sss/ex/src/ex_sss_se_auth.c - a71ch-crypto-support - Git at Google

 /*
 *
 * Copyright 2019 NXP
 * SPDX-License-Identifier: Apache-2.0
 */

 /** @file
 *
 * ex_sss_se050x_auth.c:  *The purpose and scope of this file*
 *
 * Project:  sss-doc-upstream
 *
 * $Date: Mar 10, 2019 $
 * $Author: ing05193 $
 * $Revision$
 */

 /* *****************************************************************************************************************
 * Includes
 * ***************************************************************************************************************** */
 #include <string.h>

 #include "ex_sss_auth.h"
 #include "ex_sss_boot_int.h"
 #include "nxLog_App.h"
 #include "nxScp03_Types.h"

 /* *****************************************************************************************************************
 * Internal Definitions
 * ***************************************************************************************************************** */

 /* *****************************************************************************************************************
 * Type Definitions
 * ***************************************************************************************************************** */

 /* *****************************************************************************************************************
 * Global and Static Variables
 * Total Size: NNNbytes
 * ***************************************************************************************************************** */

 /* *****************************************************************************************************************
 * Private Functions Prototypes
 * ***************************************************************************************************************** */

 #if SSS_HAVE_SE

 #if SSS_HAVE_SCP_SCP03_SSS
 static sss_status_t ex_sss_se_prepare_host_platformscp(
     NXSCP03_AuthCtx_t *pCtx, ex_SE05x_authCtx_t *pauthctx, sss_key_store_t *pKs);

 static sss_status_t Alloc_Scp03key_toSEAuthctx(sss_object_t *keyObject, sss_key_store_t *pKs, uint32_t keyId);

 #endif

 /* *****************************************************************************************************************
 * Public Functions
 * ***************************************************************************************************************** */

 #if SSS_HAVE_HOSTCRYPTO_ANY
 sss_status_t ex_sss_se_prepare_host(sss_session_t *host_session,
     sss_key_store_t *host_ks,
     SE_Connect_Ctx_t *se05x_open_ctx,
     ex_SE05x_authCtx_t *se05x_auth_ctx,
     SE_AuthType_t auth_type)
 {
     sss_status_t status = kStatus_SSS_Fail;

     if (host_session->subsystem == kType_SSS_SubSystem_NONE) {
         sss_type_t hostsubsystem = kType_SSS_SubSystem_NONE;

         hostsubsystem = kType_SSS_Software;

         status = sss_host_session_open(host_session, hostsubsystem, 0, kSSS_ConnectionType_Plain, NULL);

         if (kStatus_SSS_Success != status) {
             LOG_E("Failed to open Host Session");
             goto cleanup;
         }
         status = sss_host_key_store_context_init(host_ks, host_session);
         if (kStatus_SSS_Success != status) {
             LOG_E("Host: sss_key_store_context_init failed");
             goto cleanup;
         }
         status = sss_host_key_store_allocate(host_ks, __LINE__);
         if (kStatus_SSS_Success != status) {
             LOG_E("Host: sss_key_store_allocate failed");
             goto cleanup;
         }
     }
     switch (auth_type) {
 #if SSS_HAVE_SCP_SCP03_SSS
     case kSSS_AuthType_SCP03:
         status = ex_sss_se_prepare_host_platformscp(&se05x_open_ctx->auth.ctx.scp03, se05x_auth_ctx, host_ks);
         break;
 #endif
     case kSSS_AuthType_None:
         /* Nothing to do */
         status = kStatus_SSS_Success;
         break;
     default:
         status = kStatus_SSS_Fail;
         LOG_E("Not handled");
     }

     if (kStatus_SSS_Success != status) {
         LOG_E(
             "Host: ex_sss_se05x_prepare_host_<type=(SE_AuthType_t)%d> "
             "failed",
             auth_type);
         goto cleanup;
     }
     se05x_open_ctx->auth.authType = auth_type;

 cleanup:
     return status;
 }
 #endif // SSS_HAVE_HOSTCRYPTO_ANY

 /* *****************************************************************************************************************
 * Private Functions
 * ***************************************************************************************************************** */

 #if SSS_HAVE_SCP_SCP03_SSS
 /* Function to Set Init and Allocate static Scp03Keys and Init Allocate dynamic keys */
 static sss_status_t ex_sss_se_prepare_host_platformscp(
     NXSCP03_AuthCtx_t *pAuthCtx, ex_SE05x_authCtx_t *pEx_auth, sss_key_store_t *pKs)
 {
     sss_status_t status              = kStatus_SSS_Fail;
     uint8_t KEY_ENC[]                = EX_SSS_AUTH_SE05X_KEY_ENC;
     uint8_t KEY_MAC[]                = EX_SSS_AUTH_SE05X_KEY_MAC;
     uint8_t KEY_DEK[]                = EX_SSS_AUTH_SE05X_KEY_DEK;
     pAuthCtx->pStatic_ctx            = &pEx_auth->scp03.ex_static;
     pAuthCtx->pDyn_ctx               = &pEx_auth->scp03.ex_dyn;
     NXSCP03_StaticCtx_t *pStatic_ctx = pAuthCtx->pStatic_ctx;
     NXSCP03_DynCtx_t *pDyn_ctx       = pAuthCtx->pDyn_ctx;

     pStatic_ctx->keyVerNo = EX_SSS_AUTH_SE05X_KEY_VERSION_NO;

     /* Init Allocate ENC Static Key */
     status = Alloc_Scp03key_toSEAuthctx(&pStatic_ctx->Enc, pKs, MAKE_TEST_ID(__LINE__));
     if (status != kStatus_SSS_Success) {
         return status;
     }
     /* Set ENC Static Key */
     status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Enc, KEY_ENC, 16, 16 * 8, NULL, 0);
     if (status != kStatus_SSS_Success) {
         return status;
     }

     /* Init Allocate MAC Static Key */
     status = Alloc_Scp03key_toSEAuthctx(&pStatic_ctx->Mac, pKs, MAKE_TEST_ID(__LINE__));
     if (status != kStatus_SSS_Success) {
         return status;
     }
     /* Set MAC Static Key */
     status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Mac, KEY_MAC, 16, 16 * 8, NULL, 0);
     if (status != kStatus_SSS_Success) {
         return status;
     }

     /* Init Allocate DEK Static Key */
     status = Alloc_Scp03key_toSEAuthctx(&pStatic_ctx->Dek, pKs, MAKE_TEST_ID(__LINE__));
     if (status != kStatus_SSS_Success) {
         return status;
     }
     /* Set DEK Static Key */
     status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Dek, KEY_DEK, 16, 16 * 8, NULL, 0);
     if (status != kStatus_SSS_Success) {
         return status;
     }

     /* Init Allocate ENC Session Key */
     status = Alloc_Scp03key_toSEAuthctx(&pDyn_ctx->Enc, pKs, MAKE_TEST_ID(__LINE__));
     if (status != kStatus_SSS_Success) {
         return status;
     }
     /* Init Allocate MAC Session Key */
     status = Alloc_Scp03key_toSEAuthctx(&pDyn_ctx->Mac, pKs, MAKE_TEST_ID(__LINE__));
     if (status != kStatus_SSS_Success) {
         return status;
     }
     /* Init Allocate DEK Session Key */
     status = Alloc_Scp03key_toSEAuthctx(&pDyn_ctx->Rmac, pKs, MAKE_TEST_ID(__LINE__));
     return status;
 }
 #endif

 #if SSS_HAVE_SCP_SCP03_SSS
 static sss_status_t Alloc_Scp03key_toSEAuthctx(sss_object_t *keyObject, sss_key_store_t *pKs, uint32_t keyId)
 {
     sss_status_t status = kStatus_SSS_Fail;
     status              = sss_host_key_object_init(keyObject, pKs);
     if (status != kStatus_SSS_Success) {
         return status;
     }

     status = sss_host_key_object_allocate_handle(
         keyObject, keyId, kSSS_KeyPart_Default, kSSS_CipherType_AES, 16, kKeyObject_Mode_Transient);
     return status;
 }

 #endif
 #endif
	/*
	*
	* Copyright 2019 NXP
	* SPDX-License-Identifier: Apache-2.0
	*/

	/** @file
	*
	* ex_sss_se050x_auth.c: The purpose and scope of this file
	*
	* Project: sss-doc-upstream
	*
	* $Date: Mar 10, 2019 $
	* $Author: ing05193 $
	* $Revision$
	*/

	/* *****************************************************************************************************************
	* Includes
	* ***************************************************************************************************************** */
	#include <string.h>

	#include "ex_sss_auth.h"
	#include "ex_sss_boot_int.h"
	#include "nxLog_App.h"
	#include "nxScp03_Types.h"

	/* *****************************************************************************************************************
	* Internal Definitions
	* ***************************************************************************************************************** */

	/* *****************************************************************************************************************
	* Type Definitions
	* ***************************************************************************************************************** */

	/* *****************************************************************************************************************
	* Global and Static Variables
	* Total Size: NNNbytes
	* ***************************************************************************************************************** */

	/* *****************************************************************************************************************
	* Private Functions Prototypes
	* ***************************************************************************************************************** */

	#if SSS_HAVE_SE

	#if SSS_HAVE_SCP_SCP03_SSS
	static sss_status_t ex_sss_se_prepare_host_platformscp(
	NXSCP03_AuthCtx_t pCtx, ex_SE05x_authCtx_t pauthctx, sss_key_store_t *pKs);

	static sss_status_t Alloc_Scp03key_toSEAuthctx(sss_object_t keyObject, sss_key_store_t pKs, uint32_t keyId);

	#endif

	/* *****************************************************************************************************************
	* Public Functions
	* ***************************************************************************************************************** */

	#if SSS_HAVE_HOSTCRYPTO_ANY
	sss_status_t ex_sss_se_prepare_host(sss_session_t *host_session,
	sss_key_store_t *host_ks,
	SE_Connect_Ctx_t *se05x_open_ctx,
	ex_SE05x_authCtx_t *se05x_auth_ctx,
	SE_AuthType_t auth_type)
	{
	sss_status_t status = kStatus_SSS_Fail;

	if (host_session->subsystem == kType_SSS_SubSystem_NONE) {
	sss_type_t hostsubsystem = kType_SSS_SubSystem_NONE;

	hostsubsystem = kType_SSS_Software;

	status = sss_host_session_open(host_session, hostsubsystem, 0, kSSS_ConnectionType_Plain, NULL);

	if (kStatus_SSS_Success != status) {
	LOG_E("Failed to open Host Session");
	goto cleanup;
	}
	status = sss_host_key_store_context_init(host_ks, host_session);
	if (kStatus_SSS_Success != status) {
	LOG_E("Host: sss_key_store_context_init failed");
	goto cleanup;
	}
	status = sss_host_key_store_allocate(host_ks, __LINE__);
	if (kStatus_SSS_Success != status) {
	LOG_E("Host: sss_key_store_allocate failed");
	goto cleanup;
	}
	}
	switch (auth_type) {
	#if SSS_HAVE_SCP_SCP03_SSS
	case kSSS_AuthType_SCP03:
	status = ex_sss_se_prepare_host_platformscp(&se05x_open_ctx->auth.ctx.scp03, se05x_auth_ctx, host_ks);
	break;
	#endif
	case kSSS_AuthType_None:
	/* Nothing to do */
	status = kStatus_SSS_Success;
	break;
	default:
	status = kStatus_SSS_Fail;
	LOG_E("Not handled");
	}

	if (kStatus_SSS_Success != status) {
	LOG_E(
	"Host: ex_sss_se05x_prepare_host_<type=(SE_AuthType_t)%d> "
	"failed",
	auth_type);
	goto cleanup;
	}
	se05x_open_ctx->auth.authType = auth_type;

	cleanup:
	return status;
	}
	#endif // SSS_HAVE_HOSTCRYPTO_ANY

	/* *****************************************************************************************************************
	* Private Functions
	* ***************************************************************************************************************** */

	#if SSS_HAVE_SCP_SCP03_SSS
	/* Function to Set Init and Allocate static Scp03Keys and Init Allocate dynamic keys */
	static sss_status_t ex_sss_se_prepare_host_platformscp(
	NXSCP03_AuthCtx_t pAuthCtx, ex_SE05x_authCtx_t pEx_auth, sss_key_store_t *pKs)
	{
	sss_status_t status = kStatus_SSS_Fail;
	uint8_t KEY_ENC[] = EX_SSS_AUTH_SE05X_KEY_ENC;
	uint8_t KEY_MAC[] = EX_SSS_AUTH_SE05X_KEY_MAC;
	uint8_t KEY_DEK[] = EX_SSS_AUTH_SE05X_KEY_DEK;
	pAuthCtx->pStatic_ctx = &pEx_auth->scp03.ex_static;
	pAuthCtx->pDyn_ctx = &pEx_auth->scp03.ex_dyn;
	NXSCP03_StaticCtx_t *pStatic_ctx = pAuthCtx->pStatic_ctx;
	NXSCP03_DynCtx_t *pDyn_ctx = pAuthCtx->pDyn_ctx;

	pStatic_ctx->keyVerNo = EX_SSS_AUTH_SE05X_KEY_VERSION_NO;

	/* Init Allocate ENC Static Key */
	status = Alloc_Scp03key_toSEAuthctx(&pStatic_ctx->Enc, pKs, MAKE_TEST_ID(__LINE__));
	if (status != kStatus_SSS_Success) {
	return status;
	}
	/* Set ENC Static Key */
	status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Enc, KEY_ENC, 16, 16 * 8, NULL, 0);
	if (status != kStatus_SSS_Success) {
	return status;
	}

	/* Init Allocate MAC Static Key */
	status = Alloc_Scp03key_toSEAuthctx(&pStatic_ctx->Mac, pKs, MAKE_TEST_ID(__LINE__));
	if (status != kStatus_SSS_Success) {
	return status;
	}
	/* Set MAC Static Key */
	status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Mac, KEY_MAC, 16, 16 * 8, NULL, 0);
	if (status != kStatus_SSS_Success) {
	return status;
	}

	/* Init Allocate DEK Static Key */
	status = Alloc_Scp03key_toSEAuthctx(&pStatic_ctx->Dek, pKs, MAKE_TEST_ID(__LINE__));
	if (status != kStatus_SSS_Success) {
	return status;
	}
	/* Set DEK Static Key */
	status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Dek, KEY_DEK, 16, 16 * 8, NULL, 0);
	if (status != kStatus_SSS_Success) {
	return status;
	}

	/* Init Allocate ENC Session Key */
	status = Alloc_Scp03key_toSEAuthctx(&pDyn_ctx->Enc, pKs, MAKE_TEST_ID(__LINE__));
	if (status != kStatus_SSS_Success) {
	return status;
	}
	/* Init Allocate MAC Session Key */
	status = Alloc_Scp03key_toSEAuthctx(&pDyn_ctx->Mac, pKs, MAKE_TEST_ID(__LINE__));
	if (status != kStatus_SSS_Success) {
	return status;
	}
	/* Init Allocate DEK Session Key */
	status = Alloc_Scp03key_toSEAuthctx(&pDyn_ctx->Rmac, pKs, MAKE_TEST_ID(__LINE__));
	return status;
	}
	#endif

	#if SSS_HAVE_SCP_SCP03_SSS
	static sss_status_t Alloc_Scp03key_toSEAuthctx(sss_object_t keyObject, sss_key_store_t pKs, uint32_t keyId)
	{
	sss_status_t status = kStatus_SSS_Fail;
	status = sss_host_key_object_init(keyObject, pKs);
	if (status != kStatus_SSS_Success) {
	return status;
	}

	status = sss_host_key_object_allocate_handle(
	keyObject, keyId, kSSS_KeyPart_Default, kSSS_CipherType_AES, 16, kKeyObject_Mode_Transient);
	return status;
	}

	#endif
	#endif