A, 0xDE, 0x35, 0x7A, 0xBE, 0x27, 0x23, 0x97, 0x3E, 0xEE, 0x25, 0x63, 0x98,
	};

	const U8 eccPubKeyTlsNist256_1[] = {
	0x04, 0x9B, 0x97, 0x98, 0x9E, 0x9B, 0x19, 0x15, 0x66, 0xE0, 0xDD, 0x7D, 0x11, 0x01, 0x41, 0xFB,
	0xF3, 0x11, 0x44, 0x5E, 0x40, 0xF5, 0xC6, 0x1E, 0x5C, 0x4B, 0x0F, 0x94, 0x31, 0x14, 0x8D, 0x9F,
	0x01, 0xBA, 0x77, 0x3D, 0xEB, 0xCE, 0xA4, 0x3C, 0xD0, 0x15, 0x10, 0x2D, 0x26, 0x3B, 0xD2, 0x64,
	0x57, 0xAE, 0xD7, 0x82, 0xCA, 0xBC, 0xFE, 0xBD, 0xFB, 0x5C, 0x3C, 0x8F, 0xDA, 0xEC, 0xFD, 0x1C,
	0x1D
	};

	const U8 eccPrivKeyTlsNist256_1[] = {
	0x0D, 0xBE, 0x36, 0xF7, 0x3A, 0x56, 0xC0, 0xF6, 0xB7, 0xB9, 0xCA, 0x70, 0x76, 0x7D, 0xB4, 0x86,
	0xC5, 0xA8, 0xE1, 0x1E, 0xAB, 0x6E, 0x6E, 0x15, 0xDE, 0xE0, 0xE4, 0x9C, 0x61, 0x0D, 0x03, 0xE4
	};

	const U8 eccPubKeyCANist256_0[] = {
	0x04, 0xC7, 0x84, 0x4F, 0x17, 0x11, 0x94, 0x70, 0x33, 0x1C, 0xDD, 0x99, 0x84, 0x3B, 0xA3, 0x27,
	0x60, 0xEA, 0x30, 0x01, 0x75, 0xB6, 0xCC, 0x31, 0x1B, 0xE0, 0x39, 0x2B, 0x99, 0x24, 0xD3, 0x83,
	0x56, 0x22, 0x47, 0x62, 0x33, 0x8C, 0xE5, 0x83, 0x61, 0x14, 0x2C, 0x73, 0x01, 0x97, 0x7A, 0xAD,
	0x1D, 0x38, 0x9A, 0x7E, 0x52, 0x83, 0xBE, 0x8A, 0x0D, 0x88, 0xCC, 0x2D, 0xAB, 0x67, 0x1E, 0xE6,
	0x11
	};

	// U8 eccPrivKeyCANist256_0[] = {
	// 0x93, 0x25, 0x07, 0xCE, 0x72, 0x50, 0xD6, 0x2B, 0x70, 0x43, 0xE3, 0x59, 0xDD, 0x31, 0xDB, 0x62,
	// 0x11, 0x1D, 0x78, 0x1D, 0x9D, 0x6A, 0xB5, 0x68, 0x32, 0xA9, 0x32, 0x41, 0xEB, 0xAD, 0xED, 0x03
	// };

	const U8 eccPubKeyCANist256_1[] = {
	0x04, 0x03, 0x61, 0x37, 0x33, 0xEC, 0xF7, 0x42, 0x37, 0x96, 0x6F, 0x0E, 0x13, 0x83, 0x91, 0xF7,
	0x60, 0xDD, 0x61, 0x54, 0x3D, 0x68, 0xA9, 0x0F, 0xDE, 0x23, 0x4B, 0xD8, 0xC4, 0x51, 0xE8, 0x06,
	0xD7, 0xF4, 0xDE, 0x4D, 0x2C, 0x4F, 0x9D, 0x08, 0x67, 0x4C, 0xF3, 0x54, 0xAD, 0xB3, 0xCC, 0x4D,
	0xE9, 0x2E, 0xEF, 0xC4, 0xCA, 0xA8, 0x6D, 0x99, 0x71, 0xF7, 0x15, 0xC4, 0x0C, 0x60, 0x3A, 0xB9,
	0xE2
	};

	// U8 eccPrivKeyCANist256_1[] = {
	// 0x88, 0xC9, 0xC5, 0x80, 0xBB, 0x5E, 0xD8, 0x61, 0x6C, 0x8E, 0xE9, 0x63, 0x64, 0x42, 0x06, 0xA2,
	// 0x47, 0x9E, 0x0D, 0x16, 0xB1, 0xAE, 0xF3, 0x14, 0x98, 0x18, 0x00, 0x17, 0x2E, 0x59, 0xE1, 0xED
	// };

	const U8 eccPubKeySpareNist256_1[] = {
	0x04, 0x28, 0x93, 0x33, 0xBF, 0x94, 0xF3, 0x48, 0x83, 0xCE, 0x8E, 0x91, 0x25, 0x96, 0x04, 0xC7,
	0x66, 0xA6, 0x8F, 0xBB, 0xB5, 0x5C, 0x49, 0x13, 0x2B, 0x3D, 0x12, 0x8E, 0xD6, 0x34, 0x8F, 0x62,
	0x2B, 0x7C, 0x91, 0x39, 0x7E, 0xC6, 0x65, 0x3B, 0xCD, 0xF1, 0xEC, 0x9B, 0xBA, 0xCB, 0x33, 0xAB,
	0x6D, 0x70, 0x72, 0x93, 0x06, 0x7C, 0xCF, 0x0D, 0xFE, 0xE6, 0x95, 0x6D, 0x51, 0xD2, 0x26, 0x10,
	0x02
	};

	// U8 eccPrivKeySpareNist256_1[] = {
	// 0x71, 0xEA, 0x34, 0x9B, 0x3C, 0x17, 0x3F, 0x40, 0x4F, 0xFE, 0xC1, 0xE4, 0xB5, 0xF3, 0xFD, 0xCD,
	// 0x58, 0x55, 0x27, 0xF8, 0x8B, 0xA1, 0x4E, 0xCD, 0x5D, 0x3C, 0x0D, 0xF0, 0x45, 0xE0, 0xD5, 0x27
	// };

	const U8 hash[] = {
	0xAA, 0xBB, 0x34, 0x9B, 0x3C, 0x17, 0x3F, 0x40, 0x4F, 0xFE, 0xC1, 0xE4, 0xB5, 0xF3, 0xFD, 0x00,
	0xBB, 0xAA, 0x27, 0xF8, 0x8B, 0xA1, 0x4E, 0xCD, 0x5D, 0x3C, 0x0D, 0xF0, 0x45, 0xE0, 0xD5, 0x11
	};
	const U16 hashLen = sizeof(hash);

	U8 signature[128];
	U16 signatureLen = sizeof(signature);

	U16 err;
	U16 expectedPubKeyLen = 0;
	// U16 expectedPrivKeyLen = 0;

	U8 isOk = 0;
	U8 sharedSecret[256];
	U16 sharedSecretLen = 0;

	U8 sharedSecret_0_1[32];
	U16 sharedSecret_0_1_Len = sizeof(sharedSecret_0_1);

	U8 sharedSecret_1_0[32];
	U16 sharedSecret_1_0_Len = sizeof(sharedSecret_1_0);

	SST_Index_t keyIdx = 0x00;

	LOG_I( "-----------Start exEccNoHostCrypto(%s)------------", getInitModeAsString(initMode));

	// Initialize the A71CH (Debug mode restrictions may apply)
	result &= a71chInitModule(initMode);
	assert(result);

	keyIdx = A71CH_KEY_PAIR_0;
	LOG_I( "A71_GenerateEccKeyPair(0x%02x)", keyIdx);
	err = A71_GenerateEccKeyPair(keyIdx);
	result &= AX_CHECK_SW(err, SW_OK, "err");

	keyIdx = A71CH_KEY_PAIR_1;
	LOG_I( "A71_GenerateEccKeyPair(0x%02x)", keyIdx);
	err = A71_GenerateEccKeyPair(keyIdx);
	result &= AX_CHECK_SW(err, SW_OK, "err");

	pubEccKey0Len = sizeof(pubEccKey0);
	expectedPubKeyLen = 65;
	keyIdx = A71CH_KEY_PAIR_0;
	LOG_I( "A71_GetPublicKeyEccKeyPair(0x%02x)", keyIdx);
	err = A71_GetPublicKeyEccKeyPair(keyIdx, pubEccKey0, &pubEccKey0Len);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	result &= AX_CHECK_U16(pubEccKey0Len, expectedPubKeyLen, "pubEccKey0Len");
	axPrintByteArray("pubEccKey0", pubEccKey0, pubEccKey0Len, AX_COLON_32);

	pubEccKey1Len = sizeof(pubEccKey1);
	expectedPubKeyLen = 65;
	keyIdx = A71CH_KEY_PAIR_1;
	LOG_I( "A71_GetPublicKeyEccKeyPair(0x%02x)", keyIdx);
	err = A71_GetPublicKeyEccKeyPair(keyIdx, pubEccKey1, &pubEccKey1Len);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	result &= AX_CHECK_U16(pubEccKey1Len, expectedPubKeyLen, "pubEccKey1Len");
	axPrintByteArray("pubEccKey1", pubEccKey1, pubEccKey1Len, AX_COLON_32);

	// Overwrite the ECC keyPair at index 0 & 1
	keyIdx = A71CH_KEY_PAIR_0;
	LOG_I("A71_SetEccKeyPair(0x%02x)", keyIdx);
	err = A71_SetEccKeyPair(keyIdx, eccPubKeyTlsNist256_0, (U16)sizeof(eccPubKeyTlsNist256_0),
	eccPrivKeyTlsNist256_0, (U16)sizeof(eccPrivKeyTlsNist256_0));
	result &= AX_CHECK_SW(err, SW_OK, "err");

	keyIdx = A71CH_KEY_PAIR_1;
	LOG_I("A71_SetEccKeyPair(0x%02x)", keyIdx);
	err = A71_SetEccKeyPair(keyIdx, eccPubKeyTlsNist256_1, (U16)sizeof(eccPubKeyTlsNist256_1),
	eccPrivKeyTlsNist256_1, (U16)sizeof(eccPrivKeyTlsNist256_1));
	result &= AX_CHECK_SW(err, SW_OK, "err");

	// Check whether public key (of keypair) was written succesfully.
	pubEccKeyScratchLen = sizeof(pubEccKeyScratch);
	expectedPubKeyLen = 65;
	keyIdx = A71CH_KEY_PAIR_0;
	LOG_I( "SST_GetPublicKeyECCKeyPair(0x%02x)", keyIdx);
	err = A71_GetPublicKeyEccKeyPair(keyIdx, pubEccKeyScratch, &pubEccKeyScratchLen);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	result &= AX_CHECK_U16(pubEccKeyScratchLen, expectedPubKeyLen, "pubEccKeyScratchLen");
	result &= AX_COMPARE_BYTE_ARRAY("pubEccKeyScratch", pubEccKeyScratch, pubEccKeyScratchLen,
	"eccPubKeyTlsNist256_0", eccPubKeyTlsNist256_0, (U16)sizeof(eccPubKeyTlsNist256_0), AX_COLON_32);

	pubEccKeyScratchLen = sizeof(pubEccKeyScratch);
	expectedPubKeyLen = 65;
	keyIdx = A71CH_KEY_PAIR_1;
	LOG_I( "SST_GetPublicKeyECCKeyPair(0x%02x)", keyIdx);
	err = A71_GetPublicKeyEccKeyPair(keyIdx, pubEccKeyScratch, &pubEccKeyScratchLen);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	result &= AX_CHECK_U16(pubEccKeyScratchLen, expectedPubKeyLen, "pubEccKeyScratchLen");
	result &= AX_COMPARE_BYTE_ARRAY("pubEccKeyScratch", pubEccKeyScratch, pubEccKeyScratchLen,
	"eccPubKeyTlsNist256_1", eccPubKeyTlsNist256_1, (U16)sizeof(eccPubKeyTlsNist256_1), AX_COLON_32);

	// Overwrite the ECC Public Key at index 0 & 1
	keyIdx = A71CH_PUBLIC_KEY_0;
	LOG_I("A71_SetEccPublicKey(0x%02x)", keyIdx);
	err = A71_SetEccPublicKey(keyIdx, eccPubKeyCANist256_0, (U16)sizeof(eccPubKeyCANist256_0));
	result &= AX_CHECK_SW(err, SW_OK, "err");

	keyIdx = A71CH_PUBLIC_KEY_1;
	LOG_I("A71_SetEccPublicKey(0x%02x)", keyIdx);
	err = A71_SetEccPublicKey(keyIdx, eccPubKeyCANist256_1, (U16)sizeof(eccPubKeyCANist256_1));
	result &= AX_CHECK_SW(err, SW_OK, "err");

	// Check whether public key at index 1 was written succesfully.
	pubEccKeyScratchLen = sizeof(pubEccKeyScratch);
	expectedPubKeyLen = 65;
	keyIdx = A71CH_PUBLIC_KEY_1;
	LOG_I( "A71_GetEccPublicKey(0x%02x)", keyIdx);
	err = A71_GetEccPublicKey(keyIdx, pubEccKeyScratch, &pubEccKeyScratchLen);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	result &= AX_CHECK_U16(pubEccKeyScratchLen, expectedPubKeyLen, "pubEccKeyScratchLen");
	result &= AX_COMPARE_BYTE_ARRAY("pubEccKeyScratch", pubEccKeyScratch, pubEccKeyScratchLen,
	"eccPubKeyCANist256_1", eccPubKeyCANist256_1, sizeof(eccPubKeyCANist256_1), AX_COLON_32);

	// Check whether public key at index 0 was written succesfully.
	pubEccKeyScratchLen = sizeof(pubEccKeyScratch);
	expectedPubKeyLen = 65;
	keyIdx = A71CH_PUBLIC_KEY_0;
	LOG_I("A71_GetEccPublicKey(0x%02x)", keyIdx);
	err = A71_GetEccPublicKey(keyIdx, pubEccKeyScratch, &pubEccKeyScratchLen);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	result &= AX_CHECK_U16(pubEccKeyScratchLen, expectedPubKeyLen, "pubEccKeyScratchLen");
	result &= AX_COMPARE_BYTE_ARRAY("pubEccKeyScratch", pubEccKeyScratch, pubEccKeyScratchLen,
	"eccPubKeyCANist256_0", eccPubKeyCANist256_0, sizeof(eccPubKeyCANist256_0), AX_COLON_32);

	// Generate a shared secret with keypair on index 0 and a spare public key
	keyIdx = A71CH_KEY_PAIR_0;
	LOG_I("A71_EcdhGetSharedSecret(0x%02x, SpareKey)", keyIdx);
	sharedSecretLen = sizeof(sharedSecret);
	err = A71_EcdhGetSharedSecret(keyIdx, eccPubKeySpareNist256_1, (U16)sizeof(eccPubKeySpareNist256_1), sharedSecret, &sharedSecretLen);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	axPrintByteArray("sharedSecret", sharedSecret, sharedSecretLen, AX_COLON_32);

	// Generate a shared secret using the two provisioned key pairs in the two possible modes
	// Check: SharedSecret(Priv_0, Pub_1) == SharedSecret(Priv_1, Pub_0)
	keyIdx = A71CH_KEY_PAIR_0;
	LOG_I("A71_EcdhGetSharedSecret(0x%02x, Pub_1)", keyIdx);
	sharedSecret_0_1_Len = sizeof(sharedSecret_0_1);
	err = A71_EcdhGetSharedSecret(keyIdx, eccPubKeyTlsNist256_1, (U16)sizeof(eccPubKeyTlsNist256_1), sharedSecret_0_1, &sharedSecret_0_1_Len);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	axPrintByteArray("sharedSecret_0_1", sharedSecret_0_1, sharedSecret_0_1_Len, AX_COLON_32);

	keyIdx = A71CH_KEY_PAIR_1;
	LOG_I("A71_EcdhGetSharedSecret(0x%02x, Pub_0)", keyIdx);
	sharedSecret_1_0_Len = sizeof(sharedSecret_1_0);
	err = A71_EcdhGetSharedSecret(keyIdx, eccPubKeyTlsNist256_0, (U16)sizeof(eccPubKeyTlsNist256_0), sharedSecret_1_0, &sharedSecret_1_0_Len);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	axPrintByteArray("sharedSecret_1_0", sharedSecret_1_0, sharedSecret_1_0_Len, AX_COLON_32);

	result &= AX_COMPARE_BYTE_ARRAY("sharedSecret_0_1", sharedSecret_0_1, sharedSecret_0_1_Len,
	"sharedSecret_1_0", sharedSecret_1_0, sharedSecret_1_0_Len, AX_COLON_32);

	// Sign a Hash (retrieving the native A71CH signature format)
	keyIdx = A71CH_KEY_PAIR_0;
	signatureLen = sizeof(signature);
	LOG_I("A71_EccSign(0x%02x)", keyIdx);
	err = A71_EccSign(keyIdx, hash, hashLen, signature, &signatureLen);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	axPrintByteArray("signature", signature, signatureLen, AX_COLON_32);

	// Now verify the signature on the A71CH
	LOG_I("A71_EccVerifyWithKey(Pub_0)");
	err = A71_EccVerifyWithKey(eccPubKeyTlsNist256_0, (U16)sizeof(eccPubKeyTlsNist256_0), hash, hashLen,
	signature, signatureLen, &isOk);
	result &= AX_CHECK_SW(err, SW_OK, "err");
	result &= AX_CHECK_U8(isOk, 0x01, "Signature did not verify correctly");

	LOG_I( "-----------End exEccNoHostCrypto(%s), result = %s------------", getInitModeAsString(initMode), ((result == 1)? "OK": "FAILED"));
	return result;
	}