sss/ex/src/ex_a71ch_scp03.c - a71ch-crypto-support - Git at Google

 /*
  *
  * Copyright 2018-2020 NXP
  * SPDX-License-Identifier: Apache-2.0
  */

 /* ************************************************************************** */
 /* Includes                                                                   */
 /* ************************************************************************** */

 #include "ex_a71ch_scp03.h"

 #include <fsl_sss_sscp.h>
 #include <nxEnsure.h>
 #include <stdio.h>

 #include "ex_sss_boot_int.h"
 #include "nxLog_App.h"

 #if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM

 /* ************************************************************************** */
 /* Local Defines                                                              */
 /* ************************************************************************** */

 /* ************************************************************************** */
 /* Structures and Typedefs                                                    */
 /* ************************************************************************** */

 /* ************************************************************************** */
 /* Global Variables                                                           */
 /* ************************************************************************** */

 /* ************************************************************************** */
 /* Static function declarations                                               */
 /* ************************************************************************** */

 /* ************************************************************************** */
 /* Public Functions                                                           */
 /* ************************************************************************** */

 /**
 * Fetch random data from A71CH and use as SCP03 static keys
 *
 * @param[in,out] keyEnc IN: Buffer to contain key; OUT: Key created
 * @param[in,out] keyMac IN: Buffer to contain key; OUT: Key created
 * @param[in,out] keyDek IN: Buffer to contain key; OUT: Key created
 */
 sss_status_t ex_a71ch_FetchRandomScp03Keys(U8 *keyEnc, U8 *keyMac, U8 *keyDek)
 {
     U16 sw                      = 0;
     U8 random[3 * SCP_KEY_SIZE] = {0};
     U8 randomLen                = (U8)sizeof(random);
     sss_status_t status         = kStatus_SSS_Fail;

     // Validate input parameters
     ENSURE_OR_GO_CLEANUP(keyEnc != NULL);
     ENSURE_OR_GO_CLEANUP(keyMac != NULL);
     ENSURE_OR_GO_CLEANUP(keyDek != NULL);

     LOG_I("Clear host-side SCP03 channel state");
     DEV_ClearChannelState();

     LOG_I("ex_a71ch_FetchRandomScp03Keys() - Enter");
     // Security module generates random data for initial SCP03 keys
     sw = A71_GetRandom(random, randomLen);
     // AX_CHECK_SW(sw, SW_OK, "Failed to fetch random data");

     // Storing Static Keys
     memcpy(keyEnc, random, SCP_KEY_SIZE);
     memcpy(keyMac, random + SCP_KEY_SIZE, SCP_KEY_SIZE);
     memcpy(keyDek, random + (2 * SCP_KEY_SIZE), SCP_KEY_SIZE);

 cleanup:
     status = ((sw == SW_OK) ? kStatus_SSS_Success : kStatus_SSS_Fail);
     LOG_I("ex_a71ch_FetchRandomScp03Keys() - Leave, result = %s", ((status == kStatus_SSS_Success) ? "OK" : "FAILED"));
     return status;
 }

 /**
 * Set SCP03 static keys in the A71CH.
 *
 * @param[in,out] keyEnc IN: Buffer to contain key; OUT: Key created and inserted into A71CH
 * @param[in,out] keyMac IN: Buffer to contain key; OUT: Key created and inserted into A71CH
 * @param[in,out] keyDek IN: Buffer to contain key; OUT: Key created and inserted into A71CH
 *
 * @pre SCP03 static keys have not been set. Either A71CH is a fresh production sample or it has
 * been forced into the initial state through the DBG Interface.
 * NOTE-1: The function DBG_RESET is not available in production samples
 * NOTE-2: Static SCP03 keys can only be set once
 */
 sss_status_t ex_a71ch_SetSeScp03Keys(U8 *keyEnc, U8 *keyMac, U8 *keyDek)
 {
     U16 sw              = 0;
     U8 *currentKeyDek   = NULL;
     U8 keyVersion       = 1;
     sss_status_t status = kStatus_SSS_Fail;

     // Validate input parameters
     ENSURE_OR_GO_CLEANUP(keyEnc != NULL);
     ENSURE_OR_GO_CLEANUP(keyMac != NULL);
     ENSURE_OR_GO_CLEANUP(keyDek != NULL);

     LOG_I("Clear host-side SCP03 channel state");
     DEV_ClearChannelState();

     LOG_I("ex_a71ch_SetSeScp03Keys() - Enter");
     LOG_I("Provision the SCP03 keys - secure element side - with key-data");

     keyVersion = (U8)(SST_HOST_SCP_KEYSET >> 8);
     LOG_I("SCP_GP_PutKeys(keyVersion=0x%02)", keyVersion);
     sw = SCP_GP_PutKeys(keyVersion, keyEnc, keyMac, keyDek, currentKeyDek, AES_KEY_LEN_nBYTE);
     // AX_CHECK_SW(sw, SW_OK, "Failed to set SCP03 keys");

 cleanup:
     status = ((sw == SW_OK) ? kStatus_SSS_Success : kStatus_SSS_Fail);
     LOG_I("ex_a71ch_SetSeScp03Keys() - Leave, result = %s", ((status == kStatus_SSS_Success) ? "OK" : "FAILED"));
     return status;
 }

 /* ************************************************************************** */
 /* Private Functions                                                          */
 /* ************************************************************************** */

 #endif
	/*
	*
	* Copyright 2018-2020 NXP
	* SPDX-License-Identifier: Apache-2.0
	*/

	/* ************************************************************************** */
	/* Includes */
	/* ************************************************************************** */

	#include "ex_a71ch_scp03.h"

	#include <fsl_sss_sscp.h>
	#include <nxEnsure.h>
	#include <stdio.h>

	#include "ex_sss_boot_int.h"
	#include "nxLog_App.h"

	#if SSS_HAVE_A71CH \|\| SSS_HAVE_A71CH_SIM

	/* ************************************************************************** */
	/* Local Defines */
	/* ************************************************************************** */

	/* ************************************************************************** */
	/* Structures and Typedefs */
	/* ************************************************************************** */

	/* ************************************************************************** */
	/* Global Variables */
	/* ************************************************************************** */

	/* ************************************************************************** */
	/* Static function declarations */
	/* ************************************************************************** */

	/* ************************************************************************** */
	/* Public Functions */
	/* ************************************************************************** */

	/**
	* Fetch random data from A71CH and use as SCP03 static keys
	*
	* @param[in,out] keyEnc IN: Buffer to contain key; OUT: Key created
	* @param[in,out] keyMac IN: Buffer to contain key; OUT: Key created
	* @param[in,out] keyDek IN: Buffer to contain key; OUT: Key created
	*/
	sss_status_t ex_a71ch_FetchRandomScp03Keys(U8 keyEnc, U8 keyMac, U8 *keyDek)
	{
	U16 sw = 0;
	U8 random[3 * SCP_KEY_SIZE] = {0};
	U8 randomLen = (U8)sizeof(random);
	sss_status_t status = kStatus_SSS_Fail;

	// Validate input parameters
	ENSURE_OR_GO_CLEANUP(keyEnc != NULL);
	ENSURE_OR_GO_CLEANUP(keyMac != NULL);
	ENSURE_OR_GO_CLEANUP(keyDek != NULL);

	LOG_I("Clear host-side SCP03 channel state");
	DEV_ClearChannelState();

	LOG_I("ex_a71ch_FetchRandomScp03Keys() - Enter");
	// Security module generates random data for initial SCP03 keys
	sw = A71_GetRandom(random, randomLen);
	// AX_CHECK_SW(sw, SW_OK, "Failed to fetch random data");

	// Storing Static Keys
	memcpy(keyEnc, random, SCP_KEY_SIZE);
	memcpy(keyMac, random + SCP_KEY_SIZE, SCP_KEY_SIZE);
	memcpy(keyDek, random + (2 * SCP_KEY_SIZE), SCP_KEY_SIZE);

	cleanup:
	status = ((sw == SW_OK) ? kStatus_SSS_Success : kStatus_SSS_Fail);
	LOG_I("ex_a71ch_FetchRandomScp03Keys() - Leave, result = %s", ((status == kStatus_SSS_Success) ? "OK" : "FAILED"));
	return status;
	}

	/**
	* Set SCP03 static keys in the A71CH.
	*
	* @param[in,out] keyEnc IN: Buffer to contain key; OUT: Key created and inserted into A71CH
	* @param[in,out] keyMac IN: Buffer to contain key; OUT: Key created and inserted into A71CH
	* @param[in,out] keyDek IN: Buffer to contain key; OUT: Key created and inserted into A71CH
	*
	* @pre SCP03 static keys have not been set. Either A71CH is a fresh production sample or it has
	* been forced into the initial state through the DBG Interface.
	* NOTE-1: The function DBG_RESET is not available in production samples
	* NOTE-2: Static SCP03 keys can only be set once
	*/
	sss_status_t ex_a71ch_SetSeScp03Keys(U8 keyEnc, U8 keyMac, U8 *keyDek)
	{
	U16 sw = 0;
	U8 *currentKeyDek = NULL;
	U8 keyVersion = 1;
	sss_status_t status = kStatus_SSS_Fail;

	// Validate input parameters
	ENSURE_OR_GO_CLEANUP(keyEnc != NULL);
	ENSURE_OR_GO_CLEANUP(keyMac != NULL);
	ENSURE_OR_GO_CLEANUP(keyDek != NULL);

	LOG_I("Clear host-side SCP03 channel state");
	DEV_ClearChannelState();

	LOG_I("ex_a71ch_SetSeScp03Keys() - Enter");
	LOG_I("Provision the SCP03 keys - secure element side - with key-data");

	keyVersion = (U8)(SST_HOST_SCP_KEYSET >> 8);
	LOG_I("SCP_GP_PutKeys(keyVersion=0x%02)", keyVersion);
	sw = SCP_GP_PutKeys(keyVersion, keyEnc, keyMac, keyDek, currentKeyDek, AES_KEY_LEN_nBYTE);
	// AX_CHECK_SW(sw, SW_OK, "Failed to set SCP03 keys");

	cleanup:
	status = ((sw == SW_OK) ? kStatus_SSS_Success : kStatus_SSS_Fail);
	LOG_I("ex_a71ch_SetSeScp03Keys() - Leave, result = %s", ((status == kStatus_SSS_Success) ? "OK" : "FAILED"));
	return status;
	}

	/* ************************************************************************** */
	/* Private Functions */
	/* ************************************************************************** */

	#endif