diff --git a/.github/workflows/compile-examples.yml b/.github/workflows/compile-examples.yml index 6cb1406db..b17c614a6 100644 --- a/.github/workflows/compile-examples.yml +++ b/.github/workflows/compile-examples.yml @@ -129,7 +129,6 @@ jobs: - libraries/PDM - libraries/Camera/examples/CameraCaptureRawBytes - libraries/Camera/examples/CameraCaptureZoomPan - - libraries/SE05X - libraries/STM32H747_System - libraries/ThreadDebug - libraries/USBHID diff --git a/cores/arduino/mbed/storage/filesystem/littlefsv2/include/littlefsv2/LittleFileSystem2.h b/cores/arduino/mbed/storage/filesystem/littlefsv2/include/littlefsv2/LittleFileSystem2.h index d753b3fb1..0d13ef7fb 100644 --- a/cores/arduino/mbed/storage/filesystem/littlefsv2/include/littlefsv2/LittleFileSystem2.h +++ b/cores/arduino/mbed/storage/filesystem/littlefsv2/include/littlefsv2/LittleFileSystem2.h @@ -289,9 +289,9 @@ class LittleFileSystem2 : public mbed::FileSystem { #endif //!(DOXYGEN_ONLY) private: - lfs2_t _lfs; // The actual file system - struct lfs2_config _config; - mbed::BlockDevice *_bd; // The block device + lfs2_t _lfs{}; // The actual file system + struct lfs2_config _config {}; + mbed::BlockDevice *_bd = nullptr; // The block device // thread-safe locking PlatformMutex _mutex; diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h deleted file mode 100644 index 95dd7f92f..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h +++ /dev/null @@ -1,651 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_FTR_H_ -#define SSS_APIS_INC_FSL_SSS_FTR_H_ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* clang-format off */ - - -/* # CMake Features : Start */ - - -/** Applet : The Secure Element Applet - * - * You can compile host library for different Applets listed below. - * Please note, some of these Applets may be for NXP Internal use only. - */ - -/** Compiling without any Applet Support */ -#define SSS_HAVE_APPLET_NONE 0 - -/** A71CH (ECC) */ -#define SSS_HAVE_APPLET_A71CH 0 - -/** A71CL (RSA) */ -#define SSS_HAVE_APPLET_A71CL 0 - -/** Similar to A71CH */ -#define SSS_HAVE_APPLET_A71CH_SIM 0 - -/** SE050 Type A (ECC) */ -#define SSS_HAVE_APPLET_SE05X_A 0 - -/** SE050 Type B (RSA) */ -#define SSS_HAVE_APPLET_SE05X_B 0 - -/** SE050 (Super set of A + B) */ -#define SSS_HAVE_APPLET_SE05X_C 1 - -/** SE050 (Similar to A71CL) */ -#define SSS_HAVE_APPLET_SE05X_L 0 - -/** NXP Internal testing Applet */ -#define SSS_HAVE_APPLET_LOOPBACK 0 - -#if (( 0 \ - + SSS_HAVE_APPLET_NONE \ - + SSS_HAVE_APPLET_A71CH \ - + SSS_HAVE_APPLET_A71CL \ - + SSS_HAVE_APPLET_A71CH_SIM \ - + SSS_HAVE_APPLET_SE05X_A \ - + SSS_HAVE_APPLET_SE05X_B \ - + SSS_HAVE_APPLET_SE05X_C \ - + SSS_HAVE_APPLET_SE05X_L \ - + SSS_HAVE_APPLET_LOOPBACK \ - ) > 1) -# error "Enable only one of 'Applet'" -#endif - - -#if (( 0 \ - + SSS_HAVE_APPLET_NONE \ - + SSS_HAVE_APPLET_A71CH \ - + SSS_HAVE_APPLET_A71CL \ - + SSS_HAVE_APPLET_A71CH_SIM \ - + SSS_HAVE_APPLET_SE05X_A \ - + SSS_HAVE_APPLET_SE05X_B \ - + SSS_HAVE_APPLET_SE05X_C \ - + SSS_HAVE_APPLET_SE05X_L \ - + SSS_HAVE_APPLET_LOOPBACK \ - ) == 0) -# error "Enable at-least one of 'Applet'" -#endif - - - -/** SE05X_Ver : SE05X Applet version. - * - * Selection of Applet version 03_XX enables SE050 features. - * Selection of Applet version 06_00 enables SE051 features. - * - */ - -/** SE050 */ -#define SSS_HAVE_SE05X_VER_03_XX 1 - -/** SE051 */ -#define SSS_HAVE_SE05X_VER_06_00 0 - -#if (( 0 \ - + SSS_HAVE_SE05X_VER_03_XX \ - + SSS_HAVE_SE05X_VER_06_00 \ - ) > 1) -# error "Enable only one of 'SE05X_Ver'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SE05X_VER_03_XX \ - + SSS_HAVE_SE05X_VER_06_00 \ - ) == 0) -# error "Enable at-least one of 'SE05X_Ver'" -#endif - - - -/** HostCrypto : Counterpart Crypto on Host - * - * What is being used as a cryptographic library on the host. - * As of now only OpenSSL / mbedTLS is supported - */ - -/** Use mbedTLS as host crypto */ -#define SSS_HAVE_HOSTCRYPTO_MBEDTLS 0 - -/** Use mbed-crypto as host crypto - * Required for ARM-PSA / TF-M */ -#define SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO 0 - -/** Use OpenSSL as host crypto */ -#define SSS_HAVE_HOSTCRYPTO_OPENSSL 0 - -/** User Implementation of Host Crypto - * e.g. Files at ``sss/src/user/crypto`` have low level AES/CMAC primitives. - * The files at ``sss/src/user`` use those primitives. - * This becomes an example for users with their own AES Implementation - * This then becomes integration without mbedTLS/OpenSSL for SCP03 / AESKey. - * - * .. note:: ECKey abstraction is not implemented/available yet. */ -#define SSS_HAVE_HOSTCRYPTO_USER 0 - -/** NO Host Crypto - * Note, this is unsecure and only provided for experimentation - * on platforms that do not have an mbedTLS PORT - * Many :ref:`sssftr-control` have to be disabled to have a valid build. */ -#define SSS_HAVE_HOSTCRYPTO_NONE 0 - -#if (( 0 \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_USER \ - + SSS_HAVE_HOSTCRYPTO_NONE \ - ) > 1) -# error "Enable only one of 'HostCrypto'" -#endif - - -/** mbedTLS_ALT : ALT Engine implementation for mbedTLS - * - * When set to None, mbedTLS would not use ALT Implementation to connect to / use Secure Element. - * This needs to be set to SSS for Cloud Demos over SSS APIs - */ - -/** Use SSS Layer ALT implementation */ -#define SSS_HAVE_MBEDTLS_ALT_SSS 1 - -/** Legacy implementation */ -#define SSS_HAVE_MBEDTLS_ALT_A71CH 0 - -/** Not using any mbedTLS_ALT - * - * When this is selected, cloud demos can not work with mbedTLS */ -#define SSS_HAVE_MBEDTLS_ALT_NONE 0 - -#if (( 0 \ - + SSS_HAVE_MBEDTLS_ALT_SSS \ - + SSS_HAVE_MBEDTLS_ALT_A71CH \ - + SSS_HAVE_MBEDTLS_ALT_NONE \ - ) > 1) -# error "Enable only one of 'mbedTLS_ALT'" -#endif - - -#if (( 0 \ - + SSS_HAVE_MBEDTLS_ALT_SSS \ - + SSS_HAVE_MBEDTLS_ALT_A71CH \ - + SSS_HAVE_MBEDTLS_ALT_NONE \ - ) == 0) -# error "Enable at-least one of 'mbedTLS_ALT'" -#endif - - - -/** SCP : Secure Channel Protocol - * - * In case we enable secure channel to Secure Element, which interface to be used. - */ - -/** */ -#define SSS_HAVE_SCP_NONE 0 - -/** Use SSS Layer for SCP. Used for SE050 family. */ -#define SSS_HAVE_SCP_SCP03_SSS 0 - -/** Use Host Crypto Layer for SCP03. Legacy implementation. Used for older demos of A71CH Family. */ -#define SSS_HAVE_SCP_SCP03_HOSTCRYPTO 0 - -#if (( 0 \ - + SSS_HAVE_SCP_NONE \ - + SSS_HAVE_SCP_SCP03_SSS \ - + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ - ) > 1) -# error "Enable only one of 'SCP'" -#endif - - -/** FIPS : Enable or disable FIPS - * - * This selection mostly impacts tests, and generally not the actual Middleware - */ - -/** NO FIPS */ -#define SSS_HAVE_FIPS_NONE 1 - -/** SE050 IC FIPS */ -#define SSS_HAVE_FIPS_SE050 0 - -/** FIPS 140-2 */ -#define SSS_HAVE_FIPS_140_2 0 - -/** FIPS 140-3 */ -#define SSS_HAVE_FIPS_140_3 0 - -#if (( 0 \ - + SSS_HAVE_FIPS_NONE \ - + SSS_HAVE_FIPS_SE050 \ - + SSS_HAVE_FIPS_140_2 \ - + SSS_HAVE_FIPS_140_3 \ - ) > 1) -# error "Enable only one of 'FIPS'" -#endif - - -#if (( 0 \ - + SSS_HAVE_FIPS_NONE \ - + SSS_HAVE_FIPS_SE050 \ - + SSS_HAVE_FIPS_140_2 \ - + SSS_HAVE_FIPS_140_3 \ - ) == 0) -# error "Enable at-least one of 'FIPS'" -#endif - - - -/** SBL : Enable/Disable SBL Bootable support - * - * This option is to enable/disable boot from SBL by switching linker address - */ - -/** Not SBL bootable */ -#define SSS_HAVE_SBL_NONE 1 - -/** SE050 based LPC55S SBL bootable */ -#define SSS_HAVE_SBL_SBL_LPC55S 0 - -#if (( 0 \ - + SSS_HAVE_SBL_NONE \ - + SSS_HAVE_SBL_SBL_LPC55S \ - ) > 1) -# error "Enable only one of 'SBL'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SBL_NONE \ - + SSS_HAVE_SBL_SBL_LPC55S \ - ) == 0) -# error "Enable at-least one of 'SBL'" -#endif - - - -/** SE05X_Auth : SE050 Authentication - * - * This settings is used by examples to connect using various options - * to authenticate with the Applet. - * The SE05X_Auth options can be changed for KSDK Demos and Examples. - * To change SE05X_Auth option follow below steps. - * Set flag ``SSS_HAVE_SCP_SCP03_SSS`` to 1 and Reset flag ``SSS_HAVE_SCP_NONE`` to 0. - * To change SE05X_Auth option other than ``None`` and ``PlatfSCP03``, - * execute se05x_Delete_and_test_provision.exe in order to provision the Authentication Key. - * To change SE05X_Auth option to ``ECKey`` or ``ECKey_PlatfSCP03``, - * Set additional flag ``SSS_HAVE_HOSTCRYPTO_ANY`` to 1. - */ - -/** Use the default session (i.e. session less) login */ -#define SSS_HAVE_SE05X_AUTH_NONE 1 - -/** Do User Authentication with UserID */ -#define SSS_HAVE_SE05X_AUTH_USERID 0 - -/** Use Platform SCP for connection to SE */ -#define SSS_HAVE_SE05X_AUTH_PLATFSCP03 0 - -/** Do User Authentication with AES Key - * Earlier this was called AppletSCP03 */ -#define SSS_HAVE_SE05X_AUTH_AESKEY 0 - -/** Do User Authentication with EC Key - * Earlier this was called FastSCP */ -#define SSS_HAVE_SE05X_AUTH_ECKEY 0 - -/** UserID and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 0 - -/** AESKey and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 0 - -/** ECKey and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 0 - -#if (( 0 \ - + SSS_HAVE_SE05X_AUTH_NONE \ - + SSS_HAVE_SE05X_AUTH_USERID \ - + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY \ - + SSS_HAVE_SE05X_AUTH_ECKEY \ - + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ - ) > 1) -# error "Enable only one of 'SE05X_Auth'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SE05X_AUTH_NONE \ - + SSS_HAVE_SE05X_AUTH_USERID \ - + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY \ - + SSS_HAVE_SE05X_AUTH_ECKEY \ - + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ - ) == 0) -# error "Enable at-least one of 'SE05X_Auth'" -#endif - - - -/** A71CH_AUTH : A71CH Authentication - * - * This settings is used by SSS-API based examples to connect using either plain or authenticated to the A71CH. - */ - -/** Plain communication, not authenticated or encrypted */ -#define SSS_HAVE_A71CH_AUTH_NONE 1 - -/** SCP03 enabled */ -#define SSS_HAVE_A71CH_AUTH_SCP03 0 - -#if (( 0 \ - + SSS_HAVE_A71CH_AUTH_NONE \ - + SSS_HAVE_A71CH_AUTH_SCP03 \ - ) > 1) -# error "Enable only one of 'A71CH_AUTH'" -#endif - - -#if (( 0 \ - + SSS_HAVE_A71CH_AUTH_NONE \ - + SSS_HAVE_A71CH_AUTH_SCP03 \ - ) == 0) -# error "Enable at-least one of 'A71CH_AUTH'" -#endif - - -/* ====================================================================== * - * == Feature selection/values ========================================== * - * ====================================================================== */ - - -/** SE05X Secure Element : Symmetric AES */ -#define SSSFTR_SE05X_AES 1 - -/** SE05X Secure Element : Elliptic Curve Cryptography */ -#define SSSFTR_SE05X_ECC 1 - -/** SE05X Secure Element : RSA */ -#define SSSFTR_SE05X_RSA 1 - -/** SE05X Secure Element : KEY operations : SET Key */ -#define SSSFTR_SE05X_KEY_SET 1 - -/** SE05X Secure Element : KEY operations : GET Key */ -#define SSSFTR_SE05X_KEY_GET 1 - -/** SE05X Secure Element : Authenticate via ECKey */ -#define SSSFTR_SE05X_AuthECKey 1 - -/** SE05X Secure Element : Allow creation of user/authenticated session. - * - * If the intended deployment only uses Platform SCP - * Or it is a pure session less integration, this can - * save some code size. */ -#define SSSFTR_SE05X_AuthSession 0 - -/** SE05X Secure Element : Allow creation/deletion of Crypto Objects - * - * If disabled, new Crytpo Objects are neither created and - * old/existing Crypto Objects are not deleted. - * It is assumed that during provisioning phase, the required - * Crypto Objects are pre-created or they are never going to - * be needed. */ -#define SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ 1 - -/** Software : Symmetric AES */ -#define SSSFTR_SW_AES 1 - -/** Software : Elliptic Curve Cryptography */ -#define SSSFTR_SW_ECC 1 - -/** Software : RSA */ -#define SSSFTR_SW_RSA 1 - -/** Software : KEY operations : SET Key */ -#define SSSFTR_SW_KEY_SET 1 - -/** Software : KEY operations : GET Key */ -#define SSSFTR_SW_KEY_GET 1 - -/** Software : Used as a test counterpart - * - * e.g. Major part of the mebdTLS SSS layer is purely used for - * testing of Secure Element implementation, and can be avoided - * fully during many production scenarios. */ -#define SSSFTR_SW_TESTCOUNTERPART 1 - -/* ====================================================================== * - * == Computed Options ================================================== * - * ====================================================================== */ - -/** Symmetric AES */ -#define SSSFTR_AES (SSSFTR_SE05X_AES + SSSFTR_SW_AES) -/** Elliptic Curve Cryptography */ -#define SSSFTR_ECC (SSSFTR_SE05X_ECC + SSSFTR_SW_ECC) -/** RSA */ -#define SSSFTR_RSA (SSSFTR_SE05X_RSA + SSSFTR_SW_RSA) -/** KEY operations : SET Key */ -#define SSSFTR_KEY_SET (SSSFTR_SE05X_KEY_SET + SSSFTR_SW_KEY_SET) -/** KEY operations : GET Key */ -#define SSSFTR_KEY_GET (SSSFTR_SE05X_KEY_GET + SSSFTR_SW_KEY_GET) -/** KEY operations */ -#define SSSFTR_KEY (SSSFTR_KEY_SET + SSSFTR_KEY_GET) -/** KEY operations */ -#define SSSFTR_SE05X_KEY (SSSFTR_SE05X_KEY_SET + SSSFTR_SE05X_KEY_GET) -/** KEY operations */ -#define SSSFTR_SW_KEY (SSSFTR_SW_KEY_SET + SSSFTR_SW_KEY_GET) - - -#define SSS_HAVE_APPLET \ - (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CL | SSS_HAVE_APPLET_A71CH_SIM | SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C | SSS_HAVE_APPLET_SE05X_L | SSS_HAVE_APPLET_LOOPBACK) - -#define SSS_HAVE_APPLET_SE05X_IOT \ - (SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C) - -#define SSS_HAVE_MBEDTLS_ALT \ - (SSS_HAVE_MBEDTLS_ALT_SSS | SSS_HAVE_MBEDTLS_ALT_A71CH) - -#define SSS_HAVE_HOSTCRYPTO_ANY \ - (SSS_HAVE_HOSTCRYPTO_MBEDTLS | SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO | SSS_HAVE_HOSTCRYPTO_OPENSSL | SSS_HAVE_HOSTCRYPTO_USER) - -#define SSS_HAVE_FIPS \ - (SSS_HAVE_FIPS_SE050 | SSS_HAVE_FIPS_140_2 | SSS_HAVE_FIPS_140_3) - - -/* Version checks GTE - Greater Than Or Equal To */ -#if SSS_HAVE_APPLET_SE05X_IOT -# if SSS_HAVE_SE05X_VER_06_00 -# define SSS_HAVE_SE05X_VER_GTE_06_00 1 -# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 -# endif /* SSS_HAVE_SE05X_VER_06_00 */ -# if SSS_HAVE_SE05X_VER_03_XX -# define SSS_HAVE_SE05X_VER_GTE_06_00 0 -# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 -# endif /* SSS_HAVE_SE05X_VER_03_XX */ -#else //SSS_HAVE_APPLET_SE05X_IOT -# define SSS_HAVE_SE05X_VER_GTE_03_XX 0 -# define SSS_HAVE_SE05X_VER_GTE_06_00 0 -#endif // SSS_HAVE_APPLET_SE05X_IOT -/** Deprecated items. Used here for backwards compatibility. */ - -#define WithApplet_SE05X (SSS_HAVE_APPLET_SE05X_IOT) -#define WithApplet_SE050_A (SSS_HAVE_APPLET_SE05X_A) -#define WithApplet_SE050_B (SSS_HAVE_APPLET_SE05X_B) -#define WithApplet_SE050_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE050_A (SSS_HAVE_APPLET_SE05X_A) -#define SSS_HAVE_SE050_B (SSS_HAVE_APPLET_SE05X_B) -#define SSS_HAVE_SE050_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE05X (SSS_HAVE_APPLET_SE05X_IOT) -#define SSS_HAVE_SE (SSS_HAVE_APPLET) -#define SSS_HAVE_LOOPBACK (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_ALT (SSS_HAVE_MBEDTLS_ALT) -#define WithApplet_None (SSS_HAVE_APPLET_NONE) -#define SSS_HAVE_None (SSS_HAVE_APPLET_NONE) -#define WithApplet_A71CH (SSS_HAVE_APPLET_A71CH) -#define SSS_HAVE_A71CH (SSS_HAVE_APPLET_A71CH) -#define WithApplet_A71CL (SSS_HAVE_APPLET_A71CL) -#define SSS_HAVE_A71CL (SSS_HAVE_APPLET_A71CL) -#define WithApplet_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) -#define SSS_HAVE_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) -#define WithApplet_SE05X_A (SSS_HAVE_APPLET_SE05X_A) -#define SSS_HAVE_SE05X_A (SSS_HAVE_APPLET_SE05X_A) -#define WithApplet_SE05X_B (SSS_HAVE_APPLET_SE05X_B) -#define SSS_HAVE_SE05X_B (SSS_HAVE_APPLET_SE05X_B) -#define WithApplet_SE05X_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE05X_C (SSS_HAVE_APPLET_SE05X_C) -#define WithApplet_SE05X_L (SSS_HAVE_APPLET_SE05X_L) -#define SSS_HAVE_SE05X_L (SSS_HAVE_APPLET_SE05X_L) -#define WithApplet_LoopBack (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_LoopBack (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_MBEDTLS (SSS_HAVE_HOSTCRYPTO_MBEDTLS) -#define SSS_HAVE_MBEDCRYPTO (SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO) -#define SSS_HAVE_OPENSSL (SSS_HAVE_HOSTCRYPTO_OPENSSL) -#define SSS_HAVE_USER (SSS_HAVE_HOSTCRYPTO_USER) -#define SSS_HAVE_NONE (SSS_HAVE_HOSTCRYPTO_NONE) -#define SSS_HAVE_ALT_SSS (SSS_HAVE_MBEDTLS_ALT_SSS) -#define SSS_HAVE_ALT_A71CH (SSS_HAVE_MBEDTLS_ALT_A71CH) -#define SSS_HAVE_ALT_NONE (SSS_HAVE_MBEDTLS_ALT_NONE) -#define SSS_HAVE_SE05X_Auth_None (SSS_HAVE_SE05X_AUTH_NONE) -#define SSS_HAVE_SE05X_Auth_UserID (SSS_HAVE_SE05X_AUTH_USERID) -#define SSS_HAVE_SE05X_Auth_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_AESKey (SSS_HAVE_SE05X_AUTH_AESKEY) -#define SSS_HAVE_SE05X_Auth_ECKey (SSS_HAVE_SE05X_AUTH_ECKEY) -#define SSS_HAVE_SE05X_Auth_UserID_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_AESKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_ECKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) - -/* # CMake Features : END */ - -/* ========= Miscellaneous values : START =================== */ - -/* ECC Mode is available */ -#define SSS_HAVE_ECC 1 - -/* RSA is available */ -#define SSS_HAVE_RSA 1 - -/* TPM BARRETO_NAEHRIG Curve is enabled */ -#define SSS_HAVE_TPM_BN 1 - -/* Edwards Curve is enabled */ -#define SSS_HAVE_EC_ED 1 - -/* Montgomery Curve is enabled */ -#define SSS_HAVE_EC_MONT 1 - -/* MIFARE DESFire is enabled */ -#define SSS_HAVE_MIFARE_DESFIRE 1 - -/* PBKDF2 is enabled */ -#define SSS_HAVE_PBKDF2 1 - -/* TLS handshake support on SE is enabled */ -#define SSS_HAVE_TLS_HANDSHAKE 1 - -/* Import Export Key is enabled */ -#define SSS_HAVE_IMPORT 1 - -/* With NXP NFC Reader Library */ -#define SSS_HAVE_NXPNFCRDLIB 0 - -#define SSS_HAVE_A71XX \ - (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CH_SIM) - -#define SSS_HAVE_SSCP (SSS_HAVE_A71XX) - -/* For backwards compatibility */ -#define SSS_HAVE_TESTCOUNTERPART (SSSFTR_SW_TESTCOUNTERPART) - -/* ========= Miscellaneous values : END ===================== */ - -/* ========= Calculated values : START ====================== */ - -/* Should we expose, SSS APIs */ -#define SSS_HAVE_SSS ( 0 \ - + SSS_HAVE_SSCP \ - + SSS_HAVE_APPLET_SE05X_IOT \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_USER \ - ) - -/* MBEDCRYPTO is superset of MBEDTLS and exposing that way */ -#if SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO -# undef SSS_HAVE_MBEDTLS -# undef SSS_HAVE_HOSTCRYPTO_MBEDTLS - -# define SSS_HAVE_MBEDTLS 1 -# define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 -#endif // SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO - -#if SSS_HAVE_HOSTCRYPTO_NONE -# undef SSSFTR_SE05X_AuthSession -# define SSSFTR_SE05X_AuthSession 0 -#endif - -/* Montgomery curves is not supported in SE05X_A*/ -#if SSS_HAVE_APPLET_SE05X_A -# undef SSS_HAVE_EC_MONT -# define SSS_HAVE_EC_MONT 0 -/* ED is not supported in SE050_A */ -#if SSS_HAVE_SE05X_VER_03_XX -# undef SSS_HAVE_EC_ED -# define SSS_HAVE_EC_ED 0 -#endif -#endif - -#if SSS_HAVE_RSA -# define SSS_HAVE_RSA_4K 1 -#endif - -#if SSS_HAVE_ECC -# define SSS_HAVE_EC_NIST_192 1 -# define SSS_HAVE_EC_NIST_224 1 -# define SSS_HAVE_EC_NIST_256 1 -# define SSS_HAVE_EC_NIST_384 1 -# define SSS_HAVE_EC_NIST_521 1 -# define SSS_HAVE_EC_BP 1 -# define SSS_HAVE_EC_NIST_K 1 -# define SSS_HAVE_ECDAA 1 -# define SSS_HAVE_EDDSA 1 -#if SSS_HAVE_APPLET_SE05X_A -# undef SSS_HAVE_ECDAA -# undef SSS_HAVE_EDDSA -# define SSS_HAVE_ECDAA 0 -# define SSS_HAVE_EDDSA 0 -#endif -#endif - -#if SSS_HAVE_APPLET -#define SSS_HAVE_HASH_1 1 -#define SSS_HAVE_HASH_224 1 -#define SSS_HAVE_HASH_512 1 -#endif - - -/* ========= Calculated values : END ======================== */ - -/* clang-format on */ - -#endif /* SSS_APIS_INC_FSL_SSS_FTR_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h deleted file mode 100644 index 51aaf715b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h +++ /dev/null @@ -1,114 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef APPLET_SE050_VERSION_INFO_H_INCLUDED -#define APPLET_SE050_VERSION_INFO_H_INCLUDED - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -/* clang-format off */ -//#define APPLET_SE050_PROD_NAME "Applet_SE050" -//#define APPLET_SE050_VER_STRING_NUM "v03.01.00" -//#define APPLET_SE050_PROD_NAME_VER_FULL "Applet_SE050_v03.01.00" - -#if SSS_HAVE_SE05X_VER_04_04 == 1 -# define APPLET_SE050_VER_MAJOR (4u) -# define APPLET_SE050_VER_MINOR (4u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_04_08 == 1 -# define APPLET_SE050_VER_MAJOR (4u) -# define APPLET_SE050_VER_MINOR (8u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_04_12 == 1 -# define APPLET_SE050_VER_MAJOR (4u) -# define APPLET_SE050_VER_MINOR (12u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_00 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (0u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_02 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (2u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_04 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (4u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_08 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (8u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_10 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (10u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_12 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (12u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_06_00 == 1 -# define APPLET_SE050_VER_MAJOR (6u) -# define APPLET_SE050_VER_MINOR (0u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_FIPS -# define APPLET_SE050_VER_MAJOR (3u) -# define APPLET_SE050_VER_MINOR (6u) -# define APPLET_SE050_VER_DEV (0u) -#else -# define APPLET_SE050_VER_MAJOR (3u) -# define APPLET_SE050_VER_MINOR (1u) -# define APPLET_SE050_VER_DEV (0u) -# define APPLET_SE050_VER_DEV_PATCH1 (1u) /* Allow this as well */ -#endif - - -/* v03.01 = 30001u */ -#define APPLET_SE050_VER_MAJOR_MINOR ( 0 \ - | (APPLET_SE050_VER_MAJOR * 10000u) \ - | (APPLET_SE050_VER_MINOR)) - -/* v03.01.00 = 300010000ULL */ -#define APPLET_SE050_VER_MAJOR_MINOR_DEV ( 0 \ - | (APPLET_SE050_VER_MAJOR * 10000*10000u) \ - | (APPLET_SE050_VER_MINOR * 10000u) \ - | (APPLET_SE050_VER_DEV)) - -/* clang-format on */ - -/* Version Information: - * Generated by: - * ..\..\..\scripts\version_info.py (v2019.01.17_00) - * - * Do not edit this file. Update: - * ./version_info.txt instead. - * - * - * prod_name = "Applet_SE050" - * - * prod_desc = "Applet AR6" - * - * lang_c_prefix = prod_name.upper() - * - * lang_namespace = "" - * - * v_major = "03" - * - * v_minor = "01" - * - * v_dev = "00" - * - * v_meta = "" - * - * maturity = "P" - * - */ - -#endif /* APPLET_SE050_VERSION_INFO_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h deleted file mode 100644 index 52d7966be..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h +++ /dev/null @@ -1,63 +0,0 @@ -/* Copyright 2019-2021 NXP - * - * SPDX-License-Identifier: Apache-2.0 - * - * - */ - -#ifndef PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED -#define PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED - - -/* clang-format off */ -#define PLUGANDTRUST_HOSTLIB_PROD_NAME "PlugAndTrust_HostLib" -#define PLUGANDTRUST_HOSTLIB_VER_STRING_NUM "v03.03.00_20210528" -#define PLUGANDTRUST_HOSTLIB_PROD_NAME_VER_FULL "PlugAndTrust_HostLib_v03.03.00_20210528" -#define PLUGANDTRUST_HOSTLIB_VER_MAJOR (3u) -#define PLUGANDTRUST_HOSTLIB_VER_MINOR (3u) -#define PLUGANDTRUST_HOSTLIB_VER_DEV (0u) - -/* v03.03 = 30003u */ -#define PLUGANDTRUST_HOSTLIB_VER_MAJOR_MINOR ( 0 \ - | (PLUGANDTRUST_HOSTLIB_VER_MAJOR * 10000u) \ - | (PLUGANDTRUST_HOSTLIB_VER_MINOR)) - -/* v03.03.00 = 300030000ULL */ -#define PLUGANDTRUST_HOSTLIB_VER_MAJOR_MINOR_DEV ( 0 \ - | (PLUGANDTRUST_HOSTLIB_VER_MAJOR * 10000*10000u) \ - | (PLUGANDTRUST_HOSTLIB_VER_MINOR * 10000u) \ - | (PLUGANDTRUST_HOSTLIB_VER_DEV)) - -/* clang-format on */ - - -/* Version Information: - * Generated by: - * scripts\version_info.py (v2019.01.17_00) - * - * Do not edit this file. Update: - * hostlib/version_info.txt instead. - * - * - * prod_name = "PlugAndTrust_HostLib" - * - * prod_desc = "Host Library" - * - * lang_c_prefix = prod_name.upper() - * - * lang_namespace = "" - * - * v_major = "03" - * - * v_minor = "03" - * - * v_dev = "00" - * - * v_meta = "" - * - * maturity = "B" - * - * - */ - -#endif /* PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h deleted file mode 100644 index 619970855..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Copyright 2019-2021 NXP - * - * SPDX-License-Identifier: Apache-2.0 - * - * - */ - -#ifndef PLUGANDTRUST_VERSION_INFO_H_INCLUDED -#define PLUGANDTRUST_VERSION_INFO_H_INCLUDED - - -/* clang-format off */ -#define PLUGANDTRUST_PROD_NAME "PlugAndTrust" -#define PLUGANDTRUST_VER_STRING_NUM "v03.03.00_20210528" -#define PLUGANDTRUST_PROD_NAME_VER_FULL "PlugAndTrust_v03.03.00_20210528" -#define PLUGANDTRUST_VER_MAJOR (3u) -#define PLUGANDTRUST_VER_MINOR (3u) -#define PLUGANDTRUST_VER_DEV (0u) - -/* v03.03 = 30003u */ -#define PLUGANDTRUST_VER_MAJOR_MINOR ( 0 \ - | (PLUGANDTRUST_VER_MAJOR * 10000u) \ - | (PLUGANDTRUST_VER_MINOR)) - -/* v03.03.00 = 300030000ULL */ -#define PLUGANDTRUST_VER_MAJOR_MINOR_DEV ( 0 \ - | (PLUGANDTRUST_VER_MAJOR * 10000*10000u) \ - | (PLUGANDTRUST_VER_MINOR * 10000u) \ - | (PLUGANDTRUST_VER_DEV)) - -/* clang-format on */ - - -/* Version Information: - * Generated by: - * scripts\version_info.py (v2019.01.17_00) - * - * Do not edit this file. Update: - * ./version_info.txt instead. - * - * prod_name = "PlugAndTrust" - * - * prod_desc = "Plug And Trust Package" - * - * lang_c_prefix = prod_name.upper() - * - * lang_namespace = "" - * - * v_major = "03" - * - * v_minor = "03" - * - * v_dev = "00" - * - * # Develop Branch - * v_meta = "" - * - * maturity = "B" - * - */ - -#endif /* PLUGANDTRUST_VERSION_INFO_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h deleted file mode 100644 index a58a75f22..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h +++ /dev/null @@ -1,279 +0,0 @@ -/* -* -* Copyright 2019 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -/** @file - * - * @addtogroup param_check - * - * @{ - * - * nxEnsure.h: Helper parameter assertion check macros. - * - * Pre Condition: The source file must have included nxLog - * header file. - * - * Project: SecureIoTMW - * - * - */ - -#ifndef HOSTLIB_HOSTLIB_INC_NXENSURE_H_ -#define HOSTLIB_HOSTLIB_INC_NXENSURE_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -/** Build time over-ride if we want to enable/disable Warning Prints - * - * During debug builds, it makes sense to print them, - * During retail builds, such loggings would be of any use and remove and reduce code size. - * - */ -#ifndef NX_ENSURE_DO_LOG_MESSAGE -#define NX_ENSURE_DO_LOG_MESSAGE 1 -#endif /* NX_ENSURE_DO_LOG_MESSAGE */ - -/** - * @brief Waring print of the parameter ``strCONDITION`` - * - * @warning NX_ENSURE_MESSAGE is an internal message/API to this file. - * Do not use directly. - * - */ -#if NX_ENSURE_DO_LOG_MESSAGE -# define NX_ENSURE_MESSAGE(strCONDITION) \ - LOG_W("nxEnsure:'" strCONDITION "' failed. At Line:%d Function:%s", __LINE__, __FUNCTION__) -#else /* NX_ENSURE_DO_LOG_MESSAGE */ -# define NX_ENSURE_MESSAGE(strCONDITION) /* No Message */ -#endif /* NX_ENSURE_DO_LOG_MESSAGE */ - -/** - * @brief Waring print of the parameter ``strCONDITION`` - * - * @warning NX_ENSURE_MESSAGE is an internal message/API to this file. - * Do not use directly. - * - */ -#if NX_ENSURE_DO_LOG_MESSAGE -# define NX_ENSURE_MESSAGE(strCONDITION) \ - LOG_W("nxEnsure:'" strCONDITION "' failed. At Line:%d Function:%s", __LINE__, __FUNCTION__) -#else /* NX_ENSURE_DO_LOG_MESSAGE */ -# define NX_ENSURE_MESSAGE(strCONDITION) /* No Message */ -#endif /* NX_ENSURE_DO_LOG_MESSAGE */ - -/** If condition fails, goto :cleanup label - * - * @code{.c} - * - * { - * ... - * - * status = Operation1(); - * ENSURE_OR_GO_CLEANUP(0 == status); - * - * status = Operation2(); - * ENSURE_OR_GO_CLEANUP(0 == status); - * - * ... - * - * cleanup: - * return status; - * } - * - * @endcode - * - */ -#define ENSURE_OR_GO_CLEANUP(CONDITION) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - goto cleanup; \ - } - -/** If condition fails, goto :exit label - * - * @code{.c} - * - * { - * ... - * - * status = Operation1(); - * ENSURE_OR_GO_EXIT(0 == status); - * - * status = Operation2(); - * ENSURE_OR_GO_EXIT(0 == status); - * - * ... - * - * exit: - * return status; - * } - * - * @endcode - * - */ -#define ENSURE_OR_GO_EXIT(CONDITION) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - goto exit; \ - } - -/** If condition fails, break. - * - * Sample Usage: - * - * @code{.c} - * - * int SomeAPI() - * { - * ... - * - * do { - * status = Operation1(); - * ENSURE_OR_BREAK(0 == status); - * - * status = Operation2(); - * ENSURE_OR_BREAK(0 == status); - * - * ... - * - * } while(0); - * - * return status; - * } - * - * @endcode - * - */ -#define ENSURE_OR_BREAK(CONDITION) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - break; \ - } - -/** If condition fails, return - * - * - * @code{.c} - * - * void SomeAPI() - * { - * ... - * - * status = Operation1(); - * ENSURE_OR_RETURN(0 == status); - * - * status = Operation2(); - * ENSURE_OR_RETURN(0 == status); - * - * ... - * - * return; - * } - * - * @endcode - * - * @warning This macro introduces system of mutliple - * returns from a function which is not - * easy to debug/trace through and hence - * not recommended. - * - */ -#define ENSURE_OR_RETURN(CONDITION) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - return; \ - } - -/** If condition fails, return - * - * - * @code{.c} - * - * int SomeAPI() - * { - * ... - * - * status = Operation1(); - * ENSURE_OR_RETURN_ON_ERROR(0 == status, ERR_FAIL); - * - * status = Operation2(); - * ENSURE_OR_RETURN_ON_ERROR(0 == status, ERR_NOT_ENOUGH_SPACE); - * - * ... - * - * return 0; - * } - * - * @endcode - * - * @warning This macro introduces system of mutliple - * returns from a function which is not - * easy to debug/trace through and hence - * not recommended. - * - */ -#define ENSURE_OR_RETURN_ON_ERROR(CONDITION, RETURN_VALUE) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - return RETURN_VALUE; \ - } - -/** If condition fails, goto quit with return value status updated. - * - * - * @code{.c} - * - * int SomeAPI() - * { - int status = 0; - * ... - * - * value = Operation1(); - * ENSURE_OR_QUIT_WITH_STATUS_ON_ERROR(0 == value, status, ERR_FAIL); - * - * value = Operation2(); - * ENSURE_OR_QUIT_WITH_STATUS_ON_ERROR(0 == value, status, ERR_NOT_ENOUGH_SPACE); - * - * ... - * quit: - * return status; - * } - * - * @endcode - * - * @warning This macro introduces system of mutliple - * returns from a function which is not - * easy to debug/trace through and hence - * not recommended. - * - */ -#define ENSURE_OR_EXIT_WITH_STATUS_ON_ERROR(CONDITION, STATUS, RETURN_VALUE) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - STATUS = RETURN_VALUE; \ - goto exit; \ - } - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ - -/** @} */ - -#endif /* HOSTLIB_HOSTLIB_INC_NXENSURE_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h deleted file mode 100644 index a37357e3f..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h +++ /dev/null @@ -1,90 +0,0 @@ -/* -* -* Copyright 2018 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef NXSCP03_APIS_H_ -#define NXSCP03_APIS_H_ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "nxScp03_Types.h" -#include "nxScp03_Const.h" - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** -* To Secure the on going communicatation -*/ - -/** -* To Verify SE -*/ -sss_status_t nxScp03_HostLocal_VerifyCardCryptogram( - sss_object_t *keyObj, uint8_t *hostChallenge, uint8_t *cardChallenge, uint8_t *cardCryptogram); - -/** -* To Verify Host -*/ -sss_status_t nxScp03_HostLocal_CalculateHostCryptogram( - sss_object_t *keyObj, uint8_t *hostChallenge, uint8_t *cardChallenge, uint8_t *hostCryptogram); - -/** -* To sending secure Command APDU -*/ -sss_status_t nxSCP03_Encrypt_CommandAPDU( - NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *cmdBuf, size_t *cmdBufLen); -/** -* To provide additional Security with MAC as CRC -*/ -sss_status_t nxpSCP03_CalculateMac_CommandAPDU( - NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *pCmdBuf, size_t pCmdBufLen, uint8_t *mac, size_t *macLen); - -/** -* To get Plain Response APDU -*/ -uint16_t nxpSCP03_Decrypt_ResponseAPDU( - NXSCP03_DynCtx_t *pdySCP03SessCtx, size_t cmdBufLen, uint8_t *rspBuf, size_t *pRspBufLen, uint8_t hasle); - -/* -* To set the derivation data -*/ -void nxScp03_setDerivationData( - uint8_t ddA[], uint16_t *pDdALen, uint8_t ddConstant, uint16_t ddL, uint8_t iCounter, uint8_t *context, uint16_t contextLen); - -/** -* To Generate Session Keys -*/ -sss_status_t nxScp03_Generate_SessionKey( - sss_object_t *keyObj, uint8_t *inData, uint32_t inDataLen, uint8_t *outSignature, uint32_t *outSignatureLen); - -/** -* To Maintain count of commands -*/ -void nxpSCP03_Inc_CommandCounter(NXSCP03_DynCtx_t *pdySCP03SessCtx); - -#ifdef __cplusplus -} /* extern "c"*/ -#endif - -#endif /* NXSCP03_APIS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h deleted file mode 100644 index 26890fa45..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h +++ /dev/null @@ -1,97 +0,0 @@ -/* -* -* Copyright 2018 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef NXSCP03_CONST_H_ -#define NXSCP03_CONST_H_ -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#define SCP_GP_IU_KEY_DIV_DATA_LEN 10 //!< SCP GP Init Update key Div length -#define SCP_GP_IU_KEY_INFO_LEN 3 //!< SCP GP Init Update key info length -#define SCP_GP_CARD_CHALLENGE_LEN 8 //!< SCP GP Card Challenge length -#define SCP_GP_HOST_CHALLENGE_LEN 8 //!< SCP GP Host Challenge length -#define SCP_GP_IU_CARD_CRYPTOGRAM_LEN 8 //!< SCP GP Card Cryptogram length -#define SCP_GP_IU_SEQ_COUNTER_LEN 3 //!< SCP GP Init Update Sequence Counter length -#define SCP_GP_SW_LEN 2 //!< SCP Status Word length -#define CRYPTO_KEY_CHECK_LEN (3) //!< SCP key check length - -#define ASN_ECC_NIST_256_HEADER_LEN 26 -#define KEY_PARAMETER_REFERENCE_TAG 0xF0 -#define KEY_PARAMETER_REFERENCE_VALUE_LEN 0x01 // Fixed for Nist256key -#define KEY_PARAMETER_REFERENCE_VALUE 0x03 // key parameter value need to check in the spec it is 00 -#define GPCS_KEY_TYPE_ECC_NIST256 0xB0 -#define GPCS_KEY_TYPE_AES 0x88 -#define GPCS_KEY_LEN_AES 16 - -#define SCP_ID 0xAB -#define SCP_CONFIG 0x01 - -#define SCP_MCV_LEN 16 // MAC Chaining Length - -#define CLA_ISO7816 (0x00) //!< ISO7816-4 defined CLA byte -#define CLA_GP_7816 (0x80) //!< GP 7816-4 defined CLA byte -#define CLA_GP_SECURITY_BIT (0x04) //!< GP CLA Security bit - -#define INS_GP_INITIALIZE_UPDATE (0x50) //!< Global platform defined instruction -#define INS_GP_EXTERNAL_AUTHENTICATE (0x82) //!< Global platform defined instruction -#define INS_GP_SELECT (0xA4) //!< Global platform defined instruction -#define INS_GP_PUT_KEY (0xD8) //!< Global platform defined instruction -#define INS_GP_INTERNAL_AUTHENTICATE (0x88) //!< Global platform defined instruction -#define INS_GP_GET_DATA (0xCA) //!< Global platform defined instruction -#define P1_GP_GET_DATA (0xBF) //!< Global platform defined instruction -#define P2_GP_GET_DATA (0x21) //!< Global platform defined instruction - -/* Sizes used in SCP */ -#define AES_KEY_LEN_nBYTE (16) //!< AES key length - -#define SCP_KEY_SIZE (16) -#define SCP_CMAC_SIZE (16) // length of the CMAC calculated (and used as MAC chaining value) -#define SCP_IV_SIZE (16) // length of the Inital Vector -#define SCP_COMMAND_MAC_SIZE (8) // length of the MAC appended in the APDU payload (8 'MSB's) - -#define DATA_CARD_CRYPTOGRAM (0x00) //!< Data card cryptogram -#define DATA_HOST_CRYPTOGRAM (0x01) //!< Data host cryptogram -#define DATA_DERIVATION_SENC (0x04) //!< Data Derivation to generate Sess ENC Key -#define DATA_DERIVATION_SMAC (0x06) //!< Data Derivation to generate Sess MAC Key -#define DATA_DERIVATION_SRMAC (0x07) //!< Data Derivation to generate Sess RMAC Key -#define DATA_DERIVATION_INITIAL_MCV (0x08)//!< Data Derivation to generate Initial MCV -#define DATA_DERIVATION_L_64BIT (0x0040) //!< Data Derivation length -#define DATA_DERIVATION_L_128BIT (0x0080) //!< Data Derivation length -#define DATA_DERIVATION_KDF_CTR (0x01) //!< Data Derivation counter - -#define DD_LABEL_LEN 12 //!< Data Derivation length - -/* defines used to indicate the command type */ -#define C_MAC (0x01) //!< C MAC security -#define C_ENC (0x02) //!< C ENC security -#define R_MAC (0x10) //!< R MAC security -#define R_ENC (0x20) //!< R ENC security - -#define SECLVL_CDEC_RENC_CMAC_RMAC (0x33) //!< Full security - -#define SCP_DATA_PAD_BYTE 0x80 //!< Data Pad Byte - -#define CMAC_SIZE (8) //!< CMAC Compare size - -#define SCP_OK (SW_OK) -#define SCP_UNDEFINED_CHANNEL_ID (0x7041) //!< Undefined SCP channel identifier -#define SCP_FAIL (0x7042) //!< Undefined SCP channel identifier -#define SCP_CARD_CRYPTOGRAM_FAILS_TO_VERIFY (0x7043) //!< Undefined SCP channel identifier -#define SCP_PARAMETER_ERROR (0x7044) //!< Undefined SCP channel identifier - -#define NO_C_MAC_NO_C_ENC_NO_R_MAC_NO_R_ENC 0 //!< No security requested -#define C_MAC_NO_C_ENC_R_MAC_NO_R_ENC (C_MAC | R_MAC) //!< One apply MAC'ing (Not implemented) -#define C_MAC_C_ENC_R_MAC_R_ENC (C_MAC | C_ENC | R_MAC | R_ENC) //!< Apply full security -#define SECURITY_LEVEL C_MAC_C_ENC_R_MAC_R_ENC - -#define APPLET_SCP_INIT_UPDATE_LEN 0x0D //!< Applet SCP Initialize Update Length -#define APPLET_SCP_EXT_AUTH_LEN 0x15 //!< Applet SCP External Authenticate Length - -#endif /*NXSCP03_CONST_H_*/ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h deleted file mode 100644 index 0ce5df623..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h +++ /dev/null @@ -1,306 +0,0 @@ -/* -* -* Copyright 2018,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef NXSCP03_TYPES_H_ -#define NXSCP03_TYPES_H_ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ -#include -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_MBEDTLS -#include -#endif -#if SSS_HAVE_OPENSSL -#include -#endif -#if SSS_HAVE_HOSTCRYPTO_USER -# include -#endif - -#include "sm_api.h" -#if SSS_HAVE_SSCP -#include "fsl_sscp_a71ch.h" -#endif - -typedef enum -{ - kSSS_AuthType_None = 0, - /** Global platform SCP03 */ - kSSS_AuthType_SCP03 = 1, - /** (e.g. SE05X) UserID based connection */ - kSSS_AuthType_ID = 2, - - /** (e.g. SE05X) Use AESKey for user authentication - * - * Earlier this was called kSSS_AuthType_AppletSCP03 - */ - kSSS_AuthType_AESKey = 3, - /** (e.g. SE05X) Use ECKey for user authentication - * - * Earlier this was called kSSS_AuthType_FastSCP - */ - kSSS_AuthType_ECKey = 4, - - /* ================ Internal ======================= */ - /* Not to be selected by end user... directly */ - - /** - * Used internally, not to be set/used by user. - * - * For the versions of the applet where we have to add - * the a counter during KDF. - */ - kSSS_AuthType_INT_ECKey_Counter = 0x14, - - kSSS_SIZE = 0x7FFFFFFF, -} SE_AuthType_t; - -#define kSSS_AuthType_INT_FastSCP_Counter kSSS_AuthType_INT_ECKey_Counter -#define kSSS_AuthType_FastSCP_Counter kSSS_AuthType_INT_ECKey_Counter -#define kSSS_AuthType_FastSCP kSSS_AuthType_ECKey -#define kSSS_AuthType_AppletSCP03 kSSS_AuthType_AESKey - -/** - * Dynamic SCP03 Context. - * - * This structure is filled **after** establishing - * an SCP03 session. - */ -typedef struct -{ - sss_object_t Enc; //!< session channel encryption key - sss_object_t Mac; //!< session command authentication key - sss_object_t Rmac; //!< session response authentication key - uint8_t MCV[16]; //!< MAC chaining value - uint8_t cCounter[16]; //!< command counter - uint8_t SecurityLevel; //!< security level set - - /** Handle differnt types of auth.. PlatformSCP / AppletSCP */ - SE_AuthType_t authType; -} NXSCP03_DynCtx_t; - -/** - * Static SCP03 Context. - * - * This structure is filled **before** establishing - * an SCP03 session. - * - * Depending on system, these objects may point to keys - * inside other security system. - */ -typedef struct -{ - /** Key version no to use for chanel - authentication in SCP03 */ - uint8_t keyVerNo; - /** Encryption key object */ - sss_object_t Enc; - sss_object_t Mac; //!< static secure channel authentication key obj - sss_object_t Dek; //!< data encryption key obj -} NXSCP03_StaticCtx_t; - -/** -* Static and Dynamic Context in one Context. -* -* -* Depending on system, these objects may point to keys -* inside other security system. -*/ -typedef struct -{ - NXSCP03_StaticCtx_t *pStatic_ctx; //!< .static keys data - NXSCP03_DynCtx_t *pDyn_ctx; //!< session keys data -} NXSCP03_AuthCtx_t; - -/** Static part of keys for FAST SCP */ -typedef struct -{ - /** Host ECDSA Private key */ - sss_object_t HostEcdsaObj; - /** Host ephemeral ECC key pair */ - sss_object_t HostEcKeypair; - /** SE ECC public key */ - sss_object_t SeEcPubKey; - /** Host master Secret */ - sss_object_t masterSec; -} NXECKey03_StaticCtx_t; - -/** Keys to connect for a ECKey Connection */ -typedef struct -{ - /** The Input/Static part of the ECKey Authentication - * - * We start/initiate a session with the keys here. - */ - NXECKey03_StaticCtx_t *pStatic_ctx; - /** The Dynamic part of the ECKey Authentication - * - * We derive/compute the session keys based on the - * ``pStatic_ctx``. - */ - NXSCP03_DynCtx_t *pDyn_ctx; // session keys data -} SE05x_AuthCtx_ECKey_t; - -/** UseID / PIN baed authentication object - * - * This is required to open an UserID / PIN based session to the SE. - */ -typedef struct -{ - /** The corresponding authentication object on the Host */ - sss_object_t * pObj; -} SE05x_AuthCtx_ID_t; - - -/** Legacy, only for A71CH with Host Crypto */ -typedef struct -{ - sss_object_t pKeyEnc; //!< SSS AES Enc Key object - sss_object_t pKeyMac; //!< SSS AES Mac Key object - sss_object_t pKeyDek; //!< SSS AES Dek Key object -} SM_SECURE_SCP03_KEYOBJ; - -/** Authentication mechanims */ -typedef struct _SE_AuthCtx -{ - /** How exactly we are going to authenticat ot the system. - * - * Since ``ctx`` is a union, this is needed to know exactly how - * we are going to authenticate. - */ - - SE_AuthType_t authType; - - /** Depending on ``authType``, the input and output parameters. - * - * This has both input and output parameters. - * - * Input is for Keys that are used to initiate the connection. - * While connecting, session keys/parameters are generated and they - * are also part of this context. - * - * In any case, we connect to only one type - */ - union { - /** For PlatformSCP / Applet SCP. - * - * Same SCP context will be used for platform and applet scp03 */ - NXSCP03_AuthCtx_t scp03; - - /** For ECKey */ - SE05x_AuthCtx_ECKey_t eckey; - - /** For UserID/PIN based based Authentication */ - SE05x_AuthCtx_ID_t idobj; - - /** Legacy, only for A71CH with Host Crypto */ - SM_SECURE_SCP03_KEYOBJ a71chAuthKeys; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_AUTH_MAX_CONTEXT_SIZE]; - } extension; - } ctx; -} SE_AuthCtx_t; - -/** - * When connecting to a secure element, - * - * Extension of sss_connect_ctx_t - */ -typedef struct -{ - /** to support binary compatibility/check, sizeOfStucture helps */ - uint16_t sizeOfStucture; - /** If we need to authenticate, add required objects for authentication */ - SE_AuthCtx_t auth; - /** If some policy restrictions apply when we connect, point it here */ - sss_policy_session_u *session_policy; - - /* =================================== */ - /* Implementation specific part starts */ - /* =================================== */ - - /** If we connect logically, via some software layer */ - sss_tunnel_t *tunnelCtx; - - /** How exactly are we going to connect physically */ - SSS_Conn_Type_t connType; - - /** Connection port name for Socket names, etc. */ - const char *portName; - - /** 12C address on embedded devices. */ - U32 i2cAddress; - - /** If we need to refresh session, SE050 specific */ - uint8_t refresh_session : 1; - - /** In the case of Key Rotation, and other use cases - * where we do not select the IoT Applet and skip - * the selection of the IoT Applet. - * - * One of the use cases is to do platform SCP - * key rotation. - * - * When set to 0: - * Do not skip IoT Applet selection and run as-is. - * - * When set to 1: - * Skip selection of card manager. - * Skip selection of Applet. - * - * Internally, if there is platform SCP selected as - * Auth mechanism during compile time, the internal - * logic would Select the card manager. But, - * skip selection of the Applet. - * - */ - uint8_t skip_select_applet : 1; -} SE_Connect_Ctx_t; - -/** Wrapper strucutre sss_connect_ctx_t */ -typedef struct -{ - /** To support binary compatibility/check, sizeOfStucture helps */ - uint16_t sizeOfStucture; - /** If we need to authenticate, add required objects for authentication */ - SE_AuthCtx_t auth; - /** If some policy restrictions apply when we connect, point it here */ - sss_policy_session_u *session_policy; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_CONNECT_MAX_CONTEXT_SIZE]; - } extension; -} sss_connect_ctx_t; - -/* Deprecated */ - -#define SE05x_AuthCtx_t SE_AuthCtx_t - -#define kSE05x_AuthType_None kSSS_AuthType_None -#define kSE05x_AuthType_SCP03 kSSS_AuthType_SCP03 -#define kSE05x_AuthType_UserID kSSS_AuthType_ID -#define kSE05x_AuthType_AESKey kSSS_AuthType_AESKey -#define kSE05x_AuthType_ECKey kSSS_AuthType_ECKey - -/* For backwards compatibility */ -#define SE05x_AuthType_t SE_AuthType_t - -#endif /* NXSCP03_TYPES_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h deleted file mode 100644 index ab59629b2..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h +++ /dev/null @@ -1,127 +0,0 @@ -/* -* -* Copyright 2016,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -/** - * @par Description - * This file defines the interface to an APDU transfer function supporting both - * communication in the clear and channel encryption. - * @par History - * - */ - -#ifndef SCP_H -#define SCP_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "smCom.h" - -/// @cond -#define HOST_CHANNEL_STATE_IDX 0 -#define ADMIN_CHANNEL_STATE_IDX 1 - -/* Sizes used in SCP */ -#define AES_KEY_LEN_nBYTE (16) -#define DES_KEY_LEN_nBYTE (16) - -#define SCP_CRYPTOGRAM_SIZE (16) -#define SCP_CHALLENGE_SIZE (8) -#define SCP_KEY_SIZE (16) -#define SCP_CMAC_SIZE (16) // length of the CMAC calculated (and used as MAC chaining value) -#define SCP_COMMAND_MAC_SIZE (8) // length of the MAC appended in the APDU payload (8 'MSB's) - -/* defines used to indicate the command type */ -#define C_MAC (0x01) -#define C_ENC (0x02) -#define R_MAC (0x10) -#define R_ENC (0x20) - -#define SECLVL_CDEC_RENC_CMAC_RMAC (0x33) - -#define SCP02_SECLVL_CMAC (0x01) -#define SCP02_SECLVL_CDEC_CMAC (0x03) -#define SCP02_SECLVL_CDEC_CMAC_RMAC (0x13) - -#define SCP03_KEY_ID (0x01) - -#define PUT_KEYS_MULTIPLE_KEYS (0x80) -#define PUT_KEYS_KEY_TYPE_CODING_AES (0x88) -#define PUT_KEYS_KEY_IDENTIFIER ((PUT_KEYS_MULTIPLE_KEYS) | (SCP03_KEY_ID)) - -/* security levels, matching the CLA bytes for each level */ -#define SECLVL_OFF (0x80) -#define SECLVL_MAC (0xC0) -#define SECLVL_ENC (0xE0) - -#define DD_INPUT_SIZE (32) - -#define DD_OFFSET_SESSION_COUNTER (10) -#define DD_OFFSET_DD_CONSTANT (11) -#define DD_OFFSET_L_MSB (13) -#define DD_OFFSET_L_LSB (14) -#define DD_OFFSET_I (15) -#define DD_OFFSET_HOST_CHALLENGE (16) -#define DD_OFFSET_CARD_CHALLENGE (24) - -#define DATA_CARD_CRYPTOGRAM (0x00) -#define DATA_HOST_CRYPTOGRAM (0x01) -#define DATA_DERIVATION_SENC (0x04) -#define DATA_DERIVATION_SMAC (0x06) -#define DATA_DERIVATION_SRMAC (0x07) -#define DATA_DERIVATION_L_64BIT (0x0040) -#define DATA_DERIVATION_L_128BIT (0x0080) -#define DATA_DERIVATION_KDF_CTR (0x01) - -#define DD_LABEL_LEN 12 - -#define SCP_GP_IU_KEY_DIV_DATA_LEN 10 -#define SCP_GP_IU_KEY_INFO_LEN 3 -#define SCP02_GP_IU_KEY_INFO_LEN 2 -#define SCP_GP_CARD_CHALLENGE_LEN 8 -#define SCP02_GP_CARD_CHALLENGE_LEN 6 -#define SCP_GP_HOST_CHALLENGE_LEN 8 -#define SCP_GP_IU_CARD_CRYPTOGRAM_LEN 8 -#define SCP_GP_IU_SEQ_COUNTER_LEN 3 -#define SCP02_GP_IU_SEQ_COUNTER_LEN 2 -#define SCP_GP_SW_LEN 2 -#define CRYPTO_KEY_CHECK_LEN (3) - -#define SCP_MCV_LEN 16 // MAC Chaining Length -/// @endcond - -/** - * Enumerated type encoding the security level requested to be applied to the APDU. - */ -typedef enum -{ - NO_C_MAC_NO_C_ENC_NO_R_MAC_NO_R_ENC = 0, //!< No security requested - C_MAC_NO_C_ENC_R_MAC_NO_R_ENC = (C_MAC | R_MAC), //!< One apply MAC'ing (Not implemented) - C_MAC_C_ENC_R_MAC_R_ENC = (C_MAC | C_ENC | R_MAC | R_ENC) //!< Apply full security -} scp_CommandType_t; - -/** - * Exchanges APDU, applies SCP03 encryption depending on \p type parameter and on the - * authentication status of the SCP03 channel. - * - * @param[in] conn_ctx connection context - * @param[in,out] pApdu apdu_t datastructure - * @param[in] type encryption/mac request - * - * @retval ::SMCOM_OK Operation successful - * @retval ::SMCOM_SND_FAILED Send Failed - * @retval ::SMCOM_RCV_FAILED Receive Failed - * @retval ::ERR_CRYPTO_ENGINE_FAILED Failure in crypto engine - * @retval ::SCP_RSP_MAC_FAIL MAC on response failed to verify - * @retval ::SCP_DECODE_FAIL Encrypted Response did not decode to correctly padded plaintext - */ -U32 scp_Transceive(void *conn_ctx, apdu_t * pApdu, scp_CommandType_t type); - -#ifdef __cplusplus -} -#endif -#endif /* _SCP_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h deleted file mode 100644 index a2a95fe11..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h +++ /dev/null @@ -1,168 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef FSL_SSS_SE05X_CONST_H -#define FSL_SSS_SE05X_CONST_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT - -#include - -#define SE05X_SESSIONID_LEN (8) - -/* See MAX_APDU_PAYLOAD_LENGTH in SE05x APDU Specifications. - * - * Using 892 so that buffer boundaries are potentially word aligned for Se050. - * Using 1024 for Se051. - * And expecting a failure from OnCard in case host sends a - * larger than expected buffer. - * Please note, depending on choice of: - * {No Auth | UserID Auth | Applet SCP | Fast SCP } - * and combination of either of above along with Platform SCP, - * there is no easy way how many Exact bytes the host can - * send to SE05x. - */ -#if SSS_HAVE_SE05X_VER_GTE_06_00 -/* SE051 MAX_APDU_PAYLOAD_LENGTH 1024 */ -#define SE05X_MAX_BUF_SIZE_CMD (1024) -#define SE05X_MAX_BUF_SIZE_RSP (1024) -#else -/* SE050 MAX_APDU_PAYLOAD_LENGTH 892 */ -#define SE05X_MAX_BUF_SIZE_CMD (892) -#define SE05X_MAX_BUF_SIZE_RSP (892) -#endif - -#define SE050_MODULE_UNIQUE_ID_LEN 18 - -#define SE05X_I2CM_MAX_BUF_SIZE_CMD (271) -#define SE05X_I2CM_MAX_BUF_SIZE_RSP (271) -#define SE05X_I2CM_MAX_TIMESTAMP_SIZE (12) -#define SE05X_I2CM_MAX_FRESHNESS_SIZE (16) -#define SE05X_I2CM_MAX_CHIP_ID_SIZE (18) - -/** How many attestation records - * - * Whle reading RSA Objects, modulus and public exporent get attested separately, */ - -#define SE05X_MAX_ATTST_DATA 2 - -#if SE05X_FTR_32BIT_CURVE_ID -#define START_SE05X_ID_CURVE_START (0x7E000000) -#else -#define START_SE05X_ID_CURVE_START (0) -#endif - -#define CIPHER_BLOCK_SIZE 16 -#define CIPHER_UPDATE_DATA_SIZE 256 -#define AEAD_BLOCK_SIZE 16 -#define BINARY_WRITE_MAX_LEN 500 - -enum Se05x_SYMM_CIPHER_MODES -{ - Se05x_SYMM_MODE_NONE = 0x00, - Se05x_SYMM_CBC = 0x01, - Se05x_SYMM_EBC = 0x02, - Se05x_SYMM_CTR = 0x08, /* For AES */ -}; - -enum Se05x_AES_PADDING -{ - Se05x_AES_PADDING_NONE = 0x00, - Se05x_AES_PAD_NOPAD = 0x01, - Se05x_AES_PAD_ISO9797_M1 = 0x02, - Se05x_AES_PAD_ISO9797_M2 = 0x03, -}; - -enum Se05x_SHA_TYPE -{ - Se05x_SHA_1 = 0x00, - Se05x_SHA_256 = 0x04, - Se05x_SHA_384 = 0x05, - Se05x_SHA_512 = 0x06, -}; - -enum Se05x_MAC_TYPE -{ - Se05x_CMAC = 0x0A, -}; - -enum Se05x_MAC_Sign_verify -{ - Se05x_MAC_Sign = 0x00, - Se05x_MAC_Verify = 0x01, -}; - -enum Se05x_I2CM_RESULT_TYPE -{ - Se05x_I2CM_RESULT_SUCCESS = 0xA5, - Se05x_I2CM_RESULT_FAILURE = 0x96 // The APDU spec defines this as 0x5A, implementation deviates! -}; - -#define MAX_OBJ_PCR_VALUE_SIZE 32 -#define MAX_POLICY_BUFFER_SIZE 256 -#define MAX_OBJ_POLICY_SIZE 47 -#define MAX_OBJ_POLICY_TYPES 6 -#define DEFAULT_OBJECT_POLICY_SIZE 8 -#define OBJ_POLICY_HEADER_OFFSET 5 -#define OBJ_POLICY_LENGTH_OFFSET 0 -#define OBJ_POLICY_AUTHID_OFFSET 1 -#define OBJ_POLICY_EXT_OFFSET 9 -#define OBJ_POLICY_PCR_DATA_SIZE (4 + MAX_OBJ_PCR_VALUE_SIZE) /*4 bytes PCR Obj id + 32 bytes PCR value*/ -#define OBJ_POLICY_AUTH_DATA_SIZE 2 - -#define SESSION_POLICY_LENGTH_OFFSET 0 -#define SESSION_POLICY_AR_HEADER_OFFSET 1 -#define DEFAULT_SESSION_POLICY_SIZE 3 - - -/*below bitmaps are set according to Se050 Applet implementation -Byte Ordering for Policy header:B1 B2 B3 B4 -bits ordering -b8 b7 b6 b5 b4 b3 b2 b1 -example : B1b8 : 0x80000000 -*/ - -/* Access Rules for Object Policy*/ -#define POLICY_OBJ_FORBID_ALL 0x20000000 -#define POLICY_OBJ_ALLOW_SIGN 0x10000000 -#define POLICY_OBJ_ALLOW_VERIFY 0x08000000 -#define POLICY_OBJ_ALLOW_KA 0x04000000 -#define POLICY_OBJ_ALLOW_ENC 0x02000000 -#define POLICY_OBJ_ALLOW_DEC 0x01000000 -#define POLICY_OBJ_ALLOW_KDF 0x00800000 -#define POLICY_OBJ_ALLOW_WRAP 0x00400000 -#define POLICY_OBJ_ALLOW_READ 0x00200000 -#define POLICY_OBJ_ALLOW_WRITE 0x00100000 -#define POLICY_OBJ_ALLOW_GEN 0x00080000 -#define POLICY_OBJ_ALLOW_DELETE 0x00040000 -#define POLICY_OBJ_REQUIRE_SM 0x00020000 -#define POLICY_OBJ_REQUIRE_PCR_VALUE 0x00010000 -#define POLICY_OBJ_ALLOW_ATTESTATION 0x00008000 -#define POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION 0x00004000 -#define POLICY_OBJ_ALLOW_DESFIRE_DUMP_SESSION_KEYS 0x00002000 -#define POLICY_OBJ_ALLOW_IMPORT_EXPORT 0x00001000 -#if SSS_HAVE_SE05X_VER_GTE_06_00 // 4.4 -#define POLICY_OBJ_FORBID_DERIVED_OUTPUT 0x00000800 -#endif -#if SSS_HAVE_SE05X_VER_GTE_06_00 // 5.4 -#define POLICY_OBJ_ALLOW_KDF_EXT_RANDOM 0x00000400 -#endif - -/* Access Rules for Session Policy*/ -#define POLICY_SESSION_MAX_APDU 0x8000 -#define POLICY_SESSION_MAX_TIME 0x4000 -#define POLICY_SESSION_ALLOW_REFRESH 0x2000 -/**/ - -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ - -#endif /* FSL_SSS_SE05X_CONST_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h deleted file mode 100644 index 88787499e..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h +++ /dev/null @@ -1,19 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef SE05X_ECC_CURVES_H_INC -#define SE05X_ECC_CURVES_H_INC - -#include "se05x_tlv.h" - -#define PROCESS_ECC_CURVE(NAME) \ - smStatus_t Se05x_API_CreateCurve_##NAME(Se05xSession_t *pSession, uint32_t obj_id) - -#include - -#undef PROCESS_ECC_CURVE - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h deleted file mode 100644 index 636ebef12..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h +++ /dev/null @@ -1,268 +0,0 @@ -/* -* -* Copyright 2019 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - - -/* NIST/X9.62/SECG curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(prime192v1); - -/* NIST/SECG curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(secp224r1); - -/* NIST/SECG curve over a 384 bit prime field */ -PROCESS_ECC_CURVE(secp384r1); - -/* X9.62/SECG curve over a 256 bit prime field */ -PROCESS_ECC_CURVE(prime256v1); - -/* NIST/SECG curve over a 521 bit prime field */ -PROCESS_ECC_CURVE(secp521r1); - -/* RFC 5639 curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP160r1); - -/* RFC 5639 curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP160t1); - -/* RFC 5639 curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP192r1); - -/* RFC 5639 curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP192t1); - -/* RFC 5639 curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP224r1); - -/* RFC 5639 curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP224t1); - -/* RFC 5639 curve over a 256 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP256r1); - -/* RFC 5639 curve over a 256 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP256t1); - -/* RFC 5639 curve over a 320 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP320r1); - -/* RFC 5639 curve over a 320 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP320t1); - -/* RFC 5639 curve over a 384 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP384r1); - -/* RFC 5639 curve over a 384 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP384t1); - -/* RFC 5639 curve over a 512 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP512r1); - -/* RFC 5639 curve over a 512 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP512t1); - -/* SECG curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(secp160k1); - -/* SECG curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(secp192k1); - -/* SECG curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(secp224k1); - -/* SECG curve over a 256 bit prime field */ -PROCESS_ECC_CURVE(secp256k1); - -/* BN curve 256 bits */ -PROCESS_ECC_CURVE(tpm_bm_p256); - -#if 0 -/* clang-format off */ -/* SECG/WTLS curve over a 112 bit prime field */ -PROCESS_ECC_CURVE(secp112r1); - -/* SECG curve over a 112 bit prime field */ -PROCESS_ECC_CURVE(secp112r2); - -/* SECG curve over a 128 bit prime field */ -PROCESS_ECC_CURVE(secp128r1); - -/* SECG curve over a 128 bit prime field */ -PROCESS_ECC_CURVE(secp128r2); - -/* SECG curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(secp160r1); - -/* SECG/WTLS curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(secp160r2); - - - -/* X9.62 curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(prime192v2); - -/* X9.62 curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(prime192v3); - -/* X9.62 curve over a 239 bit prime field */ -PROCESS_ECC_CURVE(prime239v1); - -/* X9.62 curve over a 239 bit prime field */ -PROCESS_ECC_CURVE(prime239v2); - -/* X9.62 curve over a 239 bit prime field */ -PROCESS_ECC_CURVE(prime239v3); - - -/* SECG curve over a 113 bit binary field */ -PROCESS_ECC_CURVE(sect113r1); - -/* SECG curve over a 113 bit binary field */ -PROCESS_ECC_CURVE(sect113r2); - -/* SECG/WTLS curve over a 131 bit binary field */ -PROCESS_ECC_CURVE(sect131r1); - -/* SECG curve over a 131 bit binary field */ -PROCESS_ECC_CURVE(sect131r2); - -/* NIST/SECG/WTLS curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(sect163k1); - -/* SECG curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(sect163r1); - -/* NIST/SECG curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(sect163r2); - -/* SECG curve over a 193 bit binary field */ -PROCESS_ECC_CURVE(sect193r1); - -/* SECG curve over a 193 bit binary field */ -PROCESS_ECC_CURVE(sect193r2); - -/* NIST/SECG/WTLS curve over a 233 bit binary field */ -PROCESS_ECC_CURVE(sect233k1); - -/* NIST/SECG/WTLS curve over a 233 bit binary field */ -PROCESS_ECC_CURVE(sect233r1); - -/* SECG curve over a 239 bit binary field */ -PROCESS_ECC_CURVE(sect239k1); - -/* NIST/SECG curve over a 283 bit binary field */ -PROCESS_ECC_CURVE(sect283k1); - -/* NIST/SECG curve over a 283 bit binary field */ -PROCESS_ECC_CURVE(sect283r1); - -/* NIST/SECG curve over a 409 bit binary field */ -PROCESS_ECC_CURVE(sect409k1); - -/* NIST/SECG curve over a 409 bit binary field */ -PROCESS_ECC_CURVE(sect409r1); - -/* NIST/SECG curve over a 571 bit binary field */ -PROCESS_ECC_CURVE(sect571k1); - -/* NIST/SECG curve over a 571 bit binary field */ -PROCESS_ECC_CURVE(sect571r1); - -/* X9.62 curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(c2pnb163v1); - -/* X9.62 curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(c2pnb163v2); - -/* X9.62 curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(c2pnb163v3); - -/* X9.62 curve over a 176 bit binary field */ -PROCESS_ECC_CURVE(c2pnb176v1); - -/* X9.62 curve over a 191 bit binary field */ -PROCESS_ECC_CURVE(c2tnb191v1); - -/* X9.62 curve over a 191 bit binary field */ -PROCESS_ECC_CURVE(c2tnb191v2); - -/* X9.62 curve over a 191 bit binary field */ -PROCESS_ECC_CURVE(c2tnb191v3); - -/* X9.62 curve over a 208 bit binary field */ -PROCESS_ECC_CURVE(c2pnb208w1); - -/* X9.62 curve over a 239 bit binary field */ -PROCESS_ECC_CURVE(c2tnb239v1); - -/* X9.62 curve over a 239 bit binary field */ -PROCESS_ECC_CURVE(c2tnb239v2); - -/* X9.62 curve over a 239 bit binary field */ -PROCESS_ECC_CURVE(c2tnb239v3); - -/* X9.62 curve over a 272 bit binary field */ -PROCESS_ECC_CURVE(c2pnb272w1); - -/* X9.62 curve over a 304 bit binary field */ -PROCESS_ECC_CURVE(c2pnb304w1); - -/* X9.62 curve over a 359 bit binary field */ -PROCESS_ECC_CURVE(c2tnb359v1); - -/* X9.62 curve over a 368 bit binary field */ -PROCESS_ECC_CURVE(c2pnb368w1); - -/* X9.62 curve over a 431 bit binary field */ -PROCESS_ECC_CURVE(c2tnb431r1); - -/* WTLS curve over a 113 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls1); - -/* NIST/SECG/WTLS curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls3); - -/* SECG curve over a 113 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls4); - -/* X9.62 curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls5); - -/* SECG/WTLS curve over a 112 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls6); - -/* SECG/WTLS curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls7); - -/* WTLS curve over a 112 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls8); - -/* WTLS curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls9); - -/* NIST/SECG/WTLS curve over a 233 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls10); - -/* NIST/SECG/WTLS curve over a 233 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls11); - -/* WTLS curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls12); - -/* - IPSec/IKE/Oakley curve #3 over a 155 bit binary field. - Not suitable for ECDSA. - Questionable extension field! */ -PROCESS_ECC_CURVE(Oakley_EC2N_3); - -/* - IPSec/IKE/Oakley curve #4 over a 185 bit binary field. - Not suitable for ECDSA. - Questionable extension field! */ -PROCESS_ECC_CURVE(Oakley_EC2N_4); - - -/* clang-format on */ - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h deleted file mode 100644 index c7398db66..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h +++ /dev/null @@ -1,2801 +0,0 @@ -/* -* -* Copyright 2018 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef SE05X_ECC_CURVES_LIST_H_INC -#define SE05X_ECC_CURVES_LIST_H_INC - -/* clang-format off */ - -#if 0 -/* secp112r1 : SECG/WTLS curve over a 112 bit prime field */ -#define EC_PARAM_secp112r1_prime \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B -#define EC_PARAM_secp112r1_a \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x88 -#define EC_PARAM_secp112r1_b \ - 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, \ - 0xDE, 0x89, 0x11, 0x70, 0x2B, 0x22 -#define EC_PARAM_secp112r1_x \ - 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, \ - 0x6B, 0x55, 0xF9, 0xC2, 0xF0, 0x98 -#define EC_PARAM_secp112r1_y \ - 0xA8, 0x9C, 0xE5, 0xAF, 0x87, 0x24, 0xC0, 0xA2, \ - 0x3E, 0x0E, 0x0F, 0xF7, 0x75, 0x00 -#define EC_PARAM_secp112r1_order \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, \ - 0x28, 0xDF, 0xAC, 0x65, 0x61, 0xC5 -#endif - -#if 0 -/* secp112r2 : SECG curve over a 112 bit prime field */ -#define EC_PARAM_secp112r2_prime \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B -#define EC_PARAM_secp112r2_a \ - 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, \ - 0xAA, 0xF6, 0x5C, 0x0E, 0xF0, 0x2C -#define EC_PARAM_secp112r2_b \ - 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, \ - 0xFC, 0xC3, 0x4C, 0x85, 0xD7, 0x09 -#define EC_PARAM_secp112r2_x \ - 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, \ - 0x64, 0x9D, 0xD0, 0x92, 0x86, 0x43 -#define EC_PARAM_secp112r2_y \ - 0xAD, 0xCD, 0x46, 0xF5, 0x88, 0x2E, 0x37, 0x47, \ - 0xDE, 0xF3, 0x6E, 0x95, 0x6E, 0x97 -#define EC_PARAM_secp112r2_order \ - 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, \ - 0x7C, 0xA1, 0x05, 0x20, 0xD0, 0x4B -#endif - -#if 0 -/* secp128r1 : SECG curve over a 128 bit prime field */ -#define EC_PARAM_secp128r1_prime \ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_secp128r1_a \ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_secp128r1_b \ - 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, \ - 0xD8, 0x24, 0x99, 0x3C, 0x2C, 0xEE, 0x5E, 0xD3 -#define EC_PARAM_secp128r1_x \ - 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, \ - 0x0C, 0x28, 0x60, 0x7C, 0xA5, 0x2C, 0x5B, 0x86 -#define EC_PARAM_secp128r1_y \ - 0xCF, 0x5A, 0xC8, 0x39, 0x5B, 0xAF, 0xEB, 0x13, \ - 0xC0, 0x2D, 0xA2, 0x92, 0xDD, 0xED, 0x7A, 0x83 -#define EC_PARAM_secp128r1_order \ - 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, \ - 0x75, 0xA3, 0x0D, 0x1B, 0x90, 0x38, 0xA1, 0x15 -#endif - -#if 0 -/* secp128r2 : SECG curve over a 128 bit prime field */ -#define EC_PARAM_secp128r2_prime \ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_secp128r2_a \ - 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, \ - 0xBF, 0x59, 0xCC, 0x9B, 0xBF, 0xF9, 0xAE, 0xE1 -#define EC_PARAM_secp128r2_b \ - 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, \ - 0xDC, 0x2C, 0x65, 0x58, 0xBB, 0x6D, 0x8A, 0x5D -#define EC_PARAM_secp128r2_x \ - 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, \ - 0xE6, 0xFB, 0x32, 0xA7, 0xCD, 0xEB, 0xC1, 0x40 -#define EC_PARAM_secp128r2_y \ - 0x27, 0xB6, 0x91, 0x6A, 0x89, 0x4D, 0x3A, 0xEE, \ - 0x71, 0x06, 0xFE, 0x80, 0x5F, 0xC3, 0x4B, 0x44 -#define EC_PARAM_secp128r2_order \ - 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xBE, 0x00, 0x24, 0x72, 0x06, 0x13, 0xB5, 0xA3 -#endif - -#if 1 -/* secp160k1 : SECG curve over a 160 bit prime field */ -#define EC_PARAM_secp160k1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x73 -#define EC_PARAM_secp160k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_secp160k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x07 -#define EC_PARAM_secp160k1_x \ - 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, \ - 0x92, 0xA4, 0x01, 0x9E, 0x76, 0x30, 0x36, 0xF4, \ - 0xF5, 0xDD, 0x4D, 0x7E, 0xBB -#define EC_PARAM_secp160k1_y \ - 0x93, 0x8C, 0xF9, 0x35, 0x31, 0x8F, 0xDC, \ - 0xED, 0x6B, 0xC2, 0x82, 0x86, 0x53, 0x17, 0x33, \ - 0xC3, 0xF0, 0x3C, 0x4F, 0xEE -#define EC_PARAM_secp160k1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xB8, 0xFA, 0x16, 0xDF, 0xAB, \ - 0x9A, 0xCA, 0x16, 0xB6, 0xB3 -#endif - -#if 0 -/* secp160r1 : SECG curve over a 160 bit prime field */ -#define EC_PARAM_secp160r1_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0x7F, 0xFF, 0xFF, 0xFF -#define EC_PARAM_secp160r1_a \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0x7F, 0xFF, 0xFF, 0xFC -#define EC_PARAM_secp160r1_b \ - 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, \ - 0x8B, 0x65, 0xAC, 0xF8, 0x9F, 0x81, 0xD4, 0xD4, \ - 0xAD, 0xC5, 0x65, 0xFA, 0x45 -#define EC_PARAM_secp160r1_x \ - 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, \ - 0x28, 0x46, 0x64, 0x69, 0x89, 0x68, 0xC3, 0x8B, \ - 0xB9, 0x13, 0xCB, 0xFC, 0x82 -#define EC_PARAM_secp160r1_y \ - 0x00, 0x23, 0xA6, 0x28, 0x55, 0x31, 0x68, 0x94, \ - 0x7D, 0x59, 0xDC, 0xC9, 0x12, 0x04, 0x23, 0x51, \ - 0x37, 0x7A, 0xC5, 0xFB, 0x32 -#define EC_PARAM_secp160r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xF4, 0xC8, 0xF9, 0x27, 0xAE, \ - 0xD3, 0xCA, 0x75, 0x22, 0x57 -#endif - -#if 0 -/* secp160r2 : SECG/WTLS curve over a 160 bit prime field */ -#define EC_PARAM_secp160r2_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x73 -#define EC_PARAM_secp160r2_a \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x70 -#define EC_PARAM_secp160r2_b \ - 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, \ - 0x8B, 0xAB, 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, \ - 0x5A, 0xF5, 0x03, 0x88, 0xBA -#define EC_PARAM_secp160r2_x \ - 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, \ - 0x7E, 0x1F, 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, \ - 0x9D, 0x31, 0x44, 0xCE, 0x6D -#define EC_PARAM_secp160r2_y \ - 0x00, 0xFE, 0xAF, 0xFE, 0xF2, 0xE3, 0x31, 0xF2, \ - 0x96, 0xE0, 0x71, 0xFA, 0x0D, 0xF9, 0x98, 0x2C, \ - 0xFE, 0xA7, 0xD4, 0x3F, 0x2E -#define EC_PARAM_secp160r2_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, \ - 0x18, 0xF3, 0xA1, 0xA1, 0x6B -#endif - -#if 1 -/* secp192k1 : SECG curve over a 192 bit prime field */ -#define EC_PARAM_secp192k1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37 -#define EC_PARAM_secp192k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_secp192k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 -#define EC_PARAM_secp192k1_x \ - 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, \ - 0x26, 0xB0, 0x7D, 0x02, 0x80, 0xB7, 0xF4, 0x34, \ - 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D -#define EC_PARAM_secp192k1_y \ - 0x9B, 0x2F, 0x2F, 0x6D, 0x9C, 0x56, 0x28, 0xA7, \ - 0x84, 0x41, 0x63, 0xD0, 0x15, 0xBE, 0x86, 0x34, \ - 0x40, 0x82, 0xAA, 0x88, 0xD9, 0x5E, 0x2F, 0x9D -#define EC_PARAM_secp192k1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE, 0x26, 0xF2, 0xFC, 0x17, \ - 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D -#endif - -#if 1 -/* secp224k1 : SECG curve over a 224 bit prime field */ -#define EC_PARAM_secp224k1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xE5, 0x6D -#define EC_PARAM_secp224k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_secp224k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x05 -#define EC_PARAM_secp224k1_x \ - 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, \ - 0xDF, 0x30, 0xFC, 0x28, 0xA1, 0x69, 0xA4, 0x67, \ - 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65, \ - 0x0E, 0xB6, 0xB7, 0xA4, 0x5C -#define EC_PARAM_secp224k1_y \ - 0x7E, 0x08, 0x9F, 0xED, 0x7F, 0xBA, 0x34, \ - 0x42, 0x82, 0xCA, 0xFB, 0xD6, 0xF7, 0xE3, 0x19, \ - 0xF7, 0xC0, 0xB0, 0xBD, 0x59, 0xE2, 0xCA, 0x4B, \ - 0xDB, 0x55, 0x6D, 0x61, 0xA5 -#define EC_PARAM_secp224k1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xDC, \ - 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, \ - 0x71, 0x76, 0x9F, 0xB1, 0xF7 -#endif - -#if 1 -/* secp224r1 : NIST/SECG curve over a 224 bit prime field */ -#define EC_PARAM_secp224r1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_secp224r1_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE -#define EC_PARAM_secp224r1_b \ - 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, \ - 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, \ - 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, \ - 0x23, 0x55, 0xFF, 0xB4 -#define EC_PARAM_secp224r1_x \ - 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, \ - 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, \ - 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, \ - 0x11, 0x5C, 0x1D, 0x21 -#define EC_PARAM_secp224r1_y \ - 0xBD, 0x37, 0x63, 0x88, 0xB5, 0xF7, 0x23, 0xFB, \ - 0x4C, 0x22, 0xDF, 0xE6, 0xCD, 0x43, 0x75, 0xA0, \ - 0x5A, 0x07, 0x47, 0x64, 0x44, 0xD5, 0x81, 0x99, \ - 0x85, 0x00, 0x7E, 0x34 -#define EC_PARAM_secp224r1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, \ - 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, \ - 0x5C, 0x5C, 0x2A, 0x3D -#endif - -#if 1 -/* secp256k1 : SECG curve over a 256 bit prime field */ -#define EC_PARAM_secp256k1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F -#define EC_PARAM_secp256k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_secp256k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07 -#define EC_PARAM_secp256k1_x \ - 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, \ - 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B, 0x07, \ - 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, \ - 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98 -#define EC_PARAM_secp256k1_y \ - 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, \ - 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08, 0xA8, \ - 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, \ - 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8 -#define EC_PARAM_secp256k1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, \ - 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 -#endif - -#if 1 -/* secp384r1 : NIST/SECG curve over a 384 bit prime field */ -#define EC_PARAM_secp384r1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_secp384r1_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_secp384r1_b \ - 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, \ - 0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19, \ - 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, \ - 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, \ - 0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D, \ - 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF -#define EC_PARAM_secp384r1_x \ - 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, \ - 0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74, \ - 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, \ - 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, \ - 0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C, \ - 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7 -#define EC_PARAM_secp384r1_y \ - 0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F, \ - 0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29, \ - 0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C, \ - 0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0, \ - 0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D, \ - 0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F -#define EC_PARAM_secp384r1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, \ - 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A, \ - 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 -#endif - -#if 1 -/* secp521r1 : NIST/SECG curve over a 521 bit prime field */ -#define EC_PARAM_secp521r1_prime \ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF -#define EC_PARAM_secp521r1_a \ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFC -#define EC_PARAM_secp521r1_b \ - 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, \ - 0x9A, 0x1F, 0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, \ - 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, \ - 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, \ - 0x09, 0xE1, 0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, \ - 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, \ - 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, \ - 0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, \ - 0x3F, 0x00 -#define EC_PARAM_secp521r1_x \ - 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, \ - 0xE9, 0xCD, 0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, \ - 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, \ - 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, \ - 0x3D, 0xBA, 0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, \ - 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, \ - 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, \ - 0x42, 0x9B, 0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, \ - 0xBD, 0x66 -#define EC_PARAM_secp521r1_y \ - 0x01, 0x18, 0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, \ - 0xC0, 0x04, 0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, \ - 0x1B, 0xD9, 0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, \ - 0x44, 0x68, 0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, \ - 0x66, 0x2C, 0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, \ - 0x26, 0x40, 0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, \ - 0x07, 0x61, 0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, \ - 0xC2, 0x40, 0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, \ - 0x66, 0x50 -#define EC_PARAM_secp521r1_order \ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, \ - 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, \ - 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, \ - 0x47, 0xAE, 0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, \ - 0x64, 0x09 -#endif - -#if 1 -/* prime192v1 : NIST/X9.62/SECG curve over a 192 bit prime field */ -#define EC_PARAM_prime192v1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime192v1_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime192v1_b \ - 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, \ - 0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49, \ - 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1 -#define EC_PARAM_prime192v1_x \ - 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, \ - 0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00, \ - 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12 -#define EC_PARAM_prime192v1_y \ - 0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78, \ - 0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5, \ - 0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11 -#define EC_PARAM_prime192v1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36, \ - 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 -#endif - -#if 0 -/* prime192v2 : X9.62 curve over a 192 bit prime field */ -#define EC_PARAM_prime192v2_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime192v2_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime192v2_b \ - 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, \ - 0xE4, 0x9C, 0x0D, 0x63, 0x64, 0xA4, 0xE5, 0x98, \ - 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53 -#define EC_PARAM_prime192v2_x \ - 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, \ - 0xF2, 0xDE, 0x77, 0x69, 0xCF, 0xE9, 0xC9, 0x89, \ - 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A -#define EC_PARAM_prime192v2_y \ - 0x65, 0x74, 0xD1, 0x1D, 0x69, 0xB6, 0xEC, 0x7A, \ - 0x67, 0x2B, 0xB8, 0x2A, 0x08, 0x3D, 0xF2, 0xF2, \ - 0xB0, 0x84, 0x7D, 0xE9, 0x70, 0xB2, 0xDE, 0x15 -#define EC_PARAM_prime192v2_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE, 0x5F, 0xB1, 0xA7, 0x24, \ - 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 -#endif - -#if 0 -/* prime192v3 : X9.62 curve over a 192 bit prime field */ -#define EC_PARAM_prime192v3_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime192v3_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime192v3_b \ - 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, \ - 0xA7, 0x42, 0x3D, 0xAE, 0xCC, 0xC9, 0x47, 0x60, \ - 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16 -#define EC_PARAM_prime192v3_x \ - 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, \ - 0xA1, 0x78, 0x37, 0x16, 0x58, 0x8D, 0xCE, 0x2B, \ - 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96 -#define EC_PARAM_prime192v3_y \ - 0x38, 0xA9, 0x0F, 0x22, 0x63, 0x73, 0x37, 0x33, \ - 0x4B, 0x49, 0xDC, 0xB6, 0x6A, 0x6D, 0xC8, 0xF9, \ - 0x97, 0x8A, 0xCA, 0x76, 0x48, 0xA9, 0x43, 0xB0 -#define EC_PARAM_prime192v3_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7A, 0x62, 0xD0, 0x31, \ - 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 -#endif - -#if 0 -/* prime239v1 : X9.62 curve over a 239 bit prime field */ -#define EC_PARAM_prime239v1_prime \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime239v1_a \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime239v1_b \ - 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, \ - 0xD0, 0xD6, 0x54, 0x92, 0x14, 0x75, 0xCA, 0x71, \ - 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79, \ - 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A -#define EC_PARAM_prime239v1_x \ - 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, \ - 0xCC, 0x33, 0xB8, 0x64, 0x2B, 0xED, 0xF9, 0x05, \ - 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB, \ - 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF -#define EC_PARAM_prime239v1_y \ - 0x7D, 0xEB, 0xE8, 0xE4, 0xE9, 0x0A, 0x5D, 0xAE, \ - 0x6E, 0x40, 0x54, 0xCA, 0x53, 0x0B, 0xA0, 0x46, \ - 0x54, 0xB3, 0x68, 0x18, 0xCE, 0x22, 0x6B, 0x39, \ - 0xFC, 0xCB, 0x7B, 0x02, 0xF1, 0xAE -#define EC_PARAM_prime239v1_order \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x9E, \ - 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, \ - 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B -#endif - -#if 0 -/* prime239v2 : X9.62 curve over a 239 bit prime field */ -#define EC_PARAM_prime239v2_prime \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime239v2_a \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime239v2_b \ - 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, \ - 0xFE, 0xD5, 0x0D, 0x99, 0xF0, 0x24, 0x9C, 0x3F, \ - 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A, \ - 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C -#define EC_PARAM_prime239v2_x \ - 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, \ - 0x20, 0xC9, 0x21, 0xBB, 0x5E, 0x9E, 0x26, 0x29, \ - 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0, \ - 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7 -#define EC_PARAM_prime239v2_y \ - 0x5B, 0x01, 0x25, 0xE4, 0xDB, 0xEA, 0x0E, 0xC7, \ - 0x20, 0x6D, 0xA0, 0xFC, 0x01, 0xD9, 0xB0, 0x81, \ - 0x32, 0x9F, 0xB5, 0x55, 0xDE, 0x6E, 0xF4, 0x60, \ - 0x23, 0x7D, 0xFF, 0x8B, 0xE4, 0xBA -#define EC_PARAM_prime239v2_order \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0xCF, \ - 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, \ - 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 -#endif - -#if 0 -/* prime239v3 : X9.62 curve over a 239 bit prime field */ -#define EC_PARAM_prime239v3_prime \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime239v3_a \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime239v3_b \ - 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, \ - 0xB1, 0xF4, 0xCB, 0x03, 0xD6, 0xA7, 0x50, 0xA3, \ - 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17, \ - 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E -#define EC_PARAM_prime239v3_x \ - 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, \ - 0xCF, 0x00, 0x5C, 0x94, 0x9A, 0xA2, 0xC6, 0xD9, \ - 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54, \ - 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A -#define EC_PARAM_prime239v3_y \ - 0x16, 0x07, 0xE6, 0x89, 0x8F, 0x39, 0x0C, 0x06, \ - 0xBC, 0x1D, 0x55, 0x2B, 0xAD, 0x22, 0x6F, 0x3B, \ - 0x6F, 0xCF, 0xE4, 0x8B, 0x6E, 0x81, 0x84, 0x99, \ - 0xAF, 0x18, 0xE3, 0xED, 0x6C, 0xF3 -#define EC_PARAM_prime239v3_order \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x97, \ - 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, \ - 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 -#endif - -#if 1 -/* prime256v1 : X9.62/SECG curve over a 256 bit prime field */ -#define EC_PARAM_prime256v1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime256v1_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime256v1_b \ - 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, \ - 0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC, \ - 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, \ - 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B -#define EC_PARAM_prime256v1_x \ - 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, \ - 0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, \ - 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, \ - 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 -#define EC_PARAM_prime256v1_y \ - 0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B, \ - 0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16, \ - 0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, \ - 0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5 -#define EC_PARAM_prime256v1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, \ - 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 -#endif - -#if 0 -/* sect113r1 : SECG curve over a 113 bit binary field */ -#define EC_PARAM_sect113r1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_sect113r1_a \ - 0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, \ - 0xFE, 0x64, 0x9C, 0xE8, 0x58, 0x20, 0xF7 -#define EC_PARAM_sect113r1_b \ - 0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, \ - 0x44, 0x18, 0x8B, 0xE0, 0xE9, 0xC7, 0x23 -#define EC_PARAM_sect113r1_x \ - 0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, \ - 0x14, 0x07, 0xD7, 0x35, 0x62, 0xC1, 0x0F -#define EC_PARAM_sect113r1_y \ - 0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, \ - 0x84, 0xD1, 0x31, 0x5E, 0xD3, 0x18, 0x86 -#define EC_PARAM_sect113r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0xD9, 0xCC, 0xEC, 0x8A, 0x39, 0xE5, 0x6F -#endif - -#if 0 -/* sect113r2 : SECG curve over a 113 bit binary field */ -#define EC_PARAM_sect113r2_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_sect113r2_a \ - 0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, \ - 0x0D, 0xD6, 0xDF, 0xC0, 0xAA, 0x55, 0xC7 -#define EC_PARAM_sect113r2_b \ - 0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, \ - 0xD4, 0xBF, 0x36, 0xE0, 0x59, 0x18, 0x4F -#define EC_PARAM_sect113r2_x \ - 0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, \ - 0xF5, 0x2F, 0xCD, 0xB8, 0x16, 0x47, 0x97 -#define EC_PARAM_sect113r2_y \ - 0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, \ - 0x4C, 0x06, 0xE6, 0x95, 0xBA, 0xBA, 0x1D -#define EC_PARAM_sect113r2_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ - 0x08, 0x78, 0x9B, 0x24, 0x96, 0xAF, 0x93 -#endif - -#if 0 -/* sect131r1 : SECG/WTLS curve over a 131 bit binary field */ -#define EC_PARAM_sect131r1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ - 0x0D -#define EC_PARAM_sect131r1_a \ - 0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, \ - 0x44, 0x41, 0x8F, 0xF3, 0xFF, 0x8C, 0x25, 0x70, \ - 0xB8 -#define EC_PARAM_sect131r1_b \ - 0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, \ - 0xB9, 0xC6, 0xC7, 0x29, 0x16, 0x78, 0xF9, 0xD3, \ - 0x41 -#define EC_PARAM_sect131r1_x \ - 0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, \ - 0xC4, 0x0F, 0x9C, 0x18, 0x13, 0x43, 0x63, 0x83, \ - 0x99 -#define EC_PARAM_sect131r1_y \ - 0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, \ - 0x73, 0xC8, 0x13, 0x4B, 0x1B, 0x4E, 0xF9, 0xE1, \ - 0x50 -#define EC_PARAM_sect131r1_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x02, 0x31, 0x23, 0x95, 0x3A, 0x94, 0x64, 0xB5, \ - 0x4D -#endif - -#if 0 -/* sect131r2 : SECG curve over a 131 bit binary field */ -#define EC_PARAM_sect131r2_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ - 0x0D -#define EC_PARAM_sect131r2_a \ - 0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, \ - 0xBF, 0x41, 0x5F, 0x07, 0xC2, 0x17, 0x65, 0x73, \ - 0xB2 -#define EC_PARAM_sect131r2_b \ - 0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, \ - 0xAC, 0x73, 0x4C, 0xE3, 0x8F, 0x01, 0x8F, 0x21, \ - 0x92 -#define EC_PARAM_sect131r2_x \ - 0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, \ - 0xAD, 0x65, 0x2D, 0x23, 0x95, 0x1B, 0xB3, 0x66, \ - 0xA8 -#define EC_PARAM_sect131r2_y \ - 0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, \ - 0x36, 0x6D, 0x9E, 0x26, 0x5D, 0xE9, 0xEB, 0x24, \ - 0x0F -#define EC_PARAM_sect131r2_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x01, 0x69, 0x54, 0xA2, 0x33, 0x04, 0x9B, 0xA9, \ - 0x8F -#endif - -#if 0 -/* sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field */ -#define EC_PARAM_sect163k1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xC9 -#define EC_PARAM_sect163k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect163k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect163k1_x \ - 0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, \ - 0xAC, 0xAA, 0x07, 0xD7, 0x93, 0xDE, 0x4E, 0x6D, \ - 0x5E, 0x5C, 0x94, 0xEE, 0xE8 -#define EC_PARAM_sect163k1_y \ - 0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, \ - 0x58, 0x32, 0x1F, 0x2E, 0x80, 0x05, 0x36, 0xD5, \ - 0x38, 0xCC, 0xDA, 0xA3, 0xD9 -#define EC_PARAM_sect163k1_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x02, 0x01, 0x08, 0xA2, 0xE0, 0xCC, \ - 0x0D, 0x99, 0xF8, 0xA5, 0xEF -#endif - -#if 0 -/* sect163r1 : SECG curve over a 163 bit binary field */ -#define EC_PARAM_sect163r1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xC9 -#define EC_PARAM_sect163r1_a \ - 0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, \ - 0x95, 0x54, 0xFF, 0x84, 0x28, 0xBD, 0x88, 0xE2, \ - 0x46, 0xD2, 0x78, 0x2A, 0xE2 -#define EC_PARAM_sect163r1_b \ - 0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, \ - 0xAB, 0x94, 0x6B, 0xDA, 0x29, 0xCA, 0x91, 0xF7, \ - 0x3A, 0xF9, 0x58, 0xAF, 0xD9 -#define EC_PARAM_sect163r1_x \ - 0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, \ - 0x77, 0x89, 0x56, 0x67, 0x89, 0x56, 0x7F, 0x78, \ - 0x7A, 0x78, 0x76, 0xA6, 0x54 -#define EC_PARAM_sect163r1_y \ - 0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, \ - 0x98, 0x9D, 0x51, 0xFE, 0xFC, 0xE3, 0xC8, 0x09, \ - 0x88, 0xF4, 0x1F, 0xF8, 0x83 -#define EC_PARAM_sect163r1_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0x48, 0xAA, 0xB6, 0x89, 0xC2, \ - 0x9C, 0xA7, 0x10, 0x27, 0x9B -#endif - -#if 0 -/* sect163r2 : NIST/SECG curve over a 163 bit binary field */ -#define EC_PARAM_sect163r2_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xC9 -#define EC_PARAM_sect163r2_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect163r2_b \ - 0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, \ - 0xCA, 0x14, 0x81, 0xEB, 0x10, 0x51, 0x2F, 0x78, \ - 0x74, 0x4A, 0x32, 0x05, 0xFD -#define EC_PARAM_sect163r2_x \ - 0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, \ - 0x7E, 0xA0, 0x99, 0x11, 0x68, 0xD4, 0x99, 0x46, \ - 0x37, 0xE8, 0x34, 0x3E, 0x36 -#define EC_PARAM_sect163r2_y \ - 0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, \ - 0x4F, 0xA2, 0xCD, 0xD5, 0x45, 0xB1, 0x1C, 0x5C, \ - 0x0C, 0x79, 0x73, 0x24, 0xF1 -#define EC_PARAM_sect163r2_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x02, 0x92, 0xFE, 0x77, 0xE7, 0x0C, \ - 0x12, 0xA4, 0x23, 0x4C, 0x33 -#endif - -#if 0 -/* sect193r1 : SECG curve over a 193 bit binary field */ -#define EC_PARAM_sect193r1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, \ - 0x01 -#define EC_PARAM_sect193r1_a \ - 0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, \ - 0x51, 0x69, 0xE1, 0x71, 0xF7, 0x7B, 0x40, 0x87, \ - 0xDE, 0x09, 0x8A, 0xC8, 0xA9, 0x11, 0xDF, 0x7B, \ - 0x01 -#define EC_PARAM_sect193r1_b \ - 0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, \ - 0x9F, 0xAC, 0xAD, 0xAA, 0x7A, 0x1E, 0x5B, 0xBC, \ - 0x7C, 0xC1, 0xC2, 0xE5, 0xD8, 0x31, 0x47, 0x88, \ - 0x14 -#define EC_PARAM_sect193r1_x \ - 0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, \ - 0x74, 0xAD, 0x6C, 0xDF, 0x6F, 0xDE, 0xF4, 0xBF, \ - 0x61, 0x79, 0x62, 0x53, 0x72, 0xD8, 0xC0, 0xC5, \ - 0xE1 -#define EC_PARAM_sect193r1_y \ - 0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, \ - 0xCC, 0xF3, 0xEA, 0x9E, 0x3A, 0x1A, 0xD1, 0x7F, \ - 0xB0, 0xB3, 0x20, 0x1B, 0x6A, 0xF7, 0xCE, 0x1B, \ - 0x05 -#define EC_PARAM_sect193r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0xC7, 0xF3, 0x4A, \ - 0x77, 0x8F, 0x44, 0x3A, 0xCC, 0x92, 0x0E, 0xBA, \ - 0x49 -#endif - -#if 0 -/* sect193r2 : SECG curve over a 193 bit binary field */ -#define EC_PARAM_sect193r2_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, \ - 0x01 -#define EC_PARAM_sect193r2_a \ - 0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, \ - 0x3E, 0xA6, 0xED, 0x86, 0x67, 0x19, 0x0B, 0x0B, \ - 0xC4, 0x3E, 0xCD, 0x69, 0x97, 0x77, 0x02, 0x70, \ - 0x9B -#define EC_PARAM_sect193r2_b \ - 0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, \ - 0x4C, 0x37, 0x7E, 0x2A, 0xB2, 0x85, 0x6A, 0x5B, \ - 0x16, 0xE3, 0xEF, 0xB7, 0xF6, 0x1D, 0x43, 0x16, \ - 0xAE -#define EC_PARAM_sect193r2_x \ - 0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, \ - 0xC8, 0x03, 0xF3, 0x9E, 0x1A, 0x7E, 0x82, 0xCA, \ - 0x14, 0xA6, 0x51, 0x35, 0x0A, 0xAE, 0x61, 0x7E, \ - 0x8F -#define EC_PARAM_sect193r2_y \ - 0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, \ - 0xAC, 0x29, 0xE7, 0xDE, 0xFB, 0xD9, 0xCA, 0x01, \ - 0xF5, 0x96, 0xF9, 0x27, 0x22, 0x4C, 0xDE, 0xCF, \ - 0x6C -#define EC_PARAM_sect193r2_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01, 0x5A, 0xAB, 0x56, \ - 0x1B, 0x00, 0x54, 0x13, 0xCC, 0xD4, 0xEE, 0x99, \ - 0xD5 -#endif - -#if 0 -/* sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field */ -#define EC_PARAM_sect233k1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect233k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect233k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect233k1_x \ - 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, \ - 0x1A, 0xF1, 0x29, 0xF2, 0x2F, 0xF4, 0x14, 0x95, \ - 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, \ - 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26 -#define EC_PARAM_sect233k1_y \ - 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, \ - 0xF7, 0x0F, 0x55, 0x5A, 0x67, 0xC4, 0x27, 0xA8, \ - 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, \ - 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 -#define EC_PARAM_sect233k1_order \ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, \ - 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, \ - 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF -#endif - -#if 0 -/* sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field */ -#define EC_PARAM_sect233r1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect233r1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect233r1_b \ - 0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, \ - 0x7F, 0x8C, 0x09, 0x23, 0xBB, 0x58, 0x21, 0x3B, \ - 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE, \ - 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD -#define EC_PARAM_sect233r1_x \ - 0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, \ - 0xBB, 0x21, 0x39, 0xF1, 0xBB, 0x75, 0x5F, 0xEF, \ - 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8, \ - 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B -#define EC_PARAM_sect233r1_y \ - 0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, \ - 0x06, 0x78, 0xE5, 0x85, 0x28, 0xBE, 0xBF, 0x8A, \ - 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71, \ - 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52 -#define EC_PARAM_sect233r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, \ - 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03, \ - 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 -#endif - -#if 0 -/* sect239k1 : SECG curve over a 239 bit binary field */ -#define EC_PARAM_sect239k1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect239k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect239k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect239k1_x \ - 0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, \ - 0x73, 0x09, 0x88, 0xA6, 0x87, 0x27, 0xA8, 0xB2, \ - 0xD1, 0x26, 0xC4, 0x4C, 0xC2, 0xCC, 0x7B, 0x2A, \ - 0x65, 0x55, 0x19, 0x30, 0x35, 0xDC -#define EC_PARAM_sect239k1_y \ - 0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, \ - 0xDB, 0x01, 0x1C, 0x10, 0x30, 0x89, 0xE7, 0x35, \ - 0x10, 0xAC, 0xB2, 0x75, 0xFC, 0x31, 0x2A, 0x5D, \ - 0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA -#define EC_PARAM_sect239k1_order \ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5A, \ - 0x79, 0xFE, 0xC6, 0x7C, 0xB6, 0xE9, 0x1F, 0x1C, \ - 0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5 -#endif - -#if 0 -/* sect283k1 : NIST/SECG curve over a 283 bit binary field */ -#define EC_PARAM_sect283k1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x10, 0xA1 -#define EC_PARAM_sect283k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect283k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect283k1_x \ - 0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, \ - 0x3F, 0x1A, 0x3B, 0x81, 0x62, 0xF1, 0x88, 0xE5, \ - 0x53, 0xCD, 0x26, 0x5F, 0x23, 0xC1, 0x56, 0x7A, \ - 0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2, 0xAC, 0x24, \ - 0x58, 0x49, 0x28, 0x36 -#define EC_PARAM_sect283k1_y \ - 0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, \ - 0x8D, 0x90, 0xF9, 0x5D, 0x07, 0xE5, 0x42, 0x6F, \ - 0xE8, 0x7E, 0x45, 0xC0, 0xE8, 0x18, 0x46, 0x98, \ - 0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34, 0x11, 0x61, \ - 0x77, 0xDD, 0x22, 0x59 -#define EC_PARAM_sect283k1_order \ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77, \ - 0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, \ - 0x1E, 0x16, 0x3C, 0x61 -#endif - -#if 0 -/* sect283r1 : NIST/SECG curve over a 283 bit binary field */ -#define EC_PARAM_sect283r1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x10, 0xA1 -#define EC_PARAM_sect283r1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect283r1_b \ - 0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, \ - 0xA5, 0xA4, 0xAF, 0x8A, 0x19, 0xA0, 0x30, 0x3F, \ - 0xCA, 0x97, 0xFD, 0x76, 0x45, 0x30, 0x9F, 0xA2, \ - 0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26, 0x3E, 0x31, \ - 0x3B, 0x79, 0xA2, 0xF5 -#define EC_PARAM_sect283r1_x \ - 0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, \ - 0xE1, 0x93, 0x4F, 0x8C, 0x70, 0xB0, 0xDF, 0xEC, \ - 0x2E, 0xED, 0x25, 0xB8, 0x55, 0x7E, 0xAC, 0x9C, \ - 0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD, 0xBE, 0xCD, \ - 0x86, 0xB1, 0x20, 0x53 -#define EC_PARAM_sect283r1_y \ - 0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, \ - 0xB9, 0x8F, 0xE6, 0xD4, 0xB2, 0x0D, 0x02, 0xB4, \ - 0x51, 0x6F, 0xF7, 0x02, 0x35, 0x0E, 0xDD, 0xB0, \ - 0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0, 0xDF, 0x45, \ - 0xBE, 0x81, 0x12, 0xF4 -#define EC_PARAM_sect283r1_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xEF, 0x90, 0x39, 0x96, 0x60, 0xFC, \ - 0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, \ - 0xEF, 0xAD, 0xB3, 0x07 -#endif - -#if 0 -/* sect409k1 : NIST/SECG curve over a 409 bit binary field */ -#define EC_PARAM_sect409k1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect409k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect409k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect409k1_x \ - 0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, \ - 0xAD, 0x3A, 0xB1, 0x89, 0x0F, 0x71, 0x84, 0x21, \ - 0x0E, 0xFD, 0x09, 0x87, 0xE3, 0x07, 0xC8, 0x4C, \ - 0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6, 0x7C, 0xC2, \ - 0xC4, 0x60, 0x18, 0x9E, 0xB5, 0xAA, 0xAA, 0x62, \ - 0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF, \ - 0xE9, 0x02, 0x37, 0x46 -#define EC_PARAM_sect409k1_y \ - 0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, \ - 0xAC, 0xBA, 0x1D, 0xAC, 0xBF, 0x04, 0x29, 0x9C, \ - 0x34, 0x60, 0x78, 0x2F, 0x91, 0x8E, 0xA4, 0x27, \ - 0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA, 0x10, 0xE3, \ - 0xDA, 0x5F, 0x6C, 0x42, 0xE9, 0xC5, 0x52, 0x15, \ - 0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48, \ - 0xD8, 0xE0, 0x28, 0x6B -#define EC_PARAM_sect409k1_order \ - 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, 0xD4, 0xEA, \ - 0x20, 0x40, 0x0E, 0xC4, 0x55, 0x7D, 0x5E, 0xD3, \ - 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8, \ - 0xE0, 0x1E, 0x5F, 0xCF -#endif - -#if 0 -/* sect409r1 : NIST/SECG curve over a 409 bit binary field */ -#define EC_PARAM_sect409r1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect409r1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect409r1_b \ - 0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, \ - 0x5C, 0x4B, 0x9A, 0x75, 0x3B, 0x7B, 0x47, 0x6B, \ - 0x7F, 0xD6, 0x42, 0x2E, 0xF1, 0xF3, 0xDD, 0x67, \ - 0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC, 0x27, 0xC8, \ - 0xA9, 0xA1, 0x97, 0xB2, 0x72, 0x82, 0x2F, 0x6C, \ - 0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31, \ - 0x7B, 0x13, 0x54, 0x5F -#define EC_PARAM_sect409r1_x \ - 0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, \ - 0x49, 0x6B, 0x0C, 0x60, 0x64, 0x75, 0x62, 0x60, \ - 0x44, 0x1C, 0xDE, 0x4A, 0xF1, 0x77, 0x1D, 0x4D, \ - 0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5, 0x97, 0x03, \ - 0xDC, 0x25, 0x5A, 0x86, 0x8A, 0x11, 0x80, 0x51, \ - 0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54, \ - 0xBB, 0x79, 0x96, 0xA7 -#define EC_PARAM_sect409r1_y \ - 0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, \ - 0x2B, 0xBF, 0xA7, 0x83, 0x24, 0xED, 0x10, 0x6A, \ - 0x76, 0x36, 0xB9, 0xC5, 0xA7, 0xBD, 0x19, 0x8D, \ - 0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88, 0xD0, 0x8F, \ - 0x38, 0x51, 0x4F, 0x1F, 0xDF, 0x4B, 0x4F, 0x40, \ - 0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA, \ - 0x02, 0x73, 0xC7, 0x06 -#define EC_PARAM_sect409r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, 0xA6, 0x12, \ - 0xF3, 0x33, 0x07, 0xBE, 0x5F, 0xA4, 0x7C, 0x3C, \ - 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37, \ - 0xD9, 0xA2, 0x11, 0x73 -#endif - -#if 0 -/* sect571k1 : NIST/SECG curve over a 571 bit binary field */ -#define EC_PARAM_sect571k1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25 -#define EC_PARAM_sect571k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect571k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect571k1_x \ - 0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, \ - 0x82, 0x18, 0x96, 0x31, 0xF8, 0x10, 0x3F, 0xE4, \ - 0xAC, 0x9C, 0xA2, 0x97, 0x00, 0x12, 0xD5, 0xD4, \ - 0x60, 0x24, 0x80, 0x48, 0x01, 0x84, 0x1C, 0xA4, \ - 0x43, 0x70, 0x95, 0x84, 0x93, 0xB2, 0x05, 0xE6, \ - 0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C, \ - 0xBB, 0xD1, 0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, \ - 0x98, 0x8B, 0x47, 0x17, 0x4D, 0xCA, 0x88, 0xC7, \ - 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C, 0x89, 0x72 -#define EC_PARAM_sect571k1_y \ - 0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, \ - 0x4F, 0x4A, 0xEA, 0xDE, 0x3B, 0xCA, 0x95, 0x31, \ - 0x4D, 0xD5, 0x8C, 0xEC, 0x9F, 0x30, 0x7A, 0x54, \ - 0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D, 0x8A, 0x2C, \ - 0x9D, 0x49, 0x79, 0xC0, 0xAC, 0x44, 0xAE, 0xA7, \ - 0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC, \ - 0xB6, 0x20, 0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, \ - 0x32, 0x04, 0x30, 0xC8, 0x59, 0x19, 0x84, 0xF6, \ - 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1, 0xC7, 0xA3 -#define EC_PARAM_sect571k1_order \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x13, 0x18, 0x50, 0xE1, \ - 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB, \ - 0x91, 0x7F, 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, \ - 0xE5, 0xD6, 0x39, 0x38, 0x1E, 0x91, 0xDE, 0xB4, \ - 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01 -#endif - -#if 0 -/* sect571r1 : NIST/SECG curve over a 571 bit binary field */ -#define EC_PARAM_sect571r1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25 -#define EC_PARAM_sect571r1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect571r1_b \ - 0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, \ - 0xDE, 0x29, 0x71, 0x17, 0xB7, 0xF3, 0xD6, 0x2F, \ - 0x5C, 0x6A, 0x97, 0xFF, 0xCB, 0x8C, 0xEF, 0xF1, \ - 0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A, 0x18, 0xAD, \ - 0x84, 0xFF, 0xAB, 0xBD, 0x8E, 0xFA, 0x59, 0x33, \ - 0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29, \ - 0x4A, 0xFD, 0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, \ - 0x52, 0x0E, 0x4D, 0xE7, 0x39, 0xBA, 0xCA, 0x0C, \ - 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55, 0x72, 0x7A -#define EC_PARAM_sect571r1_x \ - 0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, \ - 0x6C, 0x16, 0xC0, 0xD4, 0x0D, 0x3C, 0xD7, 0x75, \ - 0x0A, 0x93, 0xD1, 0xD2, 0x95, 0x5F, 0xA8, 0x0A, \ - 0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B, 0x2A, 0xBD, \ - 0xBD, 0xE5, 0x39, 0x50, 0xF4, 0xC0, 0xD2, 0x93, \ - 0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14, \ - 0x99, 0xAE, 0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, \ - 0x4A, 0xBF, 0xA3, 0xB4, 0xC8, 0x50, 0xD9, 0x27, \ - 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC, 0x2D, 0x19 -#define EC_PARAM_sect571r1_y \ - 0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, \ - 0x6D, 0xCC, 0xFF, 0xFE, 0xB7, 0x3D, 0x69, 0xD7, \ - 0x8C, 0x6C, 0x27, 0xA6, 0x00, 0x9C, 0xBB, 0xCA, \ - 0x19, 0x80, 0xF8, 0x53, 0x39, 0x21, 0xE8, 0xA6, \ - 0x84, 0x42, 0x3E, 0x43, 0xBA, 0xB0, 0x8A, 0x57, \ - 0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8, \ - 0xB3, 0x53, 0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, \ - 0x16, 0xE2, 0xF1, 0x51, 0x6E, 0x23, 0xDD, 0x3C, \ - 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A, 0xC1, 0x5B -#define EC_PARAM_sect571r1_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xE6, 0x61, 0xCE, 0x18, \ - 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18, \ - 0x68, 0x23, 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, \ - 0x16, 0x1D, 0xE9, 0x3D, 0x51, 0x74, 0xD6, 0x6E, \ - 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47 -#endif - -#if 0 -/* c2pnb163v1 : X9.62 curve over a 163 bit binary field */ -#define EC_PARAM_c2pnb163v1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x07 -#define EC_PARAM_c2pnb163v1_a \ - 0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, \ - 0x22, 0xE0, 0x78, 0x96, 0x75, 0xF4, 0x32, 0xC8, \ - 0x94, 0x35, 0xDE, 0x52, 0x42 -#define EC_PARAM_c2pnb163v1_b \ - 0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, \ - 0x3C, 0xFF, 0x38, 0xC7, 0x4B, 0x20, 0xB6, 0xCD, \ - 0x4D, 0x6F, 0x9D, 0xD4, 0xD9 -#define EC_PARAM_c2pnb163v1_x \ - 0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, \ - 0x79, 0x32, 0x9F, 0xCC, 0x3D, 0x74, 0x88, 0x0F, \ - 0x33, 0xBB, 0xE8, 0x03, 0xCB -#define EC_PARAM_c2pnb163v1_y \ - 0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, \ - 0xEA, 0x1D, 0x3F, 0x87, 0xF7, 0xEA, 0x58, 0x48, \ - 0xAE, 0xF0, 0xB7, 0xCA, 0x9F -#define EC_PARAM_c2pnb163v1_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xE6, 0x0F, 0xC8, 0x82, 0x1C, \ - 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 -#endif - -#if 0 -/* c2pnb163v2 : X9.62 curve over a 163 bit binary field */ -#define EC_PARAM_c2pnb163v2_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x07 -#define EC_PARAM_c2pnb163v2_a \ - 0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, \ - 0xBE, 0xD9, 0x81, 0xED, 0x0E, 0x89, 0x0E, 0x11, \ - 0x7C, 0x51, 0x1C, 0xF0, 0x72 -#define EC_PARAM_c2pnb163v2_b \ - 0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, \ - 0x8C, 0x40, 0x74, 0x33, 0xFF, 0xAE, 0x4F, 0x1C, \ - 0x81, 0x16, 0x38, 0xDF, 0x20 -#define EC_PARAM_c2pnb163v2_x \ - 0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, \ - 0x0A, 0x96, 0x4D, 0x92, 0xC4, 0x86, 0x0E, 0x26, \ - 0x71, 0xDB, 0x9B, 0x6C, 0xC5 -#define EC_PARAM_c2pnb163v2_y \ - 0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, \ - 0xCD, 0x25, 0x8B, 0x38, 0x90, 0x02, 0x1B, 0x23, \ - 0x86, 0xDF, 0xD1, 0x9F, 0xC5 -#define EC_PARAM_c2pnb163v2_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFD, 0xF6, 0x4D, 0xE1, 0x15, 0x1A, \ - 0xDB, 0xB7, 0x8F, 0x10, 0xA7 -#endif - -#if 0 -/* c2pnb163v3 : X9.62 curve over a 163 bit binary field */ -#define EC_PARAM_c2pnb163v3_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x07 -#define EC_PARAM_c2pnb163v3_a \ - 0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, \ - 0x56, 0xA0, 0x07, 0x69, 0x9F, 0x54, 0x47, 0xE3, \ - 0x2A, 0xE4, 0x56, 0xB5, 0x0E -#define EC_PARAM_c2pnb163v3_b \ - 0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, \ - 0x38, 0xFD, 0x6F, 0x1B, 0xF9, 0x5B, 0x48, 0xFE, \ - 0xEB, 0x48, 0x54, 0x25, 0x2B -#define EC_PARAM_c2pnb163v3_x \ - 0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, \ - 0xDE, 0xCF, 0x8A, 0x22, 0xE6, 0x52, 0x47, 0x75, \ - 0xF9, 0x8C, 0xDE, 0xBD, 0xCB -#define EC_PARAM_c2pnb163v3_y \ - 0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, \ - 0xEA, 0x48, 0xEB, 0x3F, 0xF3, 0x71, 0x8B, 0x89, \ - 0x3D, 0xF5, 0x9A, 0x05, 0xD0 -#define EC_PARAM_c2pnb163v3_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFE, 0x1A, 0xEE, 0x14, 0x0F, 0x11, \ - 0x0A, 0xFF, 0x96, 0x13, 0x09 -#endif - -#if 0 -/* c2pnb176v1 : X9.62 curve over a 176 bit binary field */ -#define EC_PARAM_c2pnb176v1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x07 -#define EC_PARAM_c2pnb176v1_a \ - 0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, \ - 0x40, 0x7D, 0x9D, 0x39, 0xB8, 0xD0, 0x96, 0x7B, \ - 0x96, 0x70, 0x4B, 0xA8, 0xE9, 0xC9, 0x0B -#define EC_PARAM_c2pnb176v1_b \ - 0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, \ - 0xDE, 0x8E, 0xC1, 0x33, 0xAE, 0x28, 0xE9, 0xBB, \ - 0xD7, 0xFC, 0xEC, 0x0A, 0xE0, 0xFF, 0xF2 -#define EC_PARAM_c2pnb176v1_x \ - 0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, \ - 0x00, 0xF9, 0xF0, 0x8B, 0xB4, 0xA8, 0xE8, 0x60, \ - 0xF3, 0x29, 0x8C, 0xE0, 0x4A, 0x57, 0x98 -#define EC_PARAM_c2pnb176v1_y \ - 0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, \ - 0xD6, 0xBA, 0xB5, 0x16, 0x7D, 0x61, 0xB4, 0x36, \ - 0xE1, 0xD9, 0x2B, 0xB1, 0x6A, 0x56, 0x2C -#define EC_PARAM_c2pnb176v1_order \ - 0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, \ - 0xEC, 0xA4, 0xF6, 0x14, 0x57, 0x99, 0xD6, 0x2B, \ - 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD -#endif - -#if 0 -/* c2tnb191v1 : X9.62 curve over a 191 bit binary field */ -#define EC_PARAM_c2tnb191v1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_c2tnb191v1_a \ - 0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, \ - 0x6A, 0x68, 0xF5, 0x65, 0x54, 0xE1, 0x26, 0x40, \ - 0x27, 0x6B, 0x64, 0x9E, 0xF7, 0x52, 0x62, 0x67 -#define EC_PARAM_c2tnb191v1_b \ - 0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, \ - 0x67, 0xB0, 0x08, 0x1B, 0x94, 0x95, 0xA3, 0xD9, \ - 0x54, 0x62, 0xF5, 0xDE, 0x0A, 0xA1, 0x85, 0xEC -#define EC_PARAM_c2tnb191v1_x \ - 0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, \ - 0xC4, 0xF2, 0x99, 0xD7, 0xB2, 0x1A, 0x9C, 0x36, \ - 0x91, 0x37, 0xF2, 0xC8, 0x4A, 0xE1, 0xAA, 0x0D -#define EC_PARAM_c2tnb191v1_y \ - 0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, \ - 0x33, 0x29, 0x32, 0xE7, 0x0E, 0xA2, 0x45, 0xCA, \ - 0x24, 0x18, 0xEA, 0x0E, 0xF9, 0x80, 0x18, 0xFB -#define EC_PARAM_c2tnb191v1_order \ - 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0xA2, 0x0E, 0x90, \ - 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5 -#endif - -#if 0 -/* c2tnb191v2 : X9.62 curve over a 191 bit binary field */ -#define EC_PARAM_c2tnb191v2_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_c2tnb191v2_a \ - 0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, \ - 0xB7, 0x66, 0x6D, 0x13, 0x66, 0xEA, 0x43, 0x20, \ - 0x71, 0x27, 0x4F, 0x89, 0xFF, 0x01, 0xE7, 0x18 -#define EC_PARAM_c2tnb191v2_b \ - 0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, \ - 0xB6, 0x24, 0x9C, 0x99, 0x18, 0x2B, 0x7C, 0x8C, \ - 0xD1, 0x97, 0x00, 0xC3, 0x62, 0xC4, 0x6A, 0x01 -#define EC_PARAM_c2tnb191v2_x \ - 0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, \ - 0x5A, 0x87, 0x92, 0x6A, 0xAD, 0x83, 0xFD, 0x28, \ - 0x78, 0x9E, 0x81, 0xE2, 0xC9, 0xE3, 0xBF, 0x10 -#define EC_PARAM_c2tnb191v2_y \ - 0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, \ - 0xDB, 0xF0, 0x17, 0x60, 0xD9, 0x21, 0x3A, 0x3E, \ - 0x1C, 0xF3, 0x7A, 0xEC, 0x43, 0x7D, 0x66, 0x8A -#define EC_PARAM_c2tnb191v2_order \ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x50, 0x50, 0x8C, 0xB8, \ - 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73 -#endif - -#if 0 -/* c2tnb191v3 : X9.62 curve over a 191 bit binary field */ -#define EC_PARAM_c2tnb191v3_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_c2tnb191v3_a \ - 0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, \ - 0x22, 0x10, 0x56, 0x91, 0x1C, 0x77, 0xD7, 0x7E, \ - 0x77, 0xA7, 0x77, 0xE7, 0xE7, 0xE7, 0x7F, 0xCB -#define EC_PARAM_c2tnb191v3_b \ - 0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, \ - 0x89, 0xEF, 0xEF, 0x8D, 0xB4, 0x59, 0xF6, 0x63, \ - 0x94, 0xD9, 0x0F, 0x32, 0xAD, 0x3F, 0x15, 0xE8 -#define EC_PARAM_c2tnb191v3_x \ - 0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, \ - 0x89, 0xDE, 0x87, 0x46, 0xE7, 0x17, 0x86, 0x01, \ - 0x50, 0x09, 0xE6, 0x6E, 0x38, 0xA9, 0x26, 0xDD -#define EC_PARAM_c2tnb191v3_y \ - 0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, \ - 0x98, 0x59, 0x99, 0x36, 0x6E, 0x6A, 0xD3, 0x4C, \ - 0xE0, 0xA7, 0x7C, 0xD7, 0x12, 0x7B, 0x06, 0xBE -#define EC_PARAM_c2tnb191v3_order \ - 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, \ - 0x55, 0x55, 0x55, 0x55, 0x61, 0x0C, 0x0B, 0x19, \ - 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3 -#endif - -#if 0 -/* c2pnb208w1 : X9.62 curve over a 208 bit binary field */ -#define EC_PARAM_c2pnb208w1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x07 -#define EC_PARAM_c2pnb208w1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00 -#define EC_PARAM_c2pnb208w1_b \ - 0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, \ - 0x21, 0x2E, 0x11, 0x60, 0x34, 0x9E, 0x2B, 0xFA, \ - 0x84, 0x44, 0x39, 0xFA, 0xFC, 0x2A, 0x3F, 0xD1, \ - 0x63, 0x8F, 0x9E -#define EC_PARAM_c2pnb208w1_x \ - 0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, \ - 0xDF, 0x95, 0x59, 0xEC, 0xF0, 0x7A, 0xC0, 0xCE, \ - 0x78, 0x55, 0x4E, 0x27, 0x84, 0xEB, 0x8C, 0x1E, \ - 0xD1, 0xA5, 0x7A -#define EC_PARAM_c2pnb208w1_y \ - 0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, \ - 0x9A, 0xC3, 0x8A, 0x03, 0x5F, 0xF5, 0x20, 0xD8, \ - 0xB0, 0x17, 0x81, 0xBE, 0xB1, 0xA6, 0xBB, 0x08, \ - 0x61, 0x7D, 0xE3 -#define EC_PARAM_c2pnb208w1_order \ - 0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, \ - 0x23, 0xC5, 0x7B, 0x6C, 0x21, 0xDA, 0x2E, 0xFF, \ - 0x2D, 0x5E, 0xD5, 0x88, 0xBD, 0xD5, 0x71, 0x7E, \ - 0x21, 0x2F, 0x9D -#endif - -#if 0 -/* c2tnb239v1 : X9.62 curve over a 239 bit binary field */ -#define EC_PARAM_c2tnb239v1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb239v1_a \ - 0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, \ - 0x12, 0x3A, 0x46, 0xB8, 0x08, 0x90, 0x67, 0x56, \ - 0xF5, 0x43, 0x42, 0x3E, 0x8D, 0x27, 0x87, 0x75, \ - 0x78, 0x12, 0x57, 0x78, 0xAC, 0x76 -#define EC_PARAM_c2tnb239v1_b \ - 0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, \ - 0xB0, 0x12, 0xED, 0xEF, 0xB3, 0x39, 0x2F, 0x30, \ - 0xF4, 0x32, 0x7C, 0x0C, 0xA3, 0xF3, 0x1F, 0xC3, \ - 0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16 -#define EC_PARAM_c2tnb239v1_x \ - 0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, \ - 0x0A, 0x96, 0xD3, 0xFD, 0x5B, 0x70, 0x6E, 0xF7, \ - 0xE5, 0xF5, 0xC1, 0x56, 0xE1, 0x6B, 0x7E, 0x7C, \ - 0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D -#define EC_PARAM_c2tnb239v1_y \ - 0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, \ - 0xF6, 0xF1, 0xA1, 0x6B, 0x26, 0x8D, 0xE4, 0x69, \ - 0xC3, 0xC7, 0x74, 0x4E, 0xA9, 0xA9, 0x71, 0x64, \ - 0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05 -#define EC_PARAM_c2tnb239v1_order \ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, \ - 0x4D, 0x42, 0xFF, 0xE1, 0x49, 0x2A, 0x49, 0x93, \ - 0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47 -#endif - -#if 0 -/* c2tnb239v2 : X9.62 curve over a 239 bit binary field */ -#define EC_PARAM_c2tnb239v2_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb239v2_a \ - 0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, \ - 0xE4, 0x23, 0x98, 0x56, 0x9B, 0x74, 0x63, 0x25, \ - 0xD4, 0x53, 0x13, 0xAF, 0x07, 0x66, 0x26, 0x64, \ - 0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F -#define EC_PARAM_c2tnb239v2_b \ - 0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, \ - 0xCD, 0x82, 0xB2, 0xC1, 0x4A, 0x2F, 0xCF, 0x2E, \ - 0x3F, 0xF8, 0x77, 0x52, 0x85, 0xB5, 0x45, 0x72, \ - 0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B -#define EC_PARAM_c2tnb239v2_x \ - 0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, \ - 0xDC, 0x47, 0xA0, 0x85, 0x34, 0xFE, 0x76, 0xD2, \ - 0xB9, 0x00, 0xB7, 0xD7, 0xEF, 0x31, 0xF5, 0x70, \ - 0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05 -#define EC_PARAM_c2tnb239v2_y \ - 0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, \ - 0xA0, 0x3B, 0xAD, 0x9D, 0xD7, 0x5E, 0x2C, 0x71, \ - 0xA9, 0x93, 0x62, 0x56, 0x7D, 0x54, 0x53, 0xF7, \ - 0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33 -#define EC_PARAM_c2tnb239v2_order \ - 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, \ - 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3C, \ - 0x6F, 0x28, 0x85, 0x25, 0x9C, 0x31, 0xE3, 0xFC, \ - 0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D -#endif - -#if 0 -/* c2tnb239v3 : X9.62 curve over a 239 bit binary field */ -#define EC_PARAM_c2tnb239v3_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb239v3_a \ - 0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, \ - 0x6D, 0x66, 0x76, 0xF7, 0x78, 0xE6, 0x76, 0xB6, \ - 0x69, 0x99, 0x17, 0x66, 0x66, 0xE6, 0x87, 0x66, \ - 0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F -#define EC_PARAM_c2tnb239v3_b \ - 0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, \ - 0x51, 0x99, 0xAC, 0xFC, 0x51, 0x06, 0x7E, 0xD5, \ - 0x87, 0xF5, 0x19, 0xC5, 0xEC, 0xB5, 0x41, 0xB8, \ - 0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40 -#define EC_PARAM_c2tnb239v3_x \ - 0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, \ - 0x89, 0x91, 0x3C, 0xE3, 0x53, 0x0B, 0xFD, 0xE9, \ - 0x03, 0x97, 0x7D, 0x42, 0xB1, 0x46, 0xD5, 0x39, \ - 0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92 -#define EC_PARAM_c2tnb239v3_y \ - 0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, \ - 0xB9, 0x00, 0x4D, 0xCE, 0x5C, 0x0E, 0xD7, 0xFE, \ - 0x59, 0xA3, 0x56, 0x08, 0xF3, 0x38, 0x37, 0xC8, \ - 0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61 -#define EC_PARAM_c2tnb239v3_order \ - 0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, \ - 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xAC, \ - 0x49, 0x12, 0xD2, 0xD9, 0xDF, 0x90, 0x3E, 0xF9, \ - 0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF -#endif - -#if 0 -/* c2pnb272w1 : X9.62 curve over a 272 bit binary field */ -#define EC_PARAM_c2pnb272w1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x0B -#define EC_PARAM_c2pnb272w1_a \ - 0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, \ - 0x4A, 0xB2, 0xCC, 0xF4, 0x9C, 0x4E, 0xDD, 0x22, \ - 0x0F, 0xB0, 0x28, 0x71, 0x2D, 0x42, 0xBE, 0x75, \ - 0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA, 0xCD, 0xB5, \ - 0x86, 0xFB, 0x20 -#define EC_PARAM_c2pnb272w1_b \ - 0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, \ - 0xCE, 0x7C, 0x8A, 0xAA, 0xFF, 0x34, 0xE1, 0x2A, \ - 0x9C, 0x55, 0x70, 0x03, 0xD7, 0xC7, 0x3A, 0x6F, \ - 0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC, 0x84, 0x82, \ - 0xE5, 0x40, 0xF7 -#define EC_PARAM_c2pnb272w1_x \ - 0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, \ - 0xF7, 0x87, 0x05, 0x8A, 0x05, 0x6C, 0xBE, 0x0C, \ - 0xFE, 0x62, 0x2D, 0x77, 0x23, 0xA2, 0x89, 0xE0, \ - 0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D, 0x10, 0xD1, \ - 0x71, 0xDD, 0x8D -#define EC_PARAM_c2pnb272w1_y \ - 0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, \ - 0xEF, 0x6B, 0xA7, 0xF6, 0x87, 0x2E, 0x61, 0x42, \ - 0xFB, 0xD2, 0x41, 0xB8, 0x30, 0xFF, 0x5E, 0xFC, \ - 0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02, 0x00, 0x5D, \ - 0xDE, 0x9D, 0x23 -#define EC_PARAM_c2pnb272w1_order \ - 0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, \ - 0xE0, 0xE3, 0x9E, 0x48, 0x92, 0xDF, 0x6E, 0x31, \ - 0x9C, 0x72, 0xC8, 0x16, 0x16, 0x03, 0xFA, 0x45, \ - 0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, \ - 0x62, 0x95, 0x21 -#endif - -#if 0 -/* c2pnb304w1 : X9.62 curve over a 304 bit binary field */ -#define EC_PARAM_c2pnb304w1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x07 -#define EC_PARAM_c2pnb304w1_a \ - 0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, \ - 0xF6, 0x51, 0xE6, 0xDC, 0xE6, 0x80, 0x20, 0x85, \ - 0x37, 0x7E, 0x5F, 0x88, 0x2D, 0x1B, 0x51, 0x0B, \ - 0x44, 0x16, 0x00, 0x74, 0xC1, 0x28, 0x80, 0x78, \ - 0x36, 0x5A, 0x03, 0x96, 0xC8, 0xE6, 0x81 -#define EC_PARAM_c2pnb304w1_b \ - 0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, \ - 0x90, 0x8E, 0x43, 0xB0, 0x1C, 0x79, 0x8E, 0xA5, \ - 0xDA, 0xA6, 0x78, 0x8F, 0x1E, 0xA2, 0x79, 0x4E, \ - 0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1, 0x40, 0x39, \ - 0x60, 0x1E, 0x55, 0x82, 0x73, 0x40, 0xBE -#define EC_PARAM_c2pnb304w1_x \ - 0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, \ - 0xD9, 0x6A, 0xDB, 0x0F, 0x5F, 0x3C, 0x7F, 0x2C, \ - 0xFF, 0xBD, 0x7A, 0x3E, 0xB8, 0xB6, 0xFE, 0xC3, \ - 0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD, 0xF6, 0x28, \ - 0x5A, 0x64, 0x4F, 0x74, 0x0A, 0x26, 0x14 -#define EC_PARAM_c2pnb304w1_y \ - 0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, \ - 0x71, 0x51, 0x7E, 0xCF, 0x40, 0x1B, 0x50, 0x28, \ - 0x9B, 0xF0, 0x14, 0x10, 0x32, 0x88, 0x52, 0x7A, \ - 0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80, 0x26, 0x0B, \ - 0x54, 0x9F, 0xDC, 0x1B, 0x92, 0xC0, 0x3B -#define EC_PARAM_c2pnb304w1_order \ - 0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, \ - 0xAB, 0xAC, 0x80, 0x01, 0x01, 0xD5, 0x56, 0x57, \ - 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x02, 0x2D, 0x5C, \ - 0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, 0x61, 0xDA, \ - 0x68, 0x99, 0x16, 0x44, 0x43, 0x05, 0x1D -#endif - -#if 0 -/* c2tnb359v1 : X9.62 curve over a 359 bit binary field */ -#define EC_PARAM_c2tnb359v1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb359v1_a \ - 0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, \ - 0x4F, 0x35, 0x6E, 0xA9, 0x20, 0x17, 0xD9, 0x46, \ - 0x56, 0x7C, 0x46, 0x67, 0x55, 0x56, 0xF1, 0x95, \ - 0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67, 0xD2, 0x23, \ - 0xA5, 0xE0, 0x56, 0x56, 0xFB, 0x54, 0x90, 0x16, \ - 0xA9, 0x66, 0x56, 0xA5, 0x57 -#define EC_PARAM_c2tnb359v1_b \ - 0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, \ - 0x3F, 0x1F, 0xE7, 0xF5, 0xB6, 0xDB, 0x07, 0x5D, \ - 0x52, 0xB6, 0x94, 0x7D, 0x13, 0x5D, 0x8C, 0xA4, \ - 0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34, 0x56, 0x26, \ - 0x08, 0x96, 0x87, 0x74, 0x2B, 0x63, 0x29, 0xE7, \ - 0x06, 0x80, 0x23, 0x19, 0x88 -#define EC_PARAM_c2tnb359v1_x \ - 0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, \ - 0xED, 0xE0, 0xF1, 0xFD, 0xAA, 0x79, 0xDA, 0xEE, \ - 0x38, 0x41, 0x36, 0x6A, 0x13, 0x2E, 0x16, 0x3A, \ - 0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF, 0x9C, 0x6B, \ - 0xDC, 0xDE, 0x98, 0xE8, 0xE7, 0x07, 0xC0, 0x7A, \ - 0x22, 0x39, 0xB1, 0xB0, 0x97 -#define EC_PARAM_c2tnb359v1_y \ - 0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, \ - 0x12, 0x1E, 0x9C, 0x95, 0xF3, 0x79, 0x1D, 0xD8, \ - 0x04, 0x96, 0x39, 0x48, 0xF3, 0x4F, 0xAE, 0x7B, \ - 0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC, 0x78, 0x68, \ - 0xFE, 0x57, 0xE4, 0xAE, 0x2D, 0xE2, 0x11, 0x30, \ - 0x5A, 0x40, 0x71, 0x04, 0xBD -#define EC_PARAM_c2tnb359v1_order \ - 0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, \ - 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, \ - 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xC9, 0xFB, \ - 0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, 0x2C, 0x20, \ - 0xA7, 0xEB, 0x96, 0x4F, 0xE7, 0x71, 0x9E, 0x74, \ - 0xF4, 0x90, 0x75, 0x8D, 0x3B -#endif - -#if 0 -/* c2pnb368w1 : X9.62 curve over a 368 bit binary field */ -#define EC_PARAM_c2pnb368w1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07 -#define EC_PARAM_c2pnb368w1_a \ - 0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, \ - 0xF5, 0xE2, 0xA4, 0xF9, 0xED, 0x22, 0x9F, 0x1F, \ - 0x25, 0x6E, 0x79, 0xA0, 0xE2, 0xB4, 0x55, 0x97, \ - 0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9, 0x47, 0x78, \ - 0xC5, 0x76, 0xD6, 0x2F, 0x0A, 0xB7, 0x51, 0x9C, \ - 0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D -#define EC_PARAM_c2pnb368w1_b \ - 0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, \ - 0x45, 0x2C, 0x76, 0x0A, 0x58, 0xED, 0xCD, 0x30, \ - 0xC8, 0xDD, 0x06, 0x9B, 0x3C, 0x34, 0x45, 0x38, \ - 0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5, 0x49, 0x17, \ - 0xE1, 0xC2, 0x11, 0x2D, 0x84, 0xD1, 0x64, 0xF4, \ - 0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A -#define EC_PARAM_c2pnb368w1_x \ - 0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, \ - 0xCC, 0xE3, 0xC1, 0x55, 0x7A, 0xFA, 0x10, 0xC2, \ - 0xF0, 0xC0, 0xC2, 0x82, 0x56, 0x46, 0xC5, 0xB3, \ - 0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B, 0xC1, 0x6B, \ - 0x22, 0xE7, 0xE7, 0x89, 0xE9, 0x27, 0xBE, 0x21, \ - 0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F -#define EC_PARAM_c2pnb368w1_y \ - 0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, \ - 0xD5, 0xD8, 0xB2, 0x05, 0x9B, 0x52, 0x57, 0x97, \ - 0xFC, 0x73, 0x82, 0x2C, 0x59, 0x05, 0x9C, 0x62, \ - 0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE, 0xE8, 0xF8, \ - 0x7C, 0xD1, 0x85, 0x5A, 0xDA, 0xA8, 0x1E, 0x2A, \ - 0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10 -#define EC_PARAM_c2pnb368w1_order \ - 0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, \ - 0xAF, 0x72, 0xB0, 0x83, 0x49, 0xD9, 0x8A, 0x5D, \ - 0xD4, 0xC7, 0xB0, 0x53, 0x2E, 0xCA, 0x51, 0xCE, \ - 0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, 0xC5, 0x79, \ - 0xBD, 0x87, 0xE9, 0x09, 0xAE, 0x40, 0xA6, 0xF1, \ - 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67 -#endif - -#if 0 -/* c2tnb431r1 : X9.62 curve over a 431 bit binary field */ -#define EC_PARAM_c2tnb431r1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb431r1_a \ - 0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, \ - 0x23, 0x4C, 0xAF, 0x04, 0x6C, 0x6A, 0x5D, 0x8A, \ - 0x85, 0x39, 0x5B, 0x23, 0x6C, 0xC4, 0xAD, 0x2C, \ - 0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9, 0xDD, 0xF6, \ - 0x20, 0xB0, 0xEB, 0x99, 0x06, 0xD0, 0x95, 0x7F, \ - 0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF, \ - 0x10, 0x4D, 0xE2, 0x96, 0xCD, 0x8F -#define EC_PARAM_c2tnb431r1_b \ - 0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, \ - 0x15, 0x43, 0x59, 0xAB, 0xFB, 0x1B, 0x7F, 0x54, \ - 0x85, 0xB0, 0x4C, 0xEB, 0x86, 0x82, 0x37, 0xDD, \ - 0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67, 0x9A, 0x5A, \ - 0x91, 0x9B, 0x62, 0x6D, 0x4E, 0x50, 0xA8, 0xDD, \ - 0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F, \ - 0xB5, 0xD8, 0x07, 0xBF, 0x26, 0x18 -#define EC_PARAM_c2tnb431r1_x \ - 0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, \ - 0xE1, 0x61, 0xD2, 0xF4, 0x09, 0x26, 0x22, 0xFE, \ - 0xCA, 0x70, 0x1B, 0xE4, 0xF5, 0x0F, 0x47, 0x58, \ - 0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2, 0xA6, 0x58, \ - 0xEF, 0x8C, 0x21, 0xE7, 0xC5, 0xEF, 0xE9, 0x65, \ - 0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47, \ - 0xB0, 0xDB, 0xD7, 0x0C, 0xE6, 0xB7 -#define EC_PARAM_c2tnb431r1_y \ - 0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, \ - 0x5F, 0xA2, 0xC2, 0x55, 0x74, 0x5D, 0x3C, 0x45, \ - 0x1B, 0x30, 0x2C, 0x93, 0x46, 0xD9, 0xB7, 0xE4, \ - 0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B, 0x59, 0x1F, \ - 0x3E, 0x8F, 0x6A, 0xDD, 0xCB, 0xB0, 0xBC, 0x4C, \ - 0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62, \ - 0x5D, 0x6A, 0x59, 0x8B, 0x37, 0x60 -#define EC_PARAM_c2tnb431r1_order \ - 0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, \ - 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, \ - 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, \ - 0x34, 0x03, 0x40, 0x34, 0x03, 0x23, 0xC3, 0x13, \ - 0xFA, 0xB5, 0x05, 0x89, 0x70, 0x3B, 0x5E, 0xC6, \ - 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C, \ - 0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls1 : WTLS curve over a 113 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_x \ - 0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, \ - 0xE5, 0xD5, 0xC2, 0x70, 0x78, 0x06, 0x17 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_y \ - 0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, \ - 0x0E, 0x08, 0x78, 0x5C, 0xEB, 0xCC, 0x15 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_order \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFD, 0xBF, 0x91, 0xAF, 0x6D, 0xEA, 0x73 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls3 : NIST/SECG/WTLS curve over a 163 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xC9 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_x \ - 0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, \ - 0xAC, 0xAA, 0x07, 0xD7, 0x93, 0xDE, 0x4E, 0x6D, \ - 0x5E, 0x5C, 0x94, 0xEE, 0xE8 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_y \ - 0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, \ - 0x58, 0x32, 0x1F, 0x2E, 0x80, 0x05, 0x36, 0xD5, \ - 0x38, 0xCC, 0xDA, 0xA3, 0xD9 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x02, 0x01, 0x08, 0xA2, 0xE0, 0xCC, \ - 0x0D, 0x99, 0xF8, 0xA5, 0xEF -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls4 : SECG curve over a 113 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_a \ - 0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, \ - 0xFE, 0x64, 0x9C, 0xE8, 0x58, 0x20, 0xF7 -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_b \ - 0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, \ - 0x44, 0x18, 0x8B, 0xE0, 0xE9, 0xC7, 0x23 -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_x \ - 0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, \ - 0x14, 0x07, 0xD7, 0x35, 0x62, 0xC1, 0x0F -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_y \ - 0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, \ - 0x84, 0xD1, 0x31, 0x5E, 0xD3, 0x18, 0x86 -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0xD9, 0xCC, 0xEC, 0x8A, 0x39, 0xE5, 0x6F -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls5 : X9.62 curve over a 163 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x07 -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_a \ - 0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, \ - 0x22, 0xE0, 0x78, 0x96, 0x75, 0xF4, 0x32, 0xC8, \ - 0x94, 0x35, 0xDE, 0x52, 0x42 -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_b \ - 0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, \ - 0x3C, 0xFF, 0x38, 0xC7, 0x4B, 0x20, 0xB6, 0xCD, \ - 0x4D, 0x6F, 0x9D, 0xD4, 0xD9 -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_x \ - 0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, \ - 0x79, 0x32, 0x9F, 0xCC, 0x3D, 0x74, 0x88, 0x0F, \ - 0x33, 0xBB, 0xE8, 0x03, 0xCB -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_y \ - 0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, \ - 0xEA, 0x1D, 0x3F, 0x87, 0xF7, 0xEA, 0x58, 0x48, \ - 0xAE, 0xF0, 0xB7, 0xCA, 0x9F -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xE6, 0x0F, 0xC8, 0x82, 0x1C, \ - 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls6 : SECG/WTLS curve over a 112 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_prime \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_a \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x88 -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_b \ - 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, \ - 0xDE, 0x89, 0x11, 0x70, 0x2B, 0x22 -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_x \ - 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, \ - 0x6B, 0x55, 0xF9, 0xC2, 0xF0, 0x98 -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_y \ - 0xA8, 0x9C, 0xE5, 0xAF, 0x87, 0x24, 0xC0, 0xA2, \ - 0x3E, 0x0E, 0x0F, 0xF7, 0x75, 0x00 -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_order \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, \ - 0x28, 0xDF, 0xAC, 0x65, 0x61, 0xC5 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls7 : SECG/WTLS curve over a 160 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x73 -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_a \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x70 -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_b \ - 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, \ - 0x8B, 0xAB, 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, \ - 0x5A, 0xF5, 0x03, 0x88, 0xBA -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_x \ - 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, \ - 0x7E, 0x1F, 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, \ - 0x9D, 0x31, 0x44, 0xCE, 0x6D -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_y \ - 0x00, 0xFE, 0xAF, 0xFE, 0xF2, 0xE3, 0x31, 0xF2, \ - 0x96, 0xE0, 0x71, 0xFA, 0x0D, 0xF9, 0x98, 0x2C, \ - 0xFE, 0xA7, 0xD4, 0x3F, 0x2E -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, \ - 0x18, 0xF3, 0xA1, 0xA1, 0x6B -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls8 : WTLS curve over a 112 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xE7 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ - 0xEC, 0xEA, 0x55, 0x1A, 0xD8, 0x37, 0xE9 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls9 : WTLS curve over a 160 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFC, 0x80, 0x8F -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x03 -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x02 -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xCD, 0xC9, 0x8A, 0xE0, 0xE2, \ - 0xDE, 0x57, 0x4A, 0xBF, 0x33 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls10 : NIST/SECG/WTLS curve over a 233 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_x \ - 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, \ - 0x1A, 0xF1, 0x29, 0xF2, 0x2F, 0xF4, 0x14, 0x95, \ - 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, \ - 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_y \ - 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, \ - 0xF7, 0x0F, 0x55, 0x5A, 0x67, 0xC4, 0x27, 0xA8, \ - 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, \ - 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_order \ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, \ - 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, \ - 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls11 : NIST/SECG/WTLS curve over a 233 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_b \ - 0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, \ - 0x7F, 0x8C, 0x09, 0x23, 0xBB, 0x58, 0x21, 0x3B, \ - 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE, \ - 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_x \ - 0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, \ - 0xBB, 0x21, 0x39, 0xF1, 0xBB, 0x75, 0x5F, 0xEF, \ - 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8, \ - 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_y \ - 0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, \ - 0x06, 0x78, 0xE5, 0x85, 0x28, 0xBE, 0xBF, 0x8A, \ - 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71, \ - 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52 -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, \ - 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03, \ - 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls12 : WTLS curve over a 224 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_b \ - 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, \ - 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, \ - 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, \ - 0x23, 0x55, 0xFF, 0xB4 -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_x \ - 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, \ - 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, \ - 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, \ - 0x11, 0x5C, 0x1D, 0x21 -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_y \ - 0xBD, 0x37, 0x63, 0x88, 0xB5, 0xF7, 0x23, 0xFB, \ - 0x4C, 0x22, 0xDF, 0xE6, 0xCD, 0x43, 0x75, 0xA0, \ - 0x5A, 0x07, 0x47, 0x64, 0x44, 0xD5, 0x81, 0x99, \ - 0x85, 0x00, 0x7E, 0x34 -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, \ - 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, \ - 0x5C, 0x5C, 0x2A, 0x3D -#endif - -#if 0 -/* Oakley-EC2N-3 : - IPSec/IKE/Oakley curve #3 over a 155 bit binary field. - Not suitable for ECDSA. - Questionable extension field! */ -#define EC_PARAM_Oakley_EC2N_3_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_Oakley_EC2N_3_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_Oakley_EC2N_3_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x07, 0x33, 0x8F -#define EC_PARAM_Oakley_EC2N_3_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x7B -#define EC_PARAM_Oakley_EC2N_3_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xC8 -#define EC_PARAM_Oakley_EC2N_3_order \ - 0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \ - 0xAA, 0xAA, 0xC7, 0xF3, 0xC7, 0x88, 0x1B, 0xD0, \ - 0x86, 0x8F, 0xA8, 0x6C -#endif - -#if 0 -/* Oakley-EC2N-4 : - IPSec/IKE/Oakley curve #4 over a 185 bit binary field. - Not suitable for ECDSA. - Questionable extension field! */ -#define EC_PARAM_Oakley_EC2N_4_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_Oakley_EC2N_4_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_Oakley_EC2N_4_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1E, 0xE9 -#define EC_PARAM_Oakley_EC2N_4_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18 -#define EC_PARAM_Oakley_EC2N_4_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D -#define EC_PARAM_Oakley_EC2N_4_order \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xF9, 0x7C, 0x44, \ - 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E -#endif - -#if 1 -/* brainpoolP160r1 : RFC 5639 curve over a 160 bit prime field */ -#define EC_PARAM_brainpoolP160r1_prime \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ - 0x95, 0x15, 0x62, 0x0F -#define EC_PARAM_brainpoolP160r1_a \ - 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, \ - 0xE2, 0xBE, 0x61, 0xBA, 0xDA, 0x74, 0x5D, 0x97, \ - 0xE8, 0xF7, 0xC3, 0x00 -#define EC_PARAM_brainpoolP160r1_b \ - 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, \ - 0x13, 0x4F, 0xAA, 0x2D, 0xBD, 0xEC, 0x95, 0xC8, \ - 0xD8, 0x67, 0x5E, 0x58 -#define EC_PARAM_brainpoolP160r1_x \ - 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, \ - 0x62, 0x93, 0x8C, 0x46, 0x31, 0xEB, 0x5A, 0xF7, \ - 0xBD, 0xBC, 0xDB, 0xC3 -#define EC_PARAM_brainpoolP160r1_y \ - 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, \ - 0x38, 0xF9, 0x47, 0x41, 0x66, 0x9C, 0x97, 0x63, \ - 0x16, 0xDA, 0x63, 0x21 -#define EC_PARAM_brainpoolP160r1_order \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, \ - 0x9E, 0x60, 0xFC, 0x09 -#endif - -#if 1 -/* brainpoolP160t1 : RFC 5639 curve over a 160 bit prime field */ -#define EC_PARAM_brainpoolP160t1_prime \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ - 0x95, 0x15, 0x62, 0x0F -#define EC_PARAM_brainpoolP160t1_a \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ - 0x95, 0x15, 0x62, 0x0C -#define EC_PARAM_brainpoolP160t1_b \ - 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, \ - 0x51, 0xED, 0x2C, 0x4D, 0x7D, 0xAA, 0x7A, 0x0B, \ - 0x5C, 0x55, 0xF3, 0x80 -#define EC_PARAM_brainpoolP160t1_x \ - 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, \ - 0x39, 0x7E, 0x64, 0xBA, 0xEB, 0x05, 0xAC, 0xC2, \ - 0x65, 0xFF, 0x23, 0x78 -#define EC_PARAM_brainpoolP160t1_y \ - 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, \ - 0xF0, 0x99, 0x1B, 0x84, 0x24, 0x43, 0x77, 0x21, \ - 0x52, 0xC9, 0xE0, 0xAD -#define EC_PARAM_brainpoolP160t1_order \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, \ - 0x9E, 0x60, 0xFC, 0x09 -#endif - -#if 1 -/* brainpoolP192r1 : RFC 5639 curve over a 192 bit prime field */ -#define EC_PARAM_brainpoolP192r1_prime \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ - 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97 -#define EC_PARAM_brainpoolP192r1_a \ - 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, \ - 0x9C, 0x39, 0xC0, 0x31, 0xFE, 0x86, 0x85, 0xC1, \ - 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF -#define EC_PARAM_brainpoolP192r1_b \ - 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, \ - 0xDC, 0x72, 0x1D, 0x04, 0x4F, 0x44, 0x96, 0xBC, \ - 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9 -#define EC_PARAM_brainpoolP192r1_x \ - 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, \ - 0x53, 0xB0, 0x33, 0xC5, 0x6C, 0xB0, 0xF0, 0x90, \ - 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6 -#define EC_PARAM_brainpoolP192r1_y \ - 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, \ - 0x8B, 0x5F, 0x48, 0x28, 0xC1, 0x49, 0x00, 0x02, \ - 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F -#define EC_PARAM_brainpoolP192r1_order \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, \ - 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 -#endif - -#if 1 -/* brainpoolP192t1 : RFC 5639 curve over a 192 bit prime field */ -#define EC_PARAM_brainpoolP192t1_prime \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ - 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97 -#define EC_PARAM_brainpoolP192t1_a \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ - 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94 -#define EC_PARAM_brainpoolP192t1_b \ - 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, \ - 0x68, 0xF9, 0xDE, 0xB4, 0x3B, 0x35, 0xBE, 0xC2, \ - 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79 -#define EC_PARAM_brainpoolP192t1_x \ - 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, \ - 0x28, 0x2E, 0x1F, 0xE7, 0xBB, 0xF4, 0x3F, 0xA7, \ - 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29 -#define EC_PARAM_brainpoolP192t1_y \ - 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, \ - 0x90, 0x2A, 0xB5, 0xCA, 0x44, 0x9D, 0x00, 0x84, \ - 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9 -#define EC_PARAM_brainpoolP192t1_order \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, \ - 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 -#endif - -#if 1 -/* brainpoolP224r1 : RFC 5639 curve over a 224 bit prime field */ -#define EC_PARAM_brainpoolP224r1_prime \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ - 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ - 0x7E, 0xC8, 0xC0, 0xFF -#define EC_PARAM_brainpoolP224r1_a \ - 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, \ - 0x29, 0x98, 0x03, 0xA6, 0xC1, 0x53, 0x0B, 0x51, \ - 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59, \ - 0xCA, 0xD2, 0x9F, 0x43 -#define EC_PARAM_brainpoolP224r1_b \ - 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, \ - 0x87, 0x07, 0x13, 0xB1, 0xA9, 0x23, 0x69, 0xE3, \ - 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72, \ - 0x38, 0x6C, 0x40, 0x0B -#define EC_PARAM_brainpoolP224r1_x \ - 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, \ - 0x34, 0x08, 0x23, 0xB2, 0xA8, 0x7D, 0xC6, 0x8C, \ - 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD, \ - 0xEE, 0x12, 0xC0, 0x7D -#define EC_PARAM_brainpoolP224r1_y \ - 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, \ - 0x24, 0xC6, 0xB8, 0x9E, 0x4E, 0xCD, 0xAC, 0x24, \ - 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3, \ - 0x76, 0x14, 0x02, 0xCD -#define EC_PARAM_brainpoolP224r1_order \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, \ - 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, \ - 0xA5, 0xA7, 0x93, 0x9F -#endif - -#if 1 -/* brainpoolP224t1 : RFC 5639 curve over a 224 bit prime field */ -#define EC_PARAM_brainpoolP224t1_prime \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ - 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ - 0x7E, 0xC8, 0xC0, 0xFF -#define EC_PARAM_brainpoolP224t1_a \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ - 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ - 0x7E, 0xC8, 0xC0, 0xFC -#define EC_PARAM_brainpoolP224t1_b \ - 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, \ - 0xEF, 0x27, 0x1B, 0xF6, 0x0C, 0xED, 0x1E, 0xD2, \ - 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1, \ - 0x8A, 0x60, 0x88, 0x8D -#define EC_PARAM_brainpoolP224t1_x \ - 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, \ - 0x96, 0x42, 0x4E, 0x7F, 0xFE, 0x14, 0x76, 0x2E, \ - 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60, \ - 0x29, 0xB4, 0xD5, 0x80 -#define EC_PARAM_brainpoolP224t1_y \ - 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, \ - 0xD2, 0x3F, 0x3F, 0x4D, 0x7C, 0x0D, 0x4B, 0x1E, \ - 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F, \ - 0x1A, 0x46, 0xDB, 0x4C -#define EC_PARAM_brainpoolP224t1_order \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, \ - 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, \ - 0xA5, 0xA7, 0x93, 0x9F -#endif - -#if 1 -/* brainpoolP256r1 : RFC 5639 curve over a 256 bit prime field */ -#define EC_PARAM_brainpoolP256r1_prime \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ - 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77 -#define EC_PARAM_brainpoolP256r1_a \ - 0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, \ - 0xEE, 0xF6, 0x75, 0x30, 0x41, 0x7A, 0xFF, 0xE7, \ - 0xFB, 0x80, 0x55, 0xC1, 0x26, 0xDC, 0x5C, 0x6C, \ - 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9 -#define EC_PARAM_brainpoolP256r1_b \ - 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, \ - 0xF3, 0x30, 0xB5, 0xD9, 0xBB, 0xD7, 0x7C, 0xBF, \ - 0x95, 0x84, 0x16, 0x29, 0x5C, 0xF7, 0xE1, 0xCE, \ - 0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 0x07, 0xB6 -#define EC_PARAM_brainpoolP256r1_x \ - 0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, \ - 0x2C, 0x4B, 0x48, 0x2F, 0xFC, 0x81, 0xB7, 0xAF, \ - 0xB9, 0xDE, 0x27, 0xE1, 0xE3, 0xBD, 0x23, 0xC2, \ - 0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 0x32, 0x62 -#define EC_PARAM_brainpoolP256r1_y \ - 0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, \ - 0x97, 0xF8, 0x46, 0x1A, 0x14, 0x61, 0x1D, 0xC9, \ - 0xC2, 0x77, 0x45, 0x13, 0x2D, 0xED, 0x8E, 0x54, \ - 0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 0x69, 0x97 -#define EC_PARAM_brainpoolP256r1_order \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, \ - 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, \ - 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 -#endif - -#if 1 -/* brainpoolP256t1 : RFC 5639 curve over a 256 bit prime field */ -#define EC_PARAM_brainpoolP256t1_prime \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ - 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77 -#define EC_PARAM_brainpoolP256t1_a \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ - 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x74 -#define EC_PARAM_brainpoolP256t1_b \ - 0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, \ - 0xFE, 0x66, 0xA7, 0x73, 0x3D, 0x0B, 0x76, 0xB7, \ - 0xBF, 0x93, 0xEB, 0xC4, 0xAF, 0x2F, 0x49, 0x25, \ - 0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, 0x2B, 0x04 -#define EC_PARAM_brainpoolP256t1_x \ - 0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, \ - 0x73, 0x22, 0x13, 0xB2, 0x3A, 0x65, 0x61, 0x49, \ - 0xAF, 0xA1, 0x42, 0xC4, 0x7A, 0xAF, 0xBC, 0x2B, \ - 0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, 0x05, 0xF4 -#define EC_PARAM_brainpoolP256t1_y \ - 0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, \ - 0x7F, 0x7B, 0x22, 0xE1, 0x46, 0x44, 0x41, 0x7E, \ - 0x69, 0xBC, 0xB6, 0xDE, 0x39, 0xD0, 0x27, 0x00, \ - 0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, 0xC9, 0xBE -#define EC_PARAM_brainpoolP256t1_order \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, \ - 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, \ - 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 -#endif - -#if 1 -/* brainpoolP320r1 : RFC 5639 curve over a 320 bit prime field */ -#define EC_PARAM_brainpoolP320r1_prime \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ - 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27 -#define EC_PARAM_brainpoolP320r1_a \ - 0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, \ - 0x83, 0xCC, 0xEB, 0xD4, 0x6D, 0x3F, 0x3B, 0xB8, \ - 0xA2, 0xA7, 0x35, 0x13, 0xF5, 0xEB, 0x79, 0xDA, \ - 0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 0xA9, 0xF4, \ - 0x92, 0xF3, 0x75, 0xA9, 0x7D, 0x86, 0x0E, 0xB4 -#define EC_PARAM_brainpoolP320r1_b \ - 0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, \ - 0xD3, 0xAD, 0x19, 0x86, 0x40, 0x68, 0x8A, 0x6F, \ - 0xE1, 0x3F, 0x41, 0x34, 0x95, 0x54, 0xB4, 0x9A, \ - 0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 0x39, 0x81, \ - 0x6F, 0x5E, 0xB4, 0xAC, 0x8F, 0xB1, 0xF1, 0xA6 -#define EC_PARAM_brainpoolP320r1_x \ - 0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, \ - 0x52, 0x89, 0xBC, 0xC4, 0x8E, 0xE5, 0xBF, 0xE6, \ - 0xF2, 0x01, 0x37, 0xD1, 0x0A, 0x08, 0x7E, 0xB6, \ - 0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 0x99, 0xC7, \ - 0x10, 0xAF, 0x8D, 0x0D, 0x39, 0xE2, 0x06, 0x11 -#define EC_PARAM_brainpoolP320r1_y \ - 0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, \ - 0xAB, 0x40, 0x93, 0x24, 0x7F, 0x77, 0x27, 0x5E, \ - 0x07, 0x43, 0xFF, 0xED, 0x11, 0x71, 0x82, 0xEA, \ - 0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 0x6A, 0xC7, \ - 0xD3, 0x52, 0x45, 0xD1, 0x69, 0x2E, 0x8E, 0xE1 -#define EC_PARAM_brainpoolP320r1_order \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, \ - 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, \ - 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 -#endif - -#if 1 -/* brainpoolP320t1 : RFC 5639 curve over a 320 bit prime field */ -#define EC_PARAM_brainpoolP320t1_prime \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ - 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27 -#define EC_PARAM_brainpoolP320t1_a \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ - 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x24 -#define EC_PARAM_brainpoolP320t1_b \ - 0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, \ - 0x60, 0xB3, 0xD1, 0x47, 0xDB, 0x78, 0x20, 0x13, \ - 0x06, 0x4C, 0x19, 0xF2, 0x7E, 0xD2, 0x7C, 0x67, \ - 0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, 0x47, 0xCE, \ - 0xB5, 0xB4, 0xFE, 0xF4, 0x22, 0x34, 0x03, 0x53 -#define EC_PARAM_brainpoolP320t1_x \ - 0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, \ - 0x4D, 0x3E, 0x7D, 0x49, 0x90, 0x01, 0x0F, 0x81, \ - 0x34, 0x08, 0xAB, 0x10, 0x6C, 0x4F, 0x09, 0xCB, \ - 0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, 0x6F, 0xFF, \ - 0x33, 0x57, 0xF6, 0x24, 0xA2, 0x1B, 0xED, 0x52 -#define EC_PARAM_brainpoolP320t1_y \ - 0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, \ - 0x66, 0x71, 0xDB, 0xEF, 0x7A, 0xBB, 0x30, 0xEB, \ - 0xEE, 0x08, 0x4E, 0x58, 0xA0, 0xB0, 0x77, 0xAD, \ - 0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, 0xE7, 0x1B, \ - 0x1B, 0x9B, 0xC0, 0x45, 0x5F, 0xB0, 0xD2, 0xC3 -#define EC_PARAM_brainpoolP320t1_order \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, \ - 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, \ - 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 -#endif - -#if 1 -/* brainpoolP384r1 : RFC 5639 curve over a 384 bit prime field */ -#define EC_PARAM_brainpoolP384r1_prime \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ - 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ - 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53 -#define EC_PARAM_brainpoolP384r1_a \ - 0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, \ - 0x3C, 0x72, 0x08, 0x0A, 0xCE, 0x05, 0xAF, 0xA0, \ - 0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87, \ - 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F, \ - 0x8A, 0xA5, 0x81, 0x4A, 0x50, 0x3A, 0xD4, 0xEB, \ - 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26 -#define EC_PARAM_brainpoolP384r1_b \ - 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, \ - 0x8B, 0x39, 0xB5, 0x54, 0x16, 0xF0, 0x44, 0x7C, \ - 0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6, \ - 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5, \ - 0x7C, 0xB4, 0x39, 0x02, 0x95, 0xDB, 0xC9, 0x94, \ - 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11 -#define EC_PARAM_brainpoolP384r1_x \ - 0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, \ - 0xA2, 0xA6, 0x3A, 0x81, 0xB7, 0xC1, 0x3F, 0x6B, \ - 0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3, \ - 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8, \ - 0xE8, 0x26, 0xE0, 0x34, 0x36, 0xD6, 0x46, 0xAA, \ - 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E -#define EC_PARAM_brainpoolP384r1_y \ - 0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, \ - 0x5C, 0xB1, 0xEB, 0x8E, 0x95, 0xCF, 0xD5, 0x52, \ - 0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64, \ - 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28, \ - 0x0E, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, \ - 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15 -#define EC_PARAM_brainpoolP384r1_order \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, \ - 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, \ - 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, \ - 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 -#endif - -#if 1 -/* brainpoolP384t1 : RFC 5639 curve over a 384 bit prime field */ -#define EC_PARAM_brainpoolP384t1_prime \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ - 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ - 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53 -#define EC_PARAM_brainpoolP384t1_a \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ - 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ - 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50 -#define EC_PARAM_brainpoolP384t1_b \ - 0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, \ - 0xD8, 0x26, 0xDB, 0xA6, 0x47, 0x91, 0x0F, 0x8C, \ - 0x4B, 0x93, 0x46, 0xED, 0x8C, 0xCD, 0xC6, 0x4E, \ - 0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, 0xCE, 0x1D, \ - 0x20, 0x74, 0xAA, 0x26, 0x3B, 0x88, 0x80, 0x5C, \ - 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE -#define EC_PARAM_brainpoolP384t1_x \ - 0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, \ - 0xF2, 0xAF, 0xCD, 0x72, 0x35, 0xF7, 0x2A, 0x81, \ - 0x9B, 0x80, 0xAB, 0x12, 0xEB, 0xD6, 0x53, 0x17, \ - 0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, 0xAB, 0xFF, \ - 0xC4, 0xFF, 0x19, 0x1B, 0x94, 0x6A, 0x5F, 0x54, \ - 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC -#define EC_PARAM_brainpoolP384t1_y \ - 0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, \ - 0xA1, 0x14, 0xAF, 0xD2, 0x75, 0x5A, 0xD3, 0x36, \ - 0x74, 0x7F, 0x93, 0x47, 0x5B, 0x7A, 0x1F, 0xCA, \ - 0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, 0xCC, 0xFE, \ - 0x46, 0x94, 0x08, 0x58, 0x4D, 0xC2, 0xB2, 0x91, \ - 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28 -#define EC_PARAM_brainpoolP384t1_order \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, \ - 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, \ - 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, \ - 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 -#endif - -#if 1 -/* brainpoolP512r1 : RFC 5639 curve over a 512 bit prime field */ -#define EC_PARAM_brainpoolP512r1_prime \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ - 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ - 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ - 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF3 -#define EC_PARAM_brainpoolP512r1_a \ - 0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, \ - 0xE2, 0x32, 0x71, 0x45, 0xAC, 0x23, 0x4C, 0xC5, \ - 0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10, \ - 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, \ - 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, \ - 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, \ - 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, \ - 0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA -#define EC_PARAM_brainpoolP512r1_b \ - 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, \ - 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, \ - 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, \ - 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7, \ - 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, \ - 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67, \ - 0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, \ - 0x28, 0x09, 0xBD, 0x63, 0x80, 0x16, 0xF7, 0x23 -#define EC_PARAM_brainpoolP512r1_x \ - 0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, \ - 0x5A, 0x21, 0x32, 0x2E, 0x9C, 0x4C, 0x6A, 0x93, \ - 0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1, \ - 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E, \ - 0xFF, 0x3B, 0x1F, 0x78, 0xE2, 0xD0, 0xD4, 0x8D, \ - 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F, \ - 0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, \ - 0x8B, 0x35, 0x22, 0x09, 0xBC, 0xB9, 0xF8, 0x22 -#define EC_PARAM_brainpoolP512r1_y \ - 0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, \ - 0xC0, 0xEA, 0xBF, 0xA9, 0xCF, 0x78, 0x22, 0xFD, \ - 0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A, \ - 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11, \ - 0xB2, 0xDC, 0xDE, 0x49, 0x4A, 0x5F, 0x48, 0x5E, \ - 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE, \ - 0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, \ - 0x78, 0xCD, 0x1E, 0x0F, 0x3A, 0xD8, 0x08, 0x92 -#define EC_PARAM_brainpoolP512r1_order \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, \ - 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, \ - 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, \ - 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, \ - 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69 -#endif - -#if 1 -/* brainpoolP512t1 : RFC 5639 curve over a 512 bit prime field */ -#define EC_PARAM_brainpoolP512t1_prime \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ - 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ - 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ - 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF3 -#define EC_PARAM_brainpoolP512t1_a \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ - 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ - 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ - 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF0 -#define EC_PARAM_brainpoolP512t1_b \ - 0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, \ - 0x6E, 0x18, 0x90, 0xE4, 0x68, 0x84, 0xEA, 0xE3, \ - 0x21, 0xF7, 0x0C, 0x0B, 0xCB, 0x49, 0x81, 0x52, \ - 0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, 0x36, 0xA6, \ - 0x2B, 0xCD, 0xFA, 0x23, 0x04, 0x97, 0x65, 0x40, \ - 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45, \ - 0xC2, 0x25, 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, \ - 0x18, 0x0E, 0xA2, 0x57, 0x18, 0x67, 0x42, 0x3E -#define EC_PARAM_brainpoolP512t1_x \ - 0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, \ - 0xB9, 0xC1, 0xBA, 0x06, 0xCB, 0xC2, 0xA6, 0xFE, \ - 0xBA, 0x85, 0x84, 0x24, 0x58, 0xC5, 0x6D, 0xDE, \ - 0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, 0x31, 0x3D, \ - 0x82, 0xBA, 0x51, 0x73, 0x5C, 0xDB, 0x3E, 0xA4, \ - 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64, \ - 0xF7, 0xA3, 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, \ - 0x1B, 0xAA, 0x26, 0x96, 0xFA, 0x90, 0x35, 0xDA -#define EC_PARAM_brainpoolP512t1_y \ - 0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, \ - 0xA2, 0xC8, 0x92, 0x37, 0x6C, 0x84, 0xAC, 0xE1, \ - 0xBB, 0x4E, 0x30, 0x19, 0xB7, 0x16, 0x34, 0xC0, \ - 0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, 0xCE, 0xE9, \ - 0xD9, 0x93, 0x21, 0x84, 0xBE, 0xEF, 0x21, 0x6B, \ - 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27, \ - 0x30, 0x6E, 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, \ - 0xE1, 0x98, 0xB6, 0x1E, 0x00, 0xF8, 0xB3, 0x32 -#define EC_PARAM_brainpoolP512t1_order \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, \ - 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, \ - 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, \ - 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, \ - 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69 -#endif - -#if 1 -/* TPM_BM_P256 : TPM_BM_P256 curve over a 256 bit */ -#define EC_PARAM_tpm_bm_p256_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, \ - 0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F, \ - 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82, \ - 0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13 -#define EC_PARAM_tpm_bm_p256_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_tpm_bm_p256_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 -#define EC_PARAM_tpm_bm_p256_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_tpm_bm_p256_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 -#define EC_PARAM_tpm_bm_p256_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, \ - 0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9E, \ - 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A, \ - 0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D -#endif - -/* clang-format on */ -#endif /* SE05X_ECC_CURVES_LIST_H_INC */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h deleted file mode 100644 index cb0191c91..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h +++ /dev/null @@ -1,1030 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -/** @file */ - -#ifndef SE05x_ENUMS_H -#define SE05x_ENUMS_H - -#include - - -/* + more or less machine Generated */ - -/** Reserved idendntifiers of the Applet */ -typedef enum -{ - /** Invalid */ - kSE05x_AppletResID_NA = 0, - /** An authentication object which allows the user to switch - * LockState of the applet. The LockState defines whether the - * applet is transport locked or not. */ - kSE05x_AppletResID_TRANSPORT = 0x7FFF0200, - /** A device unique NIST P-256 key pair which contains SK.SE.ECKA - * and PK.SE.ECKA in ECKey session context. */ - kSE05x_AppletResID_KP_ECKEY_USER = 0x7FFF0201, - /** A device unique NIST P-256 key pair which contains SK.SE.ECKA - * and PK.SE.ECKA in ECKey session context; A constant card - * challenge (all zeroes) is applicable. */ - kSE05x_AppletResID_KP_ECKEY_IMPORT = 0x7FFF0202, - /* Reserved Key @ location 0x7FFF0203 */ - /** An authentication object which allows the user to change the - applet variant. */ - kSE05x_AppletResID_FEATURE = 0x7FFF0204, - /** An authentication object which allows the user to delete all - objects, except trust provisioned by NXP objects. */ - kSE05x_AppletResID_FACTORY_RESET = 0x7FFF0205, - /** A BinaryFile Secure Object which holds the device unique - * ID. This file cannot be overwritten or deleted. */ - kSE05x_AppletResID_UNIQUE_ID = 0x7FFF0206, - /** An authentication object which allows the user to change the - * platform SCP requirements, i.e. make platform SCP mandatory or - * not, using SetPlatformSCPRequest. Mandatory means full security, - * i.e. command & response MAC and encryption. Only SCP03 will be - * sufficient. */ - kSE05x_AppletResID_PLATFORM_SCP = 0x7FFF0207, - /** An authentication object which grants access to the I2C master - * feature. If the credential is not present, access to I2C master - * is allowed in general. Otherwise, a session using this - * credential shall be established and I2CM commands shall be sent - * within this session. */ - kSE05x_AppletResID_I2CM_ACCESS = 0x7FFF0208, - /** An authentication object which grants access to the - * SetLockState command */ - kSE05x_AppletResID_RESTRICT = 0x7FFF020A, - -} SE05x_AppletResID_t; - -/** Mapping of 2 byte return code */ -typedef enum -{ - /** Invalid */ - kSE05x_SW12_NA = 0, - /** No Error */ - kSE05x_SW12_NO_ERROR = 0x9000, - /** Conditions not satisfied */ - kSE05x_SW12_CONDITIONS_NOT_SATISFIED = 0x6985, - /** Security status not satisfied. */ - kSE05x_SW12_SECURITY_STATUS = 0x6982, - /** Wrong data provided. */ - kSE05x_SW12_WRONG_DATA = 0x6A80, - /** Data invalid - policy set invalid for the given object */ - kSE05x_SW12_DATA_INVALID = 0x6984, - /** Command not allowed - access denied based on object policy */ - kSE05x_SW12_COMMAND_NOT_ALLOWED = 0x6986, -} SE05x_SW12_t; - -/** Values for INS in ISO7816 APDU */ -typedef enum -{ - /** Invalid */ - kSE05x_INS_NA = 0, - /** 3 MSBit for instruction characteristics. */ - kSE05x_INS_MASK_INS_CHAR = 0xE0, - /** 5 LSBit for instruction */ - kSE05x_INS_MASK_INSTRUCTION = 0x1F, - - /** Mask for transient object creation, can only be combined with INS_WRITE. */ - kSE05x_INS_TRANSIENT = 0x80, - /** Mask for authentication object creation, can only be combined with INS_WRITE */ - kSE05x_INS_AUTH_OBJECT = 0x40, - /** Mask for getting attestation data. */ - kSE05x_INS_ATTEST = 0x20, - - /** Write or create a persistent object. */ - kSE05x_INS_WRITE = 0x01, - /** Read the object */ - kSE05x_INS_READ = 0x02, - /** Perform Security Operation */ - kSE05x_INS_CRYPTO = 0x03, - /** General operation */ - kSE05x_INS_MGMT = 0x04, - /** Process session command */ - kSE05x_INS_PROCESS = 0x05, -} SE05x_INS_t; - -/** Values for P1 in ISO7816 APDU */ -typedef enum -{ - /** Invalid */ - kSE05x_P1_NA = 0, - /** Highest bit not used */ - kSE05x_P1_UNUSED = 0x80, - /** 2 MSBit for key type */ - kSE05x_P1_MASK_KEY_TYPE = 0x60, - /** 5 LSBit for credential type */ - kSE05x_P1_MASK_CRED_TYPE = 0x1F, - - /** Key pair (private key + public key) */ - kSE05x_P1_KEY_PAIR = 0x60, - /** Private key */ - kSE05x_P1_PRIVATE = 0x40, - /** Public key */ - kSE05x_P1_PUBLIC = 0x20, - - kSE05x_P1_DEFAULT = 0x00, - kSE05x_P1_EC = 0x01, - kSE05x_P1_RSA = 0x02, - kSE05x_P1_AES = 0x03, - kSE05x_P1_DES = 0x04, - kSE05x_P1_HMAC = 0x05, - kSE05x_P1_BINARY = 0x06, - kSE05x_P1_UserID = 0x07, - kSE05x_P1_COUNTER = 0x08, - kSE05x_P1_PCR = 0x09, - kSE05x_P1_CURVE = 0x0B, - kSE05x_P1_SIGNATURE = 0x0C, - kSE05x_P1_MAC = 0x0D, - kSE05x_P1_CIPHER = 0x0E, - kSE05x_P1_TLS = 0x0F, - kSE05x_P1_CRYPTO_OBJ = 0x10, -#if SSS_HAVE_SE05X_VER_GTE_06_00 - /** Applet >= 4.4 */ - kSE05x_P1_AEAD = 0x11, - /** Applet >= 4.4 */ - kSE05x_P1_AEAD_SP800_38D = 0x12, -#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ -} SE05x_P1_t; - -/** Values for P2 in ISO7816 APDU */ -typedef enum -{ - /** Invalid */ - kSE05x_P2_DEFAULT = 0x00, - kSE05x_P2_GENERATE = 0x03, - kSE05x_P2_CREATE = 0x04, - kSE05x_P2_SIZE = 0x07, - kSE05x_P2_SIGN = 0x09, - kSE05x_P2_VERIFY = 0x0A, - kSE05x_P2_INIT = 0x0B, - kSE05x_P2_UPDATE = 0x0C, - kSE05x_P2_FINAL = 0x0D, - kSE05x_P2_ONESHOT = 0x0E, - kSE05x_P2_DH = 0x0F, - kSE05x_P2_DIVERSIFY = 0x10, - // kSE05x_P2_AUTH_PART1 = 0x11, - kSE05x_P2_AUTH_FIRST_PART2 = 0x12, - kSE05x_P2_AUTH_NONFIRST_PART2 = 0x13, - kSE05x_P2_DUMP_KEY = 0x14, - kSE05x_P2_CHANGE_KEY_PART1 = 0x15, - kSE05x_P2_CHANGE_KEY_PART2 = 0x16, - kSE05x_P2_KILL_AUTH = 0x17, - kSE05x_P2_IMPORT = 0x18, - kSE05x_P2_EXPORT = 0x19, - kSE05x_P2_SESSION_CREATE = 0x1B, - kSE05x_P2_SESSION_CLOSE = 0x1C, - kSE05x_P2_SESSION_REFRESH = 0x1E, - kSE05x_P2_SESSION_POLICY = 0x1F, - kSE05x_P2_VERSION = 0x20, - kSE05x_P2_VERSION_EXT = 0x21, - kSE05x_P2_MEMORY = 0x22, - kSE05x_P2_LIST = 0x25, - kSE05x_P2_TYPE = 0x26, - kSE05x_P2_EXIST = 0x27, - kSE05x_P2_DELETE_OBJECT = 0x28, - kSE05x_P2_DELETE_ALL = 0x2A, - kSE05x_P2_SESSION_UserID = 0x2C, - kSE05x_P2_HKDF = 0x2D, - kSE05x_P2_PBKDF = 0x2E, - /* Applet >= 4.4 */ - kSE05x_P2_HKDF_EXPAND_ONLY = 0x2F, - kSE05x_P2_I2CM = 0x30, - kSE05x_P2_I2CM_ATTESTED = 0x31, - kSE05x_P2_MAC = 0x32, - kSE05x_P2_UNLOCK_CHALLENGE = 0x33, - kSE05x_P2_CURVE_LIST = 0x34, - kSE05x_P2_SIGN_ECDAA = 0x35, - kSE05x_P2_ID = 0x36, - kSE05x_P2_ENCRYPT_ONESHOT = 0x37, - kSE05x_P2_DECRYPT_ONESHOT = 0x38, - kSE05x_P2_ATTEST = 0x3A, - kSE05x_P2_ATTRIBUTES = 0x3B, - kSE05x_P2_CPLC = 0x3C, - kSE05x_P2_TIME = 0x3D, - kSE05x_P2_TRANSPORT = 0x3E, - kSE05x_P2_VARIANT = 0x3F, - kSE05x_P2_PARAM = 0x40, - kSE05x_P2_DELETE_CURVE = 0x41, - kSE05x_P2_ENCRYPT = 0x42, - kSE05x_P2_DECRYPT = 0x43, - kSE05x_P2_VALIDATE = 0x44, - kSE05x_P2_GENERATE_ONESHOT = 0x45, - kSE05x_P2_VALIDATE_ONESHOT = 0x46, - kSE05x_P2_CRYPTO_LIST = 0x47, - kSE05x_P2_RANDOM = 0x49, - kSE05x_P2_TLS_PMS = 0x4A, - kSE05x_P2_TLS_PRF_CLI_HELLO = 0x4B, - kSE05x_P2_TLS_PRF_SRV_HELLO = 0x4C, - kSE05x_P2_TLS_PRF_CLI_RND = 0x4D, - kSE05x_P2_TLS_PRF_SRV_RND = 0x4E, - kSE05x_P2_TLS_PRF_BOTH = 0x5A, - kSE05x_P2_RAW = 0x4F, - kSE05x_P2_IMPORT_EXT = 0x51, - kSE05x_P2_SCP = 0x52, - kSE05x_P2_AUTH_FIRST_PART1 = 0x53, - kSE05x_P2_AUTH_NONFIRST_PART1 = 0x54, -#if SSS_HAVE_SE05X_VER_GTE_06_00 - kSE05x_P2_CM_COMMAND = 0x55, - kSE05x_P2_MODE_OF_OPERATION = 0x56, - kSE05x_P2_RESTRICT = 0x57, - kSE05x_P2_SANITY = 0x58, - kSE05x_P2_DH_REVERSE = 0x59, - kSE05x_P2_READ_STATE = 0x5B -#endif -} SE05x_P2_t; - - -/** Data for available memory */ -typedef enum -{ - /** Invalid */ - kSE05x_MemoryType_NA = 0, - /** Persistent memory */ - kSE05x_MemoryType_PERSISTENT = 0x01, - /** Transient memory, clear on reset */ - kSE05x_MemoryType_TRANSIENT_RESET = 0x02, - /** Transient memory, clear on deselect */ - kSE05x_MemoryType_TRANSIENT_DESELECT = 0x03, -} SE05x_MemoryType_t; - -/** Where was this object originated */ -typedef enum -{ - /** Invalid */ - kSE05x_Origin_NA = 0, - /** Generated outside the module. */ - kSE05x_Origin_EXTERNAL = 0x01, - /** Generated inside the module. */ - kSE05x_Origin_INTERNAL = 0x02, - /** Trust provisioned by NXP */ - kSE05x_Origin_PROVISIONED = 0x03, -} SE05x_Origin_t; - -/** Different TAG Values to talk to SE05X IoT Applet */ -typedef enum -{ - /** Invalid */ - kSE05x_TAG_NA = 0, - kSE05x_TAG_SESSION_ID = 0x10, - kSE05x_TAG_POLICY = 0x11, - kSE05x_TAG_MAX_ATTEMPTS = 0x12, - kSE05x_TAG_IMPORT_AUTH_DATA = 0x13, - kSE05x_TAG_IMPORT_AUTH_KEY_ID = 0x14, - kSE05x_TAG_POLICY_CHECK = 0x15, - kSE05x_TAG_1 = 0x41, - kSE05x_TAG_2 = 0x42, - kSE05x_TAG_3 = 0x43, - kSE05x_TAG_4 = 0x44, - kSE05x_TAG_5 = 0x45, - kSE05x_TAG_6 = 0x46, - kSE05x_TAG_7 = 0x47, - kSE05x_TAG_8 = 0x48, - kSE05x_TAG_9 = 0x49, - kSE05x_TAG_10 = 0x4A, - kSE05x_TAG_11 = 0x4B, - kSE05x_GP_TAG_CONTRL_REF_PARM = 0xA6, - kSE05x_GP_TAG_AID = 0x4F, - kSE05x_GP_TAG_KEY_TYPE = 0x80, - kSE05x_GP_TAG_KEY_LEN = 0x81, - kSE05x_GP_TAG_GET_DATA = 0x83, - kSE05x_GP_TAG_DR_SE = 0x85, - kSE05x_GP_TAG_RECEIPT = 0x86, - kSE05x_GP_TAG_SCP_PARMS = 0x90, -} SE05x_TAG_t; - -#ifndef __DOXYGEN__ -#define kSE05x_TAG_GP_CONTRL_REF_PARM kSE05x_GP_TAG_CONTRL_REF_PARM -#endif - -/** Different signature algorithms for EC */ -typedef enum -{ - /** Invalid */ - kSE05x_ECSignatureAlgo_NA = 0, - /** NOT SUPPORTED */ - kSE05x_ECSignatureAlgo_PLAIN = 0x09, - kSE05x_ECSignatureAlgo_SHA = 0x11, - kSE05x_ECSignatureAlgo_SHA_224 = 0x25, - kSE05x_ECSignatureAlgo_SHA_256 = 0x21, - kSE05x_ECSignatureAlgo_SHA_384 = 0x22, - kSE05x_ECSignatureAlgo_SHA_512 = 0x26, -} SE05x_ECSignatureAlgo_t; - -/** Different signature algorithms for ED */ -typedef enum -{ - /** Invalid */ - kSE05x_EDSignatureAlgo_NA = 0, - /** Message input must be plain Data. Pure EDDSA algorithm */ - kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512 = 0xA3, -} SE05x_EDSignatureAlgo_t; - -/** Different signature algorithms for ECDAA */ -typedef enum -{ - /** Invalid */ - kSE05x_ECDAASignatureAlgo_NA = 0, - /** Message input must be pre-hashed (using SHA256) */ - kSE05x_ECDAASignatureAlgo_ECDAA = 0xF4, -} SE05x_ECDAASignatureAlgo_t; - -/** Different signature algorithms for RSA */ -typedef enum -{ - /** Invalid */ - kSE05x_RSASignatureAlgo_NA = 0, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA1_PKCS1_PSS = 0x15, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA224_PKCS1_PSS = 0x2B, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA256_PKCS1_PSS = 0x2C, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA384_PKCS1_PSS = 0x2D, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA512_PKCS1_PSS = 0x2E, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA1_PKCS1 = 0x0A, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA_224_PKCS1 = 0x27, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA_256_PKCS1 = 0x28, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA_384_PKCS1 = 0x29, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA_512_PKCS1 = 0x2A, -} SE05x_RSASignatureAlgo_t; - -/** Different encryption/decryption algorithms for RSA */ -typedef enum -{ - /** Invalid */ - kSE05x_RSAEncryptionAlgo_NA = 0, - /** Plain RSA, padding required on host. */ - kSE05x_RSAEncryptionAlgo_NO_PAD = 0x0C, - /** RFC8017: RSAES-PKCS1-v1_5 */ - kSE05x_RSAEncryptionAlgo_PKCS1 = 0x0A, - /** RFC8017: RSAES-OAEP */ - kSE05x_RSAEncryptionAlgo_PKCS1_OAEP = 0x0F, -} SE05x_RSAEncryptionAlgo_t; - -/** Size of RSA Key Objects */ -typedef enum -{ - /** Invalid */ - kSE05x_RSABitLength_NA = 0, - kSE05x_RSABitLength_512 = 512, - kSE05x_RSABitLength_1024 = 1024, - kSE05x_RSABitLength_1152 = 1152, - kSE05x_RSABitLength_2048 = 2048, - kSE05x_RSABitLength_3072 = 3072, - kSE05x_RSABitLength_4096 = 4096, -} SE05x_RSABitLength_t; - -/** Part of the RSA Key Objects */ -typedef enum -{ - /** Invalid */ - kSE05x_RSAKeyComponent_NA = 0xFF, - /** Modulus */ - kSE05x_RSAKeyComponent_MOD = 0x00, - /** Public key exponent */ - kSE05x_RSAKeyComponent_PUB_EXP = 0x01, - /** Private key exponent */ - kSE05x_RSAKeyComponent_PRIV_EXP = 0x02, - /** CRT component p */ - kSE05x_RSAKeyComponent_P = 0x03, - /** CRT component q */ - kSE05x_RSAKeyComponent_Q = 0x04, - /** CRT component dp */ - kSE05x_RSAKeyComponent_DP = 0x05, - /** CRT component dq */ - kSE05x_RSAKeyComponent_DQ = 0x06, - /** CRT component q_inv */ - kSE05x_RSAKeyComponent_INVQ = 0x07, -} SE05x_RSAKeyComponent_t; - -/** Hashing/Digest algorithms */ -typedef enum -{ - /** Invalid */ - kSE05x_DigestMode_NA = 0, - kSE05x_DigestMode_NO_HASH = 0x00, - kSE05x_DigestMode_SHA = 0x01, - /** Not supported */ - kSE05x_DigestMode_SHA224 = 0x07, - kSE05x_DigestMode_SHA256 = 0x04, - kSE05x_DigestMode_SHA384 = 0x05, - kSE05x_DigestMode_SHA512 = 0x06, -} SE05x_DigestMode_t; - -/** HMAC/CMAC Algorithms */ -typedef enum -{ - /** Invalid */ - kSE05x_MACAlgo_NA = 0, - kSE05x_MACAlgo_HMAC_SHA1 = 0x18, - kSE05x_MACAlgo_HMAC_SHA256 = 0x19, - kSE05x_MACAlgo_HMAC_SHA384 = 0x1A, - kSE05x_MACAlgo_HMAC_SHA512 = 0x1B, - kSE05x_MACAlgo_CMAC_128 = 0x31, -} SE05x_MACAlgo_t; - -/** AEAD Algorithms */ -typedef enum -{ - /** Invalid */ - kSE05x_AeadAlgo_NA = 0, - kSE05x_AeadGCMAlgo = 0xB0, - kSE05x_AeadGCM_IVAlgo = 0xF3, - kSE05x_AeadCCMAlgo = 0xF4, -} SE05x_AeadAlgo_t; - -/** HKDF Mode */ -typedef enum -{ - /** Invalid */ - kSE05x_HkdfMode_NA = 0x00, - kSE05x_HkdfMode_ExtractExpand = 0x01, - kSE05x_HkdfMode_ExpandOnly = 0x02, -} SE05x_HkdfMode_t; - -/** ECC Curve Identifiers */ -typedef enum -{ - /** Invalid */ - kSE05x_ECCurve_NA = 0x00, - kSE05x_ECCurve_NIST_P192 = 0x01, - kSE05x_ECCurve_NIST_P224 = 0x02, - kSE05x_ECCurve_NIST_P256 = 0x03, - kSE05x_ECCurve_NIST_P384 = 0x04, - kSE05x_ECCurve_NIST_P521 = 0x05, - kSE05x_ECCurve_Brainpool160 = 0x06, - kSE05x_ECCurve_Brainpool192 = 0x07, - kSE05x_ECCurve_Brainpool224 = 0x08, - kSE05x_ECCurve_Brainpool256 = 0x09, - kSE05x_ECCurve_Brainpool320 = 0x0A, - kSE05x_ECCurve_Brainpool384 = 0x0B, - kSE05x_ECCurve_Brainpool512 = 0x0C, - kSE05x_ECCurve_Secp160k1 = 0x0D, - kSE05x_ECCurve_Secp192k1 = 0x0E, - kSE05x_ECCurve_Secp224k1 = 0x0F, - kSE05x_ECCurve_Secp256k1 = 0x10, - kSE05x_ECCurve_TPM_ECC_BN_P256 = 0x11, - /** Not Weierstrass */ - kSE05x_ECCurve_ECC_ED_25519 = 0x40, - kSE05x_ECCurve_ECC_MONT_DH_25519 = 0x41, - /** Not Weierstrass */ - kSE05x_ECCurve_ECC_MONT_DH_448 = 0x43, -} SE05x_ECCurve_t; - -#ifndef __DOXYGEN__ - -/** Same as kSE05x_ECCurve_TPM_ECC_BN_P256 */ -#define kSE05x_ECCurve_RESERVED_ID_ECC_ED_25519 kSE05x_ECCurve_ECC_ED_25519 -#define kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_25519 kSE05x_ECCurve_ECC_MONT_DH_25519 -#if SSS_HAVE_SE05X_VER_GTE_06_00 -#define kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_448 kSE05x_ECCurve_ECC_MONT_DH_448 -#endif -#define kSE05x_ECCurve_Total_Weierstrass_Curves kSE05x_ECCurve_TPM_ECC_BN_P256 -#endif - -/** Parameters while setting the curve */ -typedef enum -{ /** Invalid */ - kSE05x_ECCurveParam_NA = 0, - kSE05x_ECCurveParam_PARAM_A = 0x01, - kSE05x_ECCurveParam_PARAM_B = 0x02, - kSE05x_ECCurveParam_PARAM_G = 0x04, - kSE05x_ECCurveParam_PARAM_N = 0x08, - kSE05x_ECCurveParam_PARAM_PRIME = 0x10, -} SE05x_ECCurveParam_t; - -/** Symmetric cipher modes */ -typedef enum -{ - /** Invalid */ - kSE05x_CipherMode_NA = 0, - /** Typically using DESKey identifiers */ - kSE05x_CipherMode_DES_CBC_NOPAD = 0x01, - /** Typically using DESKey identifiers */ - kSE05x_CipherMode_DES_CBC_ISO9797_M1 = 0x02, - /** Typically using DESKey identifiers */ - kSE05x_CipherMode_DES_CBC_ISO9797_M2 = 0x03, - /** NOT SUPPORTED */ - kSE05x_CipherMode_DES_CBC_PKCS5 = 0x04, - /** Typically using DESKey identifiers */ - kSE05x_CipherMode_DES_ECB_NOPAD = 0x05, - /** NOT SUPPORTED */ - kSE05x_CipherMode_DES_ECB_ISO9797_M1 = 0x06, - /** NOT SUPPORTED */ - kSE05x_CipherMode_DES_ECB_ISO9797_M2 = 0x07, - /** NOT SUPPORTED */ - kSE05x_CipherMode_DES_ECB_PKCS5 = 0x08, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_ECB_NOPAD = 0x0E, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_CBC_NOPAD = 0x0D, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_CBC_ISO9797_M1 = 0x16, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_CBC_ISO9797_M2 = 0x17, - /** NOT SUPPORTED */ - kSE05x_CipherMode_AES_CBC_PKCS5 = 0x18, - /** Typically using AEAD GCM mode */ - kSE05x_CipherMode_AES_GCM = 0xB0, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_CTR = 0xF0, - /** Typically using AEAD GCM with internal IV Gen */ - kSE05x_CipherMode_AES_GCM_INT_IV = 0xF3, - /** Typically using AEAD CCM mode */ - kSE05x_CipherMode_AES_CCM = 0xF4, -} SE05x_CipherMode_t; - -/** Features which are available / enabled in the Applet */ -typedef enum { - /** Invalid */ - kSE05x_AppletConfig_NA = 0, - /** Use of curve TPM_ECC_BN_P256 */ - kSE05x_AppletConfig_ECDAA = 0x0001, - /** EC DSA and DH support */ - kSE05x_AppletConfig_ECDSA_ECDH_ECDHE = 0x0002, - /** Use of curve RESERVED_ID_ECC_ED_25519 */ - kSE05x_AppletConfig_EDDSA = 0x0004, - /** Use of curve RESERVED_ID_ECC_MONT_DH_25519 */ - kSE05x_AppletConfig_DH_MONT = 0x0008, - /** Writing HMACKey objects */ - kSE05x_AppletConfig_HMAC = 0x0010, - /** Writing RSAKey objects */ - kSE05x_AppletConfig_RSA_PLAIN = 0x0020, - /** Writing RSAKey objects */ - kSE05x_AppletConfig_RSA_CRT = 0x0040, - /** Writing AESKey objects */ - kSE05x_AppletConfig_AES = 0x0080, - /** Writing DESKey objects */ - kSE05x_AppletConfig_DES = 0x0100, - /** PBKDF2 */ - kSE05x_AppletConfig_PBKDF = 0x0200, - /** TLS Handshake support commands (see 4.16) in APDU Spec*/ - kSE05x_AppletConfig_TLS = 0x0400, - /** Mifare DESFire support (see 4.15) in APDU Spec*/ - kSE05x_AppletConfig_MIFARE = 0x0800, - /** RFU1 */ - kSE05x_AppletConfig_RFU1 = 0x1000, - /** I2C Master support (see 4.17) in APDU Spec*/ - kSE05x_AppletConfig_I2CM = 0x2000, - /** RFU2 */ - kSE05x_AppletConfig_RFU2 = 0x4000, -} SE05x_AppletConfig_t; - -/** Transient / Persistent lock */ -typedef enum -{ - /** Invalid */ - kSE05x_LockIndicator_NA = 0, - kSE05x_LockIndicator_TRANSIENT_LOCK = 0x01, - kSE05x_LockIndicator_PERSISTENT_LOCK = 0x02, -} SE05x_LockIndicator_t; - -/** - * Applet >= 4.4 - * - * See @ref Se05x_API_DisableObjCreation */ -typedef enum -{ - kSE05x_RestrictMode_NA = 0, - kSE05x_RestrictMode_RESTRICT_NEW = 0x01, - kSE05x_RestrictMode_RESTRICT_ALL = 0x02, -} SE05x_RestrictMode_t; - -/** - * Lock the sample (until unlocked ) - */ -typedef enum -{ - /** Invalid */ - kSE05x_LockState_NA = 0, - kSE05x_LockState_LOCKED = 0x01, - // kSE05x_LockState_UNLOCKED = Any except 0x01, -} SE05x_LockState_t; - -/** Cryptographic context for operation */ -typedef enum -{ - /** Invalid */ - kSE05x_CryptoContext_NA = 0, - /** For DigestInit/DigestUpdate/DigestFinal */ - kSE05x_CryptoContext_DIGEST = 0x01, - /** For CipherInit/CipherUpdate/CipherFinal */ - kSE05x_CryptoContext_CIPHER = 0x02, - /** For MACInit/MACUpdate/MACFinal */ - kSE05x_CryptoContext_SIGNATURE = 0x03, - /** For AEADInit/AEADUpdate/AEADFinal */ - kSE05x_CryptoContext_AEAD = 0x04, -} SE05x_CryptoContext_t; - -/** Result of operations */ -typedef enum -{ - /** Invalid */ - kSE05x_Result_NA = 0, - kSE05x_Result_SUCCESS = 0x01, - kSE05x_Result_FAILURE = 0x02, -} SE05x_Result_t; - -/** Whether object is transient or persistent */ -typedef enum -{ - /** Invalid */ - kSE05x_TransientIndicator_NA = 0, - kSE05x_TransientIndicator_PERSISTENT = 0x01, - kSE05x_TransientIndicator_TRANSIENT = 0x02, -} SE05x_TransientIndicator_t; - -/** Whether object attribute is set */ -typedef enum -{ - /** Invalid */ - kSE05x_SetIndicator_NA = 0, - kSE05x_SetIndicator_NOT_SET = 0x01, - kSE05x_SetIndicator_SET = 0x02, -} SE05x_SetIndicator_t; - -/** When there are more entries yet to be fetched from few of the APIs */ -typedef enum -{ - /** Invalid */ - kSE05x_MoreIndicator_NA = 0, - /** No more data available */ - kSE05x_MoreIndicator_NO_MORE = 0x01, - /** More data available */ - kSE05x_MoreIndicator_MORE = 0x02, -} SE05x_MoreIndicator_t; - -#if SSS_HAVE_SE05X_VER_GTE_06_00 -/** Health check */ -typedef enum -{ - /** Invalid */ - kSE05x_HealthCheckMode_NA = 0, - /** Performs all on-demand self-tests. Can only be done when - * the module is in FIPS mode. When the test fails, the chip - * goes into TERMINATED state. */ - kSE05x_HealthCheckMode_FIPS = 0xF906, - /** Performs ROM integrity checks. When the test fails, the chip - * triggers the attack counter and the chip will reset. */ - kSE05x_HealthCheckMode_CODE_SIGNATURE = 0xFE01, - /** Performs flash integrity tests. When the test fails, the chip - * triggers the attack counter and the chip will reset. */ - kSE05x_HealthCheckMode_DYNAMIC_FLASH_INTEGRITY = 0xFD02, - /** Performs tests on the active shield protection of the - * hardware. When the test fails, the chip triggers the attack - * counter and the chip will reset. */ - kSE05x_HealthCheckMode_SHIELDING = 0xFB04, - /** Performs self-tests on hardware sensors and reports the - * status. */ - kSE05x_HealthCheckMode_SENSOR = 0xFA05, - /** Performs self-tests on the hardware registers. When the test - * fails, the chip triggers the attack counter and the chip will - * reset. */ - kSE05x_HealthCheckMode_SFR_CHECK = 0xFC03, -} SE05x_HealthCheckMode_t; -#endif - -/** Mandate platform SCP or not */ -typedef enum -{ - /** Invalid */ - kSE05x_PlatformSCPRequest_NA = 0, - /** Platform SCP is required (full enc & MAC) */ - kSE05x_PlatformSCPRequest_REQUIRED = 0x01, - /** No platform SCP required. */ - kSE05x_PlatformSCPRequest_NOT_REQUIRED = 0x02, -} SE05x_PlatformSCPRequest_t; - -/** Crypto object identifiers */ -typedef enum -{ - /** Invalid */ - kSE05x_CryptoObject_NA = 0, - kSE05x_CryptoObject_DIGEST_SHA, - kSE05x_CryptoObject_DIGEST_SHA224, - kSE05x_CryptoObject_DIGEST_SHA256, - kSE05x_CryptoObject_DIGEST_SHA384, - kSE05x_CryptoObject_DIGEST_SHA512, - kSE05x_CryptoObject_DES_CBC_NOPAD, - kSE05x_CryptoObject_DES_CBC_ISO9797_M1, - kSE05x_CryptoObject_DES_CBC_ISO9797_M2, - kSE05x_CryptoObject_DES_CBC_PKCS5, - kSE05x_CryptoObject_DES_ECB_NOPAD, - kSE05x_CryptoObject_DES_ECB_ISO9797_M1, - kSE05x_CryptoObject_DES_ECB_ISO9797_M2, - kSE05x_CryptoObject_DES_ECB_PKCS5, - kSE05x_CryptoObject_AES_ECB_NOPAD, - kSE05x_CryptoObject_AES_CBC_NOPAD, - kSE05x_CryptoObject_AES_CBC_ISO9797_M1, - kSE05x_CryptoObject_AES_CBC_ISO9797_M2, - kSE05x_CryptoObject_AES_CBC_PKCS5, - kSE05x_CryptoObject_AES_CTR, - kSE05x_CryptoObject_HMAC_SHA1, - kSE05x_CryptoObject_HMAC_SHA256, - kSE05x_CryptoObject_HMAC_SHA384, - kSE05x_CryptoObject_HMAC_SHA512, - kSE05x_CryptoObject_CMAC_128, - kSE05x_CryptoObject_AES_GCM, - kSE05x_CryptoObject_AES_GCM_INT_IV, - kSE05x_CryptoObject_AES_CCM, -} SE05x_CryptoObject_t; - -/** @copydoc SE05x_CryptoObject_t */ -#define SE05x_CryptoObjectID_t SE05x_CryptoObject_t - -/** Maximum number of session supported by SE050 */ -#define SE050_MAX_NUMBER_OF_SESSIONS 2 -/** Maximum number of session supported by SE050 */ -#define SE050_OBJECT_IDENTIFIER_SIZE 4 -/** How many bytes can be used for buffer for I2C Master interface */ -#define SE050_MAX_I2CM_COMMAND_LENGTH 255 -/** - * the maximum APDU payload length will be smaller, depending on which protocol applies, etc. - */ -#define SE050_MAX_APDU_PAYLOAD_LENGTH 892 -//#define SE050_DEFAULT_MAX_ATTEMPTS 10 - -/** 3 MSBit for instruction characteristics. */ -#define SE050_INS_MASK_INS_CHAR 0xE0 -/** 5 LSBit for instruction */ -#define SE050_INS_MASK_INSTRUCTION 0x1F - -/** Type of Object */ -typedef enum -{ - /** */ - kSE05x_SecObjTyp_EC_KEY_PAIR = 0x01, - /** */ - kSE05x_SecObjTyp_EC_PRIV_KEY = 0x02, - /** */ - kSE05x_SecObjTyp_EC_PUB_KEY = 0x03, - /** */ - kSE05x_SecObjTyp_RSA_KEY_PAIR = 0x04, - /** */ - kSE05x_SecObjTyp_RSA_KEY_PAIR_CRT = 0x05, - /** */ - kSE05x_SecObjTyp_RSA_PRIV_KEY = 0x06, - /** */ - kSE05x_SecObjTyp_RSA_PRIV_KEY_CRT = 0x07, - /** */ - kSE05x_SecObjTyp_RSA_PUB_KEY = 0x08, - /** */ - kSE05x_SecObjTyp_AES_KEY = 0x09, - /** */ - kSE05x_SecObjTyp_DES_KEY = 0x0A, - /** */ - kSE05x_SecObjTyp_BINARY_FILE = 0x0B, - /** */ - kSE05x_SecObjTyp_UserID = 0x0C, - /** */ - kSE05x_SecObjTyp_COUNTER = 0x0D, - /** */ - kSE05x_SecObjTyp_PCR = 0x0F, - /** */ - kSE05x_SecObjTyp_CURVE = 0x10, - /** */ - kSE05x_SecObjTyp_HMAC_KEY = 0x11, -} SE05x_SecObjTyp_t; - -/** @copydoc SE05x_SecObjTyp_t */ -typedef SE05x_SecObjTyp_t SE05x_SecureObjectType_t; - -/** Type of memory. Used when we query available free size */ -typedef enum -{ - /** Transient memory, clear on reset */ - kSE05x_MemTyp_TRANSIENT_RESET = 0x01, - /** Transient memory, clear on deselect */ - kSE05x_MemTyp_TRANSIENT_DESELECT = 0x02, - /** Persistent memory */ - kSE05x_MemTyp_PERSISTENT = 0x03, -} SE05x_MemTyp_t; - -/** Algorithms for RSA Signature */ -typedef enum -{ - /** Invalid */ - kSE05x_RSASignAlgo_NA = 0, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA1_PKCS1_PSS = 0x15, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA224_PKCS1_PSS = 0x2B, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA256_PKCS1_PSS = 0x2C, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA384_PKCS1_PSS = 0x2D, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA512_PKCS1_PSS = 0x2E, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignAlgo_SHA_224_PKCS1 = 0x27, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignAlgo_SHA_256_PKCS1 = 0x28, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignAlgo_SHA_384_PKCS1 = 0x29, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignAlgo_SHA_512_PKCS1 = 0x2A, -} SE05x_RSASignAlgo_t; - -// typedef enum -// { -// /** Plain RSA, padding required on host. */ -// kSE05x_RSAEncrAlgo_NO_PAD = 0x0C, -// * RFC8017: RSAES-PKCS1-v1_5 -// kSE05x_RSAEncrAlgo_PKCS1 = 0x0A, -// /** RFC8017: RSAES-OAEP */ -// kSE05x_RSAEncrAlgo_PKCS1_OAEP = 0x0F, -// } SE05x_RSAEncrAlgo_t; - -/** Public part of RSA Keys */ -typedef enum -{ - kSE05x_RSAPubKeyComp_NA = 0, - kSE05x_RSAPubKeyComp_MOD = kSE05x_RSAKeyComponent_MOD, - kSE05x_RSAPubKeyComp_PUB_EXP = kSE05x_RSAKeyComponent_PUB_EXP, -} SE05x_RSAPubKeyComp_t; - -/** Cyrpto module subtype */ -typedef union { - /** In case it's digest */ - SE05x_DigestMode_t digest; - /** In case it's cipher */ - SE05x_CipherMode_t cipher; - /** In case it's mac */ - SE05x_MACAlgo_t mac; - /** In case it's aead */ - SE05x_AeadAlgo_t aead; - /** Accessing 8 bit value for APDUs */ - uint8_t union_8bit; -} SE05x_CryptoModeSubType_t; - -/** @addtogroup se050_i2cm - * - * @{ - */ -/** @brief I2C Master micro operation */ -typedef enum -{ - kSE05x_TAG_I2CM_Config = 0x01, - kSE05x_TAG_I2CM_Write = 0x03, - kSE05x_TAG_I2CM_Read = 0x04, -} SE05x_I2CM_TAG_t; - -/*! -*@} -*/ /* end of se050_i2cm */ - -/** Whether key is transient of persistent */ -typedef enum -{ - kSE05x_TransientType_Persistent = 0, - kSE05x_TransientType_Transient = kSE05x_INS_TRANSIENT, -} SE05x_TransientType_t; - -/** Part of the asymmetric key */ -typedef enum -{ - kSE05x_KeyPart_NA = kSE05x_P1_DEFAULT, - /** Key pair (private key + public key) */ - kSE05x_KeyPart_Pair = kSE05x_P1_KEY_PAIR, - /** Private key */ - kSE05x_KeyPart_Private = kSE05x_P1_PRIVATE, - /** Public key */ - kSE05x_KeyPart_Public = kSE05x_P1_PUBLIC, -} SE05x_KeyPart_t; - -/** Cipher Operation. - * - * Encrypt or decrypt */ -typedef enum -{ - kSE05x_Cipher_Oper_NA = 0, - kSE05x_Cipher_Oper_Encrypt = kSE05x_P2_ENCRYPT, - kSE05x_Cipher_Oper_Decrypt = kSE05x_P2_DECRYPT, -} SE05x_Cipher_Oper_t; - -/** One Shot operations helper */ -typedef enum -{ - kSE05x_Cipher_Oper_OneShot_NA = 0, - kSE05x_Cipher_Oper_OneShot_Encrypt = kSE05x_P2_ENCRYPT_ONESHOT, - kSE05x_Cipher_Oper_OneShot_Decrypt = kSE05x_P2_DECRYPT_ONESHOT, -} SE05x_Cipher_Oper_OneShot_t; - -/** MAC operations */ -typedef enum -{ - kSE05x_Mac_Oper_NA = 0, - kSE05x_Mac_Oper_Generate = kSE05x_P2_GENERATE, - kSE05x_Mac_Oper_Validate = kSE05x_P2_VALIDATE, -} SE05x_Mac_Oper_t; - -/** In case the read is attested */ -typedef enum -{ - kSE05x_AttestationType_None = 0, - kSE05x_AttestationType_AUTH = kSE05x_INS_AUTH_OBJECT, -} SE05x_AttestationType_t; - -/** Symmetric keys */ -typedef enum -{ - kSE05x_SymmKeyType_NA = 0, - kSE05x_SymmKeyType_AES = kSE05x_P1_AES, - kSE05x_SymmKeyType_DES = kSE05x_P1_DES, - kSE05x_SymmKeyType_HMAC = kSE05x_P1_HMAC, - kSE05x_SymmKeyType_CMAC = kSE05x_P1_AES, -} SE05x_SymmKeyType_t; - -/** @copydoc SE05x_AppletConfig_t */ -typedef SE05x_AppletConfig_t SE05x_Variant_t; - -/** TLS Perform PRF */ -typedef enum -{ - kSE05x_TLS_PRF_NA = 0, - kSE05x_TLS_PRF_CLI_HELLO = kSE05x_P2_TLS_PRF_CLI_HELLO, - kSE05x_TLS_PRF_SRV_HELLO = kSE05x_P2_TLS_PRF_SRV_HELLO, - kSE05x_TLS_PRF_CLI_RND = kSE05x_P2_TLS_PRF_CLI_RND, - kSE05x_TLS_PRF_SRV_RND = kSE05x_P2_TLS_PRF_SRV_RND, - kSE05x_TLS_PRF_BOTH = kSE05x_P2_TLS_PRF_BOTH, -} SE05x_TLSPerformPRFType_t; - -/** Attestation */ -typedef enum -{ - kSE05x_AttestationAlgo_NA = 0, - kSE05x_AttestationAlgo_EC_PLAIN = kSE05x_ECSignatureAlgo_PLAIN, - kSE05x_AttestationAlgo_EC_SHA = kSE05x_ECSignatureAlgo_SHA, - kSE05x_AttestationAlgo_EC_SHA_224 = kSE05x_ECSignatureAlgo_SHA_224, - kSE05x_AttestationAlgo_EC_SHA_256 = kSE05x_ECSignatureAlgo_SHA_256, - kSE05x_AttestationAlgo_EC_SHA_384 = kSE05x_ECSignatureAlgo_SHA_384, - kSE05x_AttestationAlgo_EC_SHA_512 = kSE05x_ECSignatureAlgo_SHA_512, - kSE05x_AttestationAlgo_ED25519PURE_SHA_512 = kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512, - kSE05x_AttestationAlgo_ECDAA = kSE05x_ECDAASignatureAlgo_ECDAA, - kSE05x_AttestationAlgo_RSA_SHA1_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA1_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA224_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA224_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA256_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA256_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA384_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA384_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA512_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA512_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA_224_PKCS1 = kSE05x_RSASignatureAlgo_SHA_224_PKCS1, - kSE05x_AttestationAlgo_RSA_SHA_256_PKCS1 = kSE05x_RSASignatureAlgo_SHA_256_PKCS1, - kSE05x_AttestationAlgo_RSA_SHA_384_PKCS1 = kSE05x_RSASignatureAlgo_SHA_384_PKCS1, - kSE05x_AttestationAlgo_RSA_SHA_512_PKCS1 = kSE05x_RSASignatureAlgo_SHA_512_PKCS1, - -} SE05x_AttestationAlgo_t; - -/** RSA Key format */ -typedef enum -{ - kSE05x_RSAKeyFormat_CRT = kSE05x_P2_DEFAULT, - kSE05x_RSAKeyFormat_RAW = kSE05x_P2_RAW, -} SE05x_RSAKeyFormat_t; - -/** @copydoc SE05x_MACAlgo_t */ -typedef SE05x_MACAlgo_t SE05x_MacOperation_t; - -/** SE05X's key IDs */ -typedef uint32_t SE05x_KeyID_t; -/** Case when there is no KEK */ -#define SE05x_KeyID_KEK_NONE 0 - -/** [Optional: if the authentication key is the same as the key to be replaced, this TAG should not be present]. */ -#define SE05x_KeyID_MFDF_NONE 0 - -/** SE05X key's max attempts */ -typedef uint16_t SE05x_MaxAttemps_t; -/** Fall back to applet default */ -#define SE05x_MaxAttemps_UNLIMITED 0 -/** Identify in code that this is not an AUTH object and hence not applicable */ -#define SE05x_MaxAttemps_NA 0 - -/** When we want to read with attestation */ -#define kSE05x_INS_READ_With_Attestation (kSE05x_INS_READ | kSE05x_INS_ATTEST) - -/** When we want to read I2CM Data with attestation */ -#define kSE05x_INS_I2CM_Attestation (kSE05x_INS_CRYPTO | kSE05x_INS_ATTEST) - -#ifndef __DOXYGEN__ -/* RSA Helper Macros to make code little more readable */ -#define SE05X_RSA_NO_p /* Skip */ NULL, 0 -#define SE05X_RSA_NO_q /* Skip */ NULL, 0 -#define SE05X_RSA_NO_dp /* Skip */ NULL, 0 -#define SE05X_RSA_NO_dq /* Skip */ NULL, 0 -#define SE05X_RSA_NO_qInv /* Skip */ NULL, 0 -#define SE05X_RSA_NO_pubExp /* Skip */ NULL, 0 -#define SE05X_RSA_NO_priv /* Skip */ NULL, 0 -#define SE05X_RSA_NO_pubMod /* Skip */ NULL, 0 -#endif // __DOXYGEN__ - - -#endif /* SE05x_ENUMS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h deleted file mode 100644 index 95ac4a2ee..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h +++ /dev/null @@ -1,36 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef SE05X_FTR_H -#define SE05X_FTR_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT - -#include - -/** @def SE05X_FTR_8BIT_CURVE_ID - * - * Curve IDs are 8bit wide. Else, the follow same 32 bit - * namespace. - */ - -#if APPLET_SE050_VER_MAJOR_MINOR > 10002u -#define SE05X_FTR_8BIT_CURVE_ID (1) -#define SE05X_FTR_32BIT_CURVE_ID (0) -#else -#define SE05X_FTR_8BIT_CURVE_ID (0) -#define SE05X_FTR_32BIT_CURVE_ID (1) -#endif /* APPLET_SE050_VER_MAJOR_MINOR > 10002u */ - -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ - -#endif /* SE05X_FTR_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h deleted file mode 100644 index 3c2158ac8..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h +++ /dev/null @@ -1,370 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef SE05X_TLV_H_INC -#define SE05X_TLV_H_INC - -#include -#include - - -#include "nxLog.h" -#include "nxScp03_Types.h" -//#include - -// #define VERBOSE_APDU_LOGS 1 - - -#define kSE05x_CLA 0x80 - -typedef enum -{ - SM_NOT_OK = 0xFFFF, - SM_OK = 0x9000, - SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED = 0x6985, - SM_ERR_ACCESS_DENIED_BASED_ON_POLICY = 0x6986, -} smStatus_t; - - -typedef enum -{ - CRED_DEFAULT = 0x00, - CRED_EC = 0x01, - CRED_RSA = 0x02, - CRED_AES = 0x03, - CRED_DES = 0x04, - CRED_BINARY = 0x05, - CRED_PIN = 0x06, - CRED_COUNTER = 0x07, - CRED_PCR = 0x08, - CRED_OBJECT = 0x09, - - CRED_PUB_EC, - CRED_PUB_RSA -} eSE05xType_t; - - -typedef struct -{ - uint8_t *se05xTxBuf; - size_t se05xTxBufLen; - size_t ws_LC; // With Session LC - size_t ws_LCW; // With Session LC Width 1 or 3 bytes - uint8_t *wsSe05x_cmd; // WithSession SE05X command - size_t wsSe05x_cmdLen; // WithSession SE05X command Length - size_t wsSe05x_tag1Len; // WithSession SE05X Tag1 len - size_t wsSe05x_tag1W; // WithSession SE05X Tag1 Width - uint8_t *wsSe05x_tag1Cmd; // WithSession SE05X Tag1 Command Data - size_t wsSe05x_tag1CmdLen; // WithSession SE05X Tag1 Command Data Len - const tlvHeader_t *se05xCmd_hdr; // SE05x Command Header - size_t se05xCmdLC; // SE05x Command LC - size_t se05xCmdLCW; // SE05x Command LC width - uint8_t *se05xCmd; // SE05x Command - size_t se05xCmdLen; // SE05x Command Length - uint8_t *dataToMac; - size_t dataToMacLen; -} Se05xApdu_t; - -struct Se05xSession; -struct _sss_se05x_tunnel_context; - -typedef struct Se05xSession -{ - uint8_t value[8]; - uint8_t hasSession : 1; - SE_AuthType_t authType; - /** Meta Funciton - * - * Internall first calls fp_Transform - * Then calls fp_RawTXn - * Then calls fp_DeCrypt - */ - smStatus_t(*fp_TXn)(struct Se05xSession * pSession, - const tlvHeader_t *hdr, uint8_t *cmdBuf, size_t cmdBufLen, uint8_t *rsp, size_t *rspLen, uint8_t hasle); - - /** API called by fp_TXn. Helps handle UserID/Applet/ECKey to transform buffer. - * - * But this API never sends any data out over any communication link. */ - smStatus_t(*fp_Transform)(struct Se05xSession * pSession, - /** IN */ - const tlvHeader_t *inHdr, - /** IN */ - uint8_t *inCmdBuf, - /** IN */ - size_t inCmdBufLen, - /** OUT: - * For Session less, - * For Platform SCP this will be copy of, inHDR, with outHdr[0] = outHdr[0] | 0x04 - * For Plain Session: Same as inHDR - * - * For With Session: - * This will be with TLV Header for Wrapped Session Command - */ - tlvHeader_t *outHdr, - /** OUT: For Session less, this will be copy of inCmdBuf - * - * For session based impelementation, this will have - * TAG=Session, L=8,V=Session,TAG=TAG1,L=inCmdBufLen,inCmdBuf */ - uint8_t * pTxBuf, - /** IN,OUT: */ - size_t * pTxBufLen, - /** IN */ - uint8_t hasle); - - /* API called by fp_TXn. Helps handle Applet/Fast SCP to decrypt buffer. - * - * But this API never reads any data */ - smStatus_t(*fp_DeCrypt)(struct Se05xSession * pSession, - size_t prevCmdBufLen, - uint8_t *pInRxBuf, - size_t *pInRxBufLen, - uint8_t hasle); -#if SSS_HAVE_APPLET_SE05X_IOT - /* It's either a minimal/single implemntation that calls smCom_TransceiveRaw() - * - * if pTunnelCtx is Null, directly call smCom_TransceiveRaw() - * - * Or an API part of tunnel ctx that can do PlatformSCP */ - smStatus_t (*fp_RawTXn)(void *conn_ctx, - struct _sss_se05x_tunnel_context *pChannelCtx, - SE_AuthType_t currAuth, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rsp, - size_t *rspLen, - uint8_t hasle); - - struct _sss_se05x_tunnel_context * pChannelCtx; -#endif -#if SSS_HAVE_SE - smStatus_t(*fp_Transmit)( - SE_AuthType_t currAuth, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rsp, - size_t *rspLen, - uint8_t hasle); -#endif - NXSCP03_DynCtx_t *pdynScp03Ctx; - - /**Connection data context */ - void *conn_ctx; -} Se05xSession_t; - - -typedef struct -{ - uint8_t *value; - size_t value_len; -} Se05xPolicy_t; - -typedef struct -{ - uint8_t ts[12]; -} SE05x_TimeStamp_t; - -typedef struct -{ - uint8_t features[30]; -} SE05x_ExtendedFeatures_t; - -typedef struct -{ - SE05x_Variant_t variant; - SE05x_ExtendedFeatures_t *extended_features; -} Se05x_AppletFeatures_t; - -typedef Se05x_AppletFeatures_t *pSe05xAppletFeatures_t; -typedef Se05xSession_t *pSe05xSession_t; -typedef Se05xPolicy_t *pSe05xPolicy_t; - -#if VERBOSE_APDU_LOGS -#define DO_LOG_V(TAG, DESCRIPTION, VALUE) nLog("APDU", NX_LEVEL_DEBUG, #TAG " [" DESCRIPTION "] = 0x%X", VALUE); -#define DO_LOG_A(TAG, DESCRIPTION, ARRAY, ARRAY_LEN) \ - nLog_au8("APDU", NX_LEVEL_DEBUG, #TAG " [" DESCRIPTION "]", ARRAY, ARRAY_LEN); -#else -#define DO_LOG_V(TAG, DESCRIPTION, VALUE) -#define DO_LOG_A(TAG, DESCRIPTION, ARRAY, ARRAY_LEN) -#endif - -#define TLVSET_Se05xSession(DESCRIPTION, PBUF, PBUFLEN, TAG, SESSIONID) \ - TLVSET_u8buf(DESCRIPTION, PBUF, PBUFLEN, TAG, SESSIONID->value, sizeof(SESSIONID->value)) - -#define TLVSET_Se05xPolicy(DESCRIPTION, PBUF, PBUFLEN, TAG, POLICY) \ - tlvSet_Se05xPolicy(DESCRIPTION, PBUF, PBUFLEN, TAG, POLICY) - -#define TLVSET_U8(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_U8(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_U16(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_U16(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_U16Optional(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_U16Optional(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_U32(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_U32(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_U64_SIZE(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE,SIZE) \ - tlvSet_U64_size(PBUF, PBUFLEN, TAG, VALUE,SIZE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_KeyID(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_KeyID(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_MaxAttemps(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_MaxAttemps(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_AttestationAlgo TLVSET_U8 -#define TLVSET_CipherMode TLVSET_U8 - -#define TLVSET_ECCurve(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_ECCurve(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_ECCurveParam TLVSET_U8 -#define TLVSET_ECDAASignatureAlgo TLVSET_U8 -#define TLVSET_ECSignatureAlgo TLVSET_U8 -#define TLVSET_EDSignatureAlgo TLVSET_U8 -#define TLVSET_MacOperation TLVSET_U8 -#define TLVSET_RSAEncryptionAlgo TLVSET_U8 -#define TLVSET_RSAKeyComponent TLVSET_U8 -#define TLVSET_RSASignatureAlgo TLVSET_U8 -#define TLVSET_DigestMode TLVSET_U8 -#define TLVSET_Variant tlvSet_u8buf_features -#define TLVSET_RSAPubKeyComp TLVSET_U8 -#define TLVSET_PlatformSCPRequest TLVSET_U8 -#define TLVSET_MemoryType TLVSET_U8 - -#define TLVSET_CryptoContext TLVSET_U8 -#define TLVSET_CryptoModeSubType(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - TLVSET_U8(DESCRIPTION, PBUF, PBUFLEN, TAG, ((VALUE).union_8bit)) - -#define TLVSET_CryptoObjectID TLVSET_U16 - -// #define TLVSET_pVoid(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) (0) -// #define tlvGet_pVoid(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) (0) - -#define TLVSET_u8buf(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ - tlvSet_u8buf(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ - DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) - -#define TLVSET_u8bufOptional(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ - tlvSet_u8bufOptional(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ - DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) - -#define TLVSET_u8bufOptional_ByteShift(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ - tlvSet_u8bufOptional_ByteShift(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ - DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) - - -#define TLVSET_u8buf_I2CM(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ - tlvSet_u8buf_I2CM(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ - DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) - - -int tlvSet_U8(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint8_t value); -int tlvSet_U16(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t value); -int tlvSet_U16Optional(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t value); -int tlvSet_U32(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint32_t value); -int tlvSet_U64_size(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint64_t value,uint16_t size); -int tlvSet_u8buf(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); -int tlvSet_u8bufOptional(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); -/* Same as tlvSet_u8bufOptional, but some time, Most Significant Byte needs to be shifted and Plus by 1 */ -int tlvSet_u8bufOptional_ByteShift(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); -int tlvSet_Se05xPolicy(const char *description, uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, Se05xPolicy_t *policy); -int tlvSet_KeyID(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint32_t keyID); -int tlvSet_MaxAttemps(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t maxAttemps); -int tlvSet_ECCurve(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, SE05x_ECCurve_t value); -int tlvSet_u8buf_features(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, pSe05xAppletFeatures_t appletVariant); - -int tlvGet_U8(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint8_t *pRsp); -int tlvGet_U16(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint16_t *pRsp); -int tlvGet_U32(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint32_t *pRsp); - -int tlvGet_u8buf(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint8_t *rsp, size_t *pRspLen); -int tlvGet_ValueIndex(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag); -int tlvGet_Se05xSession( - uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, pSe05xSession_t *pSessionId); -int tlvGet_TimeStamp(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, SE05x_TimeStamp_t *pTs); - -int tlvSet_u8buf_I2CM(uint8_t **buf, size_t *bufLen, SE05x_I2CM_TAG_t tag, const uint8_t *cmd, size_t cmdLen); - -int tlvGet_SecureObjectType(uint8_t *buf, size_t *pBufIndex, size_t bufLen, SE05x_TAG_t tag, SE05x_SecObjTyp_t *pType); - -int tlvGet_Result(uint8_t *buf, size_t *pBufIndex, size_t bufLen, SE05x_TAG_t tag, SE05x_Result_t *presult); - - - -smStatus_t se05x_Transform(struct Se05xSession *pSession, - const tlvHeader_t *hdr, - uint8_t *cmdApduBuf, - const size_t cmdApduBufLen, - tlvHeader_t *out_hdr, - uint8_t *txBuf, - size_t *ptxBufLen, - uint8_t hasle); - -smStatus_t se05x_Transform_scp(struct Se05xSession *pSession, - const tlvHeader_t *hdr, - uint8_t *cmdApduBuf, - const size_t cmdApduBufLen, - tlvHeader_t *outhdr, - uint8_t *txBuf, - size_t *ptxBufLen, - uint8_t hasle); - -smStatus_t se05x_DeCrypt(struct Se05xSession *pSessionCtx, - size_t cmd_cmacLen, - uint8_t *rsp, - size_t *rspLength, - uint8_t hasle); - -smStatus_t DoAPDUTxRx_s_Case2(Se05xSession_t *pSessionCtx, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rspBuf, - size_t *pRspBufLen); - -smStatus_t DoAPDUTx_s_Case3(Se05xSession_t *pSessionCtx, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen); - -smStatus_t DoAPDUTxRx_s_Case4(Se05xSession_t *pSessionCtx, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rspBuf, - size_t *pRspBufLen); - -smStatus_t DoAPDUTxRx_s_Case4_ext(Se05xSession_t *pSessionCtx, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rspBuf, - size_t *pRspBufLen); - -smStatus_t DoAPDUTxRx(Se05xSession_t *pSessionCtx, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rspBuf, - size_t *pRspBufLen); - -#if SSS_HAVE_APPLET_SE05X_IOT -smStatus_t Se05x_API_I2CM_Send( - pSe05xSession_t sessionId, const uint8_t *buffer, size_t bufferLen, uint8_t *result, size_t *presultLen); -#endif -#endif // !SE05X_TLV_H_INC diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h deleted file mode 100644 index 7beb37cfa..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h +++ /dev/null @@ -1,123 +0,0 @@ -/* -* -* Copyright 2016,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef _A71CH_CONST_H_ -#define _A71CH_CONST_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_A71CH && (!(SSS_HAVE_A71CH_SIM)) -# define APPLET_NAME "a71ch" // 0x61.37.31.63.68 -# define APPLET_NAME_LEN (sizeof(APPLET_NAME) - 1) -# define SE_NAME "A71CH" -#endif -#if SSS_HAVE_LOOPBACK -# define APPLET_NAME \ - { 0xD2, 0x76, 0x00, 0x00, 0x85, 0x54, 0x65, 0x73, \ - 0x74, 0x01, 0x01 } //echo applet -# define APPLET_NAME_LEN (11) -# define SE_NAME "LoopBack" -#endif -#if SSS_HAVE_A71CL -# define APPLET_NAME \ - { 0xA0, 0x00, 0x00, 0x00, 0x41, 0x6C, 0x69, 0x59, \ - 0x75, 0x6E, 0x2E, 0x49, 0x44, 0x32, 0x01}// "Ali Yun" -# define APPLET_NAME_LEN (15) -# define SE_NAME "A71CL" -#endif - -#if SSS_HAVE_SE050_L -# define APPLET_NAME \ -{ 0xA0, 0x00, 0x00, 0x00, 0x41, 0x6C, 0x69, 0x59, \ - 0x75, 0x6E, 0x2E, 0x49, 0x44, 0x32 \ -}// "Ali Yun" - - -# define APPLET_NAME_LEN (14) -# define SE_NAME "SE050_L" -#endif - -#if SSS_HAVE_A71CH_SIM -# define APPLET_NAME \ - {0xa0, 0x00, 0x00, 0x03, 0x96, 0x54, 0x53, 0x00, \ - 0x00, 0x00, 0x01, 0x03, 0x00, 0x00, 0x00, 0x00} -# define APPLET_NAME_LEN (16) -# define SE_NAME "SE050:EAR:CH" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT -# define APPLET_NAME \ - {0xa0, 0x00, 0x00, 0x03, 0x96, 0x54, 0x53, 0x00, \ - 0x00, 0x00, 0x01, 0x03, 0x00, 0x00, 0x00, 0x00} -# define APPLET_NAME_LEN (16) - -# define SSD_NAME \ - { 0xD2, 0x76, 0x00, 0x00, 0x85, 0x30, 0x4A, 0x43, 0x4F, 0x90, 0x03} -#endif - -#if SSS_HAVE_SE05X_A -# define SE_NAME "SE050:A" -#endif -#if SSS_HAVE_SE05X_B -# define SE_NAME "SE050:B" -#endif -#if SSS_HAVE_SE05X_C -# define SE_NAME "SE050:C" -#endif - -#define A71CH_KEY_PAIR_MAX_A 2 //!< Maximum amount of ECC key pairs that can be stored in A71CH (A device) -#define A71CH_PUBLIC_KEY_MAX_A 2 //!< Maximum amount of ECC public keys that can be stored in A71CH (A device) -#define A71CH_SYM_KEY_MAX_A 4 //!< Maximum amount of Symmetric keys that can be stored in A71CH (A device) -#define A71CH_KEY_PAIR_MAX_B 4 //!< Maximum amount of ECC key pairs that can be stored in A71CH (B device) -#define A71CH_PUBLIC_KEY_MAX_B 3 //!< Maximum amount of ECC public keys that can be stored in A71CH (B device) -#define A71CH_SYM_KEY_MAX_B 8 //!< Maximum amount of Symmetric keys that can be stored in A71CH (A device) -#define A71CH_COUNTER_MAX 2 //!< Maximum amount of monotonic counters that can be stored in A71CH (A&B) - -// We cover two A71CH product variants that differ in the amount of credentials that can be stored. -// These two variants are referred to (in this example source code) as -// - TYPE_A (or simply A) - which is the device with lesser storage -// - TYPE_B (or simply B) - which is the device with more storage -// As the example source code depends on the amount of credentials that can be stored -// the ::A71CH_DEVICE_TYPE define must be used to select between either variant at compile time. -#define A71CH_DEVICE_TYPE_A (0x41) //!< Symbolic constant to represent the Initial A71CH device -#define A71CH_DEVICE_TYPE_B (0x42) //!< Synbolic constant to represent the A71CH device with more storage -#define A71CH_DEVICE_TYPE A71CH_DEVICE_TYPE_B //!< Indicate the credential storage capabilities of the A71CH - - -/** @def A71CH_KEY_PAIR_MAX - * Maximum ECC Key Pairs in the Secure module */ -/** @def A71CH_PUBLIC_KEY_MAX - * Maximum ECC Public Keys in the Secure module */ -/** @def A71CH_SYM_KEY_MAX - * Maximum ECC Symmetric Keys in the Secure module */ -/** @def A71CH_GP_STORAGE_SIZE - * Maximum General Purpose Storage in the Secure module */ - -#if A71CH_DEVICE_TYPE == A71CH_DEVICE_TYPE_A -//!< Effective value used in examples -# define A71CH_KEY_PAIR_MAX A71CH_KEY_PAIR_MAX_A -# define A71CH_PUBLIC_KEY_MAX A71CH_PUBLIC_KEY_MAX_A -# define A71CH_SYM_KEY_MAX A71CH_SYM_KEY_MAX_A -# define A71CH_GP_STORAGE_SIZE A71CH_GP_STORAGE_SIZE_A -#else -# define A71CH_KEY_PAIR_MAX A71CH_KEY_PAIR_MAX_B -# define A71CH_PUBLIC_KEY_MAX A71CH_PUBLIC_KEY_MAX_B -# define A71CH_SYM_KEY_MAX A71CH_SYM_KEY_MAX_B -# define A71CH_GP_STORAGE_SIZE A71CH_GP_STORAGE_SIZE_B -#endif - -#ifdef __cplusplus -} -#endif -#endif //_A71CHCONSTL_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h deleted file mode 100644 index 9e358d425..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h +++ /dev/null @@ -1,28 +0,0 @@ -/* -* -* Copyright 2016,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef _GLOBAL_PLATF_ -#define _GLOBAL_PLATF_ - -#include "sm_types.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define CLA_ISO7816 (0x00) //!< ISO7816-4 defined CLA byte - -#define INS_GP_INITIALIZE_UPDATE (0x50) //!< Global platform defined instruction -#define INS_GP_EXTERNAL_AUTHENTICATE (0x82) //!< Global platform defined instruction -#define INS_GP_SELECT (0xA4) //!< Global platform defined instruction -#define INS_GP_PUT_KEY (0xD8) //!< Global platform defined instruction - -U16 GP_Select(void *conn_ctx, const U8 *appletName, U16 appletNameLen, U8 *response, U16 *responseLen); -U16 GP_GetCLAppletVersion(U8 *appletVersion, U16 *verionLength); -#ifdef __cplusplus -} -#endif -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h deleted file mode 100644 index 47a739a5f..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h +++ /dev/null @@ -1,217 +0,0 @@ -/* - * - * Copyright 2016 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * This file defines the API of the APDU parser for AX host library. - * @par History - * 1.0 31-mar-2014 : Initial version - * - */ - -#ifndef _SM_APDU_H_ -#define _SM_APDU_H_ - -#include "apduComm.h" -#include "sm_types.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef A71_IGNORE_PARAM_CHECK -#error "Do not remove API parameter check" -#endif - -/* ------------------------------ */ - -#define MAX_APDU_BUF_LENGTH (256 + 1024) // This value has not been optimized for TGT_A71CH (256+64) - -#define MAX_EXT_APDU_BUF_LENGTH (32769) // extended APDU Max supported Len is 0x7FFF + 2 bytes status code - - -#define APDU_HEADER_LENGTH (5) -#define APDU_EXTENDED_HEADER_LENGTH (7) -#define EXT_CASE4_APDU_OVERHEAD (9) -#define SCP03_OVERHEAD (24) // padding (=16) + mac (=8) -#define RSP_APDU_STATUS_OVERHEAD (2) -#define APDU_STD_MAX_DATA (255) - -// -#ifdef TGT_A70CI -#define TAG_SST_IDENTIFIER (0x01) -#define TAG_SST_INDEX (0x02) -#define TAG_ECC_PRIVATE_KEY (0x03) -#define TAG_ECC_PUBLIC_KEY (0x04) -#define TAG_SHARED_SECRET (0x05) -#define TAG_RSA_PRIVATE_KEY_P (0x06) -#define TAG_RSA_PRIVATE_KEY_Q (0x07) -#define TAG_RSA_PRIVATE_KEY_DP (0x08) -#define TAG_RSA_PRIVATE_KEY_DQ (0x09) -#define TAG_RSA_PRIVATE_KEY_IPQ (0x0A) -#define TAG_PUBLIC_KEY (0x0B) -#define TAG_AES_KEY (0x0C) -#define TAG_AUTH_PUBLIC_KEY_ID (0x0D) -#define TAG_CONTEXT (0x0F) -#define TAG_DIRECTION (0x10) -#define TAG_IV (0x11) -#define TAG_INPUT_DATA (0x12) -#define TAG_OUTPUT_DATA (0x13) -#define TAG_AUTHENTICATION_DATA (0x14) -#define TAG_GMAC_DATA (0x15) -#define TAG_GMAC_LENGTH (0x16) -#define TAG_KEYWRAP_ALGO (0x17) -#define TAG_HASH (0x18) -#define TAG_SIGNATURE (0x19) -#define TAG_VERIFICATION (0x1A) -#define TAG_CERTIFICATE (0x1B) -#define TAG_SIZE (0x1C) -#define TAG_SALT (0x1E) -#elif defined(TGT_A70CM) -#define TAG_DLMS_SECURITY_BYTE (0x00) -#define TAG_SST_IDENTIFIER (0x01) -#define TAG_SST_INDEX (0x02) -#define TAG_ECC_PRIVATE_KEY (0x03) -#define TAG_ECC_PUBLIC_KEY (0x04) -#define TAG_SHARED_SECRET (0x05) -#define TAG_RSA_PRIVATE_KEY_P (0x06) -#define TAG_RSA_PRIVATE_KEY_Q (0x07) -#define TAG_RSA_PRIVATE_KEY_DP (0x08) -#define TAG_RSA_PRIVATE_KEY_DQ (0x09) -#define TAG_RSA_PRIVATE_KEY_IPQ (0x0A) -#define TAG_RSA_PUBLIC_KEY_MOD (0x0B) -#define TAG_AES_KEY (0x0C) -#define TAG_WRAPPED_AES_KEY (0x0D) -#define TAG_CONTEXT (0x0E) -#define TAG_DIRECTION (0x0F) -#define TAG_IV (0x10) -#define TAG_INPUT_DATA (0x11) -#define TAG_OUTPUT_DATA (0x12) -#define TAG_AUTHENTICATION_DATA (0x13) -#define TAG_GMAC_DATA (0x14) -#define TAG_GMAC_LENGTH (0x15) -#define TAG_KEYWRAP_ALGO (0x16) -#define TAG_HASH (0x17) -#define TAG_SIGNATURE (0x18) -#define TAG_DLMS_AK_INDEX (0x19) -#define TAG_VERIFICATION (0x1A) -#define TAG_CERTIFICATE (0x1B) -#define TAG_OFFSET (0x1C) -#define TAG_SIZE (0x1D) -#define TAG_SST_WRAPPING_KEY_INDEX (0x1E) -#else // -/// @cond not_relevant_for_A71ch & A71cl -#define TAG_DLMS_SECURITY_BYTE (0x00) -#define TAG_SST_IDENTIFIER (0x01) -#define TAG_SST_INDEX (0x02) -#define TAG_ECC_PRIVATE_KEY (0x03) -#define TAG_ECC_PUBLIC_KEY (0x04) -#define TAG_SHARED_SECRET (0x05) -#define TAG_RSA_PRIVATE_KEY_P (0x06) -#define TAG_RSA_PRIVATE_KEY_Q (0x07) -#define TAG_RSA_PRIVATE_KEY_DP (0x08) -#define TAG_RSA_PRIVATE_KEY_DQ (0x09) -#define TAG_SST_IDENTIFIER2 (0x0A) -#define TAG_SST_INDEX2 (0x0B) -#define TAG_AES_KEY (0x0C) -#define TAG_WRAPPED_AES_KEY (0x0D) -#define TAG_CONTEXT (0x0E) -#define TAG_DIRECTION (0x0F) -#define TAG_IV (0x10) -#define TAG_INPUT_DATA (0x11) -#define TAG_OUTPUT_DATA (0x12) -#define TAG_AUTHENTICATION_DATA (0x13) -#define TAG_GMAC_DATA (0x14) -#define TAG_GMAC_LENGTH (0x15) -#define TAG_KEYWRAP_ALGO (0x16) -#define TAG_HASH (0x17) -#define TAG_SIGNATURE (0x18) -#define TAG_STATE (0x19) -#define TAG_VERIFICATION (0x1A) -#define TAG_CERTIFICATE (0x1B) -#define TAG_OFFSET (0x1C) -#define TAG_SIZE (0x1D) -#define TAG_SST_WRAPPING_KEY_INDEX (0x1E) -#define TAG_INTERFACE (0x1F) -#define TAG_CHUNK_NUMBER (0x23) -#define TAG_SCP_MIN_SEC_LEVEL (0x24) -#define TAG_STATUS_WORD (0x25) -/// @endcond -#endif // TGT_A70CI -// - -/* ------------------------------ */ -#define AX_CLA (0x80) - -// #define SW_WARNING_FILE_DEACTIVATED (0x6283) -// #define SW_WARNING_FILE_TERMINATED (0x6285) - -#define SW_WRONG_LENGTH (0x6700) //!< ISO7816-4 defined status word: Wrong Length of data -#define SW_SECURE_MESSAGING_NOT_SUPPORTED (0x6882) //!< ISO7816-4 defined status word -#define SW_SECURITY_STATUS_NOT_SATISFIED (0x6982) //!< ISO7816-4 defined status word -#define SW_DATA_INVALID (0x6984) //!< ISO7816-4 defined status word -#define SW_CONDITIONS_NOT_SATISFIED (0x6985) //!< ISO7816-4 defined status word: Conditions of use not satisfied, e.g. a command is not allowed, the provided identifier is not applicable or the index is out of range. -#define SW_COMMAND_NOT_ALLOWED (0x6986) //!< ISO7816-4 defined status word -#define SW_WRONG_DATA (0x6A80) //!< ISO7816-4 defined status word: Wrong data, e.g. the command does not have the right parameters or a parameter is not correct (size, structure). -#define SW_FILE_NOT_FOUND (0x6A82) //!< ISO7816-4 defined status word -#define SW_INCORRECT_P1P2 (0x6A86) //!< ISO7816-4 defined status word: Incorrect P1-P2 parameters -#define SW_INS_NOT_SUPPORTED (0x6D00) //!< ISO7816-4 defined status word: INS byte not supported -#define SW_CLA_NOT_SUPPORTED (0x6E00) //!< ISO7816-4 defined status word: CLA byte not supported -#define SW_NO_ERROR (0x9000) //!< ISO7816-4 defined status word - -#define USE_STANDARD_APDU_LEN 0 //!< Create a standard length APDU. -#define USE_EXTENDED_APDU_LEN 1 //!< Create an extended length APDU. -#define SESSION_ID_LEN 4 - -U8 SetApduHeader(apdu_t * pApdu, U8 extendedLength); -U8 AllocateAPDUBuffer(apdu_t * pApdu); -U8 FreeAPDUBuffer(apdu_t * pApdu); -void smApduAdaptLcLe(apdu_t *pApdu, U16 lc, U16 le); -void smApduAdaptLc(apdu_t *pApdu, U16 lc); -void smApduAdaptLe(apdu_t *pApdu, U16 le); -// U16 GetStatusWord(apdu_t *pApdu); -U16 smGetSw(apdu_t *pApdu, U8 *pIsOk); -void set_SessionId_Tlv(U32 sessionId); - - -U16 AddTlvItem(apdu_t * pApdu, U16 tag, U16 dataLength, const U8 *pValue); -U16 ParseResponse(apdu_t * pApdu, U16 expectedTag, U16 * pLen, U8* pValue); -U16 AddStdCmdData(apdu_t * pApdu, U16 dataLen, const U8 *data); - -U16 smApduGetResponseBody(apdu_t *pApdu, U8 *buf, U16 *bufLen); -U16 smApduAppendCmdData(apdu_t * pApdu, const U8 *data, U16 dataLen); -U16 smApduAdaptChkSum(apdu_t *pApdu, U16 chkSum); - -/** - * @brief Check and convert given hex string to array of bytes to buffer. - * - * Memory allocation needs to be done by the caller, boundary checks on the output - * are performed, null-termination is always added. - * @param[in] str: The binary data to convert. - * @param[in] buffer: buffer to which converted array to be copied. - * @param[in] buffer_len: Size of the available buffer for sanity check. - * @param[out] len: The length of the binary data written to buffer. - * @return True if conversion is successful. - */ -bool smApduGetArrayBytes(char *str, size_t *len, uint8_t * buffer, size_t buffer_len); - -/** - * @brief Parse given apdu command and return command data offset and command data length along with case-id as described in ISO/IEC FDIS 7816-3 spec. - * - * @param[in] apdu: Buffer containing APDU command. - * @param[in] apduLen: The length of APDU command. - * @param[out] data_offset: Offset of data field if present. - * @param[out] dataLen: Length of data field (LC field value) if present. - * @param[out] apdu_case: APDU txrx case accoring to 7816 spec. - * @return True if APDU command has valid format. - */ -bool smApduGetTxRxCase(uint8_t *apdu, size_t apduLen, size_t* data_offset, size_t *dataLen, apduTxRx_case_t *apdu_case); - - -#ifdef __cplusplus -} -#endif -#endif //_SM_APDU_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h deleted file mode 100644 index 6fa2de732..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** -* @par Description -* This file is the communication specific Host API of the A70CM/CI and A71CH secure module. -* It also customizes the Generic Ax library for this specific product instance -* @par History -* 1.0 27-march-2014 : Initial version -* 7-may-2017 : Unified version for A70CM, CI and A71CH -* -*****************************************************************************/ -#ifndef _SM_API_ -#define _SM_API_ - -#include "sm_types.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#define AX_HOST_LIB_MAJOR (PLUGANDTRUST_HOSTLIB_VER_MAJOR) //!< Major number A71CH Host Library -#define AX_HOST_LIB_MINOR (PLUGANDTRUST_HOSTLIB_VER_MINOR) //!< Minor (High Nibble)/Patch number (Low Nibble) of A71CH Host Library - -/*! -* @addtogroup sss_sscp_a71ch -* @{ -*/ - -#define SE_CONNECT_TYPE_START 0x000 - -typedef enum -{ - kType_SE_Conn_Type_NONE = 0, - /** Used for A71XX Family */ - kType_SE_Conn_Type_SCII2C = SE_CONNECT_TYPE_START + 2, - /** Used for PC/OSX for virtual COM Port */ - kType_SE_Conn_Type_VCOM = SE_CONNECT_TYPE_START + 3, - /** Used for Legacy JRCP V1 protocol with iMX Linux Proxy */ - kType_SE_Conn_Type_JRCP_V1 = SE_CONNECT_TYPE_START + 4, - /** Used for New JRCP Protocol */ - kType_SE_Conn_Type_JRCP_V2 = SE_CONNECT_TYPE_START + 5, - /** Used for T=1 over I2C for SE050 family */ - kType_SE_Conn_Type_T1oI2C = SE_CONNECT_TYPE_START + 6, - /** Used for Use NFC Interface to talk to SE */ - kType_SE_Conn_Type_NFC = SE_CONNECT_TYPE_START + 7, - /** Used for Use a software layer to talk to SE - * This logicaly allows double encryption of packets - * from same host and allows multi-tenenancy - * - * Channel can be deemed as "Secure Channel" where applicable. - * - * Or it may be a plain "arbiter" to allow plain communication from - * multiple threads on the same application. - */ - kType_SE_Conn_Type_Channel = SE_CONNECT_TYPE_START + 8, - - kType_SE_Conn_Type_PCSC = SE_CONNECT_TYPE_START + 9, - - kType_SE_Conn_Type_LAST, - kType_SE_Conn_Type_SIZE = 0x7FFF -} SSS_Conn_Type_t; - -#define SELECT_APPLET 0 //!< Select predefined applet -#define SELECT_NONE 1 //!< Don't issue a select -#define SELECT_SSD 2 //!< Select SSD - -/** - * Contains the information required to resume a connection with the Security Module. - * Its content is only to be interpreted by the Host Library. - * The semantics of the param1 and param2 fields depends on the link layer. - */ -typedef struct { - U16 connType; - U16 param1; //!< Useage depends on link layer - U16 param2; //!< Useage depends on link layer - U16 hostLibVersion; //!< MSByte contains major version (::AX_HOST_LIB_MAJOR); LSByte contains minor version of HostLib (::AX_HOST_LIB_MINOR) - U32 appletVersion; /*!< MSByte contains major version; - 3 leading bits of LSByte contains minor version of Applet; - Last bit of LSByte encodes whether Applet is in Debug Mode, a '1' means 'Debug Mode' is available */ - U16 sbVersion; //!< Expected to be 0x0000 - U8 select; //!< Applet selection mode -} SmCommState_t; - -/** \name Communication functions - @{ */ -U16 SM_Close(void *conn_ctx, U8 mode); -U16 SM_Connect(void *conn_ctx, SmCommState_t *commState, U8 *atr, U16 *atrLen); -U16 SM_ConnectWithAID(SmCommState_t *commState, U8* appletAID, U16 appletAIDLen, U8 *atr, U16 *atrLen); -U16 SM_RjctConnect(void **conn_ctx, const char *connectString, SmCommState_t *commState, U8 *atr, U16 *atrLen); -U16 SM_RjctConnectWithAID(const char *connectString, SmCommState_t *commState, U8* appletAID, U16 appletAIDLen, U8 *atr, U16 *atrLen); -U16 SM_I2CConnect(void **conn_ctx, SmCommState_t *commState, U8 *atr, U16 *atrLen, const char *pConnString); - -U16 SM_SendAPDU(U8 *cmd, U16 cmdLen, U8 *resp, U16 *respLen); - -#if defined(SMCOM_JRCP_V1_AM) -U16 SM_LockChannel(); -U16 SM_UnlockChannel(); -#endif - -#if defined(SMCOM_JRCP_V1_AM) -#define SM_LOCK_CHANNEL() SM_LockChannel() -#define SM_UNLOCK_CHANNEL() SM_UnlockChannel() -#else -#define SM_LOCK_CHANNEL() -#define SM_UNLOCK_CHANNEL() -#endif - -/** @}*/ - -#ifdef __cplusplus -} -#endif -#endif //_SM_API_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h deleted file mode 100644 index b5ba47077..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * - * Copyright 2016 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * - * @par Description - * This file provides an interface to generic APDU response evaluation. - * @par History - * 1.0 20-feb-2012 : Initial version - * - */ - -#ifndef _SM_ERRORS_ -#define _SM_ERRORS_ - -#include "apduComm.h" - -#ifdef __cplusplus -extern "C" { -#endif - -U16 CheckNoResponseData(apdu_t * pApdu); -U16 CheckNoResponseDataRaw(U8 *rawResponse, U16 rawResponseLen); - -#ifdef __cplusplus -} -#endif -#endif //_SM_ERRORS_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h deleted file mode 100644 index 56220f1b0..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h +++ /dev/null @@ -1,163 +0,0 @@ -/* - * - * Copyright 2016-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * This file defines A7-series specific types - * @par History - * 1.0 20-feb-2012 : Initial version - * - */ - -#ifndef _SM_TYPES_H_ -#define _SM_TYPES_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(__GNUC__) || defined(__arm__) || defined(__ICCARM__) -#include -#include -#include -#endif /* __GNUC__ || __arm__ || iccarm */ - -#if defined(__ICCARM__) -#include "stddef.h" -#endif /* __ICCARM__ */ - -#if defined(_MSC_VER) && _MSC_VER >= 1600 -#include -#if _MSC_VER >= 1800 -#include -#endif -#endif /* _MSC_VER */ - -typedef uint8_t U8; -typedef uint16_t U16; -typedef uint32_t U32; - -typedef int8_t S8; -typedef int16_t S16; -typedef int32_t S32; - -#if !defined(__cplusplus) && !defined(__GNUC__) && !defined(__arm__) && !defined(__ICCARM__) -#ifdef _MSC_VER -#if _MSC_VER < 1600 -typedef unsigned char bool; // C++ and GCC has bool. -#define false(0) -#define true(1) -#endif //_MSC_VER < 1600 -#else // _MSC_VER -typedef unsigned char bool; // C++ and GCC has bool. -#endif -#endif /* bool */ - -#ifndef FALSE -#define FALSE false -#endif - -#ifndef TRUE -#define TRUE true -#endif - -/** @define AX_EMBEDDED Plaform is embedded like Kinetis / LPC / i.MX RT / Freedom Series */ -#if defined(FREEDOM) || defined(IMX_RT) || defined(CPU_LPC54018) || defined(LPC_55x) || defined(QN9090DK6) -#define AX_EMBEDDED 1 -#elif defined(AX_EMBEDDED) -/* OK */ -#else -#define AX_EMBEDDED 0 -#endif - -/** - * Identification of ECC curve. Not all turnkey solutions cover all these ECC curves. - */ -typedef enum -{ - ECCCurve_NIST_P192 = 0x01, - ECCCurve_NIST_P224 = 0x02, - ECCCurve_NIST_P256 = 0x03, /**< NIST Curve with 256 bits */ - ECCCurve_BrainPoolP192r1 = 0x04, - ECCCurve_BrainPoolP224r1 = 0x05, - ECCCurve_BrainPoolP256r1 = 0x06 -} ECCCurve_t; - -/** - * Identification of hash algorithm - */ -typedef enum -{ - HASHAlgo_SHA1 = 0x01, - HASHAlgo_SHA256 = 0x02 -} HASHAlgo_t; - -typedef U16 SM_Error_t; - -#define AX_UNUSED_ARG(x) (void)(x) - -// The following defines are visible at the smCom layer -// Because they are also used in the platform specific implementation -// layer, they have ended up in this include file. -// They do not belong here from a structural point of view. -#define SMCOM_CLOSE_MODE_STD 0x00 -#define SMCOM_CLOSE_MODE_TERMINATE 0x01 - -// The following is a set of predefined return values. - -/* Don't use -// Protocol error codes -#define BAD_SEQ_NUMBER 0x8000 -#define UNAUTH_CLIENT 0x8001 -#define SEND_ERROR 0x8002 -#define UNKNOW_ORDER 0x8003 -*/ - -/* ------------------------------ */ -// Error/status word -#define SW_OK (0x9000) //!< Operation successfull - -#define ERR_CONNECT_LINK_FAILED (0x7001) -#define ERR_CONNECT_SELECT_FAILED (0x7002) -#define ERR_COMM_ERROR (0x7003) //!< Generic communication error -#define ERR_NO_VALID_IP_PORT_PATTERN (0x8000) -#define ERR_COM_ALREADY_OPEN (0x7016) //!< Communication link is already open with device - -/* Range 0x701x is reserved for Error codes defined in smCom.h */ -// #define SMCOM_SND_FAILED 0x7010 -// #define SMCOM_RCV_FAILED 0x7011 - -#define ERR_MEMORY (0x7020) //!< Memory allocation error -#define ERR_GENERAL_ERROR (0x7021) //!< Non-specific error code -#define ERR_WRONG_RESPONSE (0x7022) //!< Semantic error discovered while parsing APDU response -#define ERR_API_ERROR (0x7023) //!< Illegal parameter value passed to API -#define ERR_TLV_MISSING (0x7024) //!< Specific TAG is missing from APDU response -#define ERR_HASH_COMPARE_FAILS (0x7025) -#define ERR_BUF_TOO_SMALL (0x7026) //!< Buffer provided is too small -#define ERR_CRYPTO_ENGINE_FAILED \ - (0x7027) //!< The crypto engine (implemented underneath a crypto abstraction layer) failed to provide a crypto service. -#define ERR_PATTERN_COMPARE_FAILED (0x7028) -#define ERR_NOT_IMPLEMENTED (0x7029) -#define ERR_FILE_SYSTEM (0x7030) -#define ERR_NO_PRIVATE_KEY (0x7031) -#define ERR_IDENT_IDX_RANGE (0x7032) //!< Identifier or Index of Reference Key is out of bounds -#define ERR_CRC_CHKSUM_VERIFY (0x7033) //!< CRC checksum verify error -#define ERR_INTERNAL_BUF_TOO_SMALL (0x7034) //!< In A71CH PSP 1.6 this had value 0x7033. Code was already taken by A71CL - -#define SCP_OK (SW_OK) -#define SCP_UNDEFINED_CHANNEL_ID (0x7041) //!< Undefined SCP channel identifier -#define SCP_FAIL (0x7042) -#define SCP_CARD_CRYPTOGRAM_FAILS_TO_VERIFY (0x7043) -#define SCP_PARAMETER_ERROR (0x7044) - -#define SCP_RSP_MAC_FAIL (0x7050) //!< MAC on APDU response is not correct -#define SCP_DECODE_FAIL (0x7051) //!< Encrypted Response did not decode to correctly padded plaintext - -#ifdef __cplusplus -} -#endif - -#endif // _SM_TYPES_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h deleted file mode 100644 index a520a5704..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h +++ /dev/null @@ -1,107 +0,0 @@ -/* -* -* Copyright 2018 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef NX_LOG_H -#define NX_LOG_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * - * Overview - * ========================================== - * - * These set of files help control logging levels in - * the applicaiton. - * - * The overall idea is to - * - Control logging at mutiple levels - * - Fine gain control of logging - * - Easy for the devleoper to add log messages - * - Easy for the devleoper to add/remove log components - * - Focus on embedded systems - * - * - * Control logging at mutiple levels - * ========================================== - * - * Each component can log one of the following levels. - * DEBUG - For the developer. Too much verbsity. - * INFO - General Information. Easy for end user to keep track what is happening. - * WARN - Some error occured, but can be handled - * ERROR - Some erro roccured, but no nice way to handle - * - * For each level, the logging APIs, LOG_D, LOG_I, LOG_W, LOG_E are available. - * - * - * Fine gain control of logging - * ========================================== - * - * Each component get's its own logging file. - * e.g. nxLog_SSS.h for SSS Layer, nxLog_UseCase.h for use cases. - * SSS Layer and UseCase layer's source files include these individual files - * and with that they can control logging level. - * - * Common `nxLog_Config.h` can control the logging levels, - * or individual source files can control their logging levels. - * - * Easy for the devleoper to add log messages - * ========================================== - * - * Within the source code, only include the file for the given component, e.g. `nxLog_SSS.h`. - * And only call LOG_D, LOG_E, etc. within that file. - * - * - * Easy for the devleoper to add/remove log components - * =========================================================================== - * - * When not required, the files like `nxLog_SSS.h` can be deleted. And when needed - * the script nxLog_Gen.py can be run: - * - * python nxLog_Gen.py - * - * - * Focus on embedded systems - * =========================================================================== - * - * Do not take loging level information at run time, but at compile time. - * This enables to reduce the code size. - * - * - **/ - -#include -#include - -#define NX_LEVEL_DEBUG 4 -#define NX_LEVEL_INFO 3 -#define NX_LEVEL_WARN 2 -#define NX_LEVEL_ERROR 1 - -#define NX_LOG_D -#define NX_LOG_I -#define NX_LOG_W -#define NX_LOG_E - -/* - * Initialised the multithreading locks if running on Native or FreeRtos. - * If running on system where mutex or semaphore is not available, return - * success without doing anything. - */ -uint8_t nLog_Init(); -void nLog_DeInit(); - -void nLog(const char *comp, int level, const char *format, ...); - -void nLog_au8(const char *comp, int level, const char *message, const unsigned char *array, size_t array_len); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h deleted file mode 100644 index c2ad1f90b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h +++ /dev/null @@ -1,183 +0,0 @@ -/* -* -* Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_APP_H -#define NX_LOG_APP_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'App' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_APP_DEBUG -# define NX_LOG_ENABLE_APP_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_APP_INFO -# define NX_LOG_ENABLE_APP_INFO (NX_LOG_ENABLE_APP_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_APP_WARN -# define NX_LOG_ENABLE_APP_WARN (NX_LOG_ENABLE_APP_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_APP_ERROR -# define NX_LOG_ENABLE_APP_ERROR (NX_LOG_ENABLE_APP_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'App' - end */ - -#if NX_LOG_ENABLE_APP_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("App", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_APP_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("App", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_APP_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("App", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_APP_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("App", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_APP_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h deleted file mode 100644 index 1b0cee9de..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_DEFAULT_CONFIG_H -#define NX_LOG_DEFAULT_CONFIG_H - -/* See Plug & Trust Middleware Docuemntation --> stack --> Logging - for more information */ - -/* - * - 1 => Enable Debug level logging - for all. - * - 0 => Disable Debug level logging. This has to be - * enabled individually by other logging - * header/source files */ -#define NX_LOG_ENABLE_DEFAULT_DEBUG 1 - -/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Info Level */ -#define NX_LOG_ENABLE_DEFAULT_INFO 1 - -/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Warn Level */ -#define NX_LOG_ENABLE_DEFAULT_WARN 1 - -/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Error Level. - * Ideally, this shoudl alwasy be kept enabled */ -#define NX_LOG_ENABLE_DEFAULT_ERROR 1 - - -/* Release - retail build */ -#ifdef FLOW_SILENT -#undef NX_LOG_ENABLE_DEFAULT_DEBUG -#undef NX_LOG_ENABLE_DEFAULT_INFO -#undef NX_LOG_ENABLE_DEFAULT_WARN -#undef NX_LOG_ENABLE_DEFAULT_ERROR - -#define NX_LOG_ENABLE_DEFAULT_DEBUG 0 -#define NX_LOG_ENABLE_DEFAULT_INFO 0 -#define NX_LOG_ENABLE_DEFAULT_WARN 0 -#define NX_LOG_ENABLE_DEFAULT_ERROR 0 -#endif - -#endif /* NX_LOG_DEFAULT_CONFIG_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h deleted file mode 100644 index 65e68a3b9..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_HOSTLIB_H -#define NX_LOG_HOSTLIB_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'hostLib' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_HOSTLIB_DEBUG -# define NX_LOG_ENABLE_HOSTLIB_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_HOSTLIB_INFO -# define NX_LOG_ENABLE_HOSTLIB_INFO (NX_LOG_ENABLE_HOSTLIB_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_HOSTLIB_WARN -# define NX_LOG_ENABLE_HOSTLIB_WARN (NX_LOG_ENABLE_HOSTLIB_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_HOSTLIB_ERROR -# define NX_LOG_ENABLE_HOSTLIB_ERROR (NX_LOG_ENABLE_HOSTLIB_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'hostLib' - end */ - -#if NX_LOG_ENABLE_HOSTLIB_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("hostLib", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_HOSTLIB_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("hostLib", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_HOSTLIB_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("hostLib", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_HOSTLIB_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("hostLib", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_HOSTLIB_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h deleted file mode 100644 index cd866fc9c..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_MBEDTLS_H -#define NX_LOG_MBEDTLS_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'mbedtls' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_MBEDTLS_DEBUG -# define NX_LOG_ENABLE_MBEDTLS_DEBUG (NX_LOG_ENABLE_SSS_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_MBEDTLS_INFO -# define NX_LOG_ENABLE_MBEDTLS_INFO (NX_LOG_ENABLE_MBEDTLS_DEBUG + NX_LOG_ENABLE_SSS_INFO) -#endif -#ifndef NX_LOG_ENABLE_MBEDTLS_WARN -# define NX_LOG_ENABLE_MBEDTLS_WARN (NX_LOG_ENABLE_MBEDTLS_INFO + NX_LOG_ENABLE_SSS_WARN) -#endif -#ifndef NX_LOG_ENABLE_MBEDTLS_ERROR -# define NX_LOG_ENABLE_MBEDTLS_ERROR (NX_LOG_ENABLE_MBEDTLS_WARN + NX_LOG_ENABLE_SSS_ERROR) -#endif - -/* Enable/Set log levels for 'mbedtls' - end */ - -#if NX_LOG_ENABLE_MBEDTLS_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("mbedtls", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_MBEDTLS_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("mbedtls", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_MBEDTLS_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("mbedtls", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_MBEDTLS_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("mbedtls", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_MBEDTLS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h deleted file mode 100644 index c8bc4f2ad..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_SCP_H -#define NX_LOG_SCP_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'scp' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_SCP_DEBUG -# define NX_LOG_ENABLE_SCP_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_SCP_INFO -# define NX_LOG_ENABLE_SCP_INFO (NX_LOG_ENABLE_SCP_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_SCP_WARN -# define NX_LOG_ENABLE_SCP_WARN (NX_LOG_ENABLE_SCP_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_SCP_ERROR -# define NX_LOG_ENABLE_SCP_ERROR (NX_LOG_ENABLE_SCP_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'scp' - end */ - -#if NX_LOG_ENABLE_SCP_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("scp", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SCP_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("scp", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SCP_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("scp", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SCP_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("scp", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_SCP_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h deleted file mode 100644 index 7d42451a1..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_SMCOM_H -#define NX_LOG_SMCOM_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'smCom' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_SMCOM_DEBUG -# define NX_LOG_ENABLE_SMCOM_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_SMCOM_INFO -# define NX_LOG_ENABLE_SMCOM_INFO (NX_LOG_ENABLE_SMCOM_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_SMCOM_WARN -# define NX_LOG_ENABLE_SMCOM_WARN (NX_LOG_ENABLE_SMCOM_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_SMCOM_ERROR -# define NX_LOG_ENABLE_SMCOM_ERROR (NX_LOG_ENABLE_SMCOM_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'smCom' - end */ - -#if NX_LOG_ENABLE_SMCOM_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("smCom", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SMCOM_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("smCom", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SMCOM_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("smCom", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SMCOM_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("smCom", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_SMCOM_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h deleted file mode 100644 index fb61c1fdc..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_SSS_H -#define NX_LOG_SSS_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'sss' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_SSS_DEBUG -# define NX_LOG_ENABLE_SSS_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_SSS_INFO -# define NX_LOG_ENABLE_SSS_INFO (NX_LOG_ENABLE_SSS_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_SSS_WARN -# define NX_LOG_ENABLE_SSS_WARN (NX_LOG_ENABLE_SSS_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_SSS_ERROR -# define NX_LOG_ENABLE_SSS_ERROR (NX_LOG_ENABLE_SSS_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'sss' - end */ - -#if NX_LOG_ENABLE_SSS_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("sss", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SSS_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("sss", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SSS_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("sss", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SSS_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("sss", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_SSS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h deleted file mode 100644 index b14761df9..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h +++ /dev/null @@ -1,421 +0,0 @@ -/* - * Copyright 2010-2014,2018-2019 NXP - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * ESE Status Values - Function Return Codes - */ - -#ifndef PHESESTATUS_H -#define PHESESTATUS_H - -#include "phEseTypes.h" - -/* Internally required by PHESESTVAL. */ -#define PHESESTSHL8 (8U) -/* Required by PHESESTVAL. */ -#define PHESESTBLOWER ((ESESTATUS)(0x00FFU)) - -/* - * ESE Status Composition Macro - * - * This is the macro which must be used to compose status values. - * - * phEseCompID Component ID, as defined in phEseCompId.h . - * phEseStatus Status values, as defined in phEseStatus.h . - * - * The macro is not required for the ESESTATUS_SUCCESS value. - * This is the only return value to be used directly. - * For all other values it shall be used in assignment and conditional statements, e.g.: - * ESESTATUS status = PHESESTVAL(phEseCompID, phEseStatus); ... - * if (status == PHESESTVAL(phEseCompID, phEseStatus)) ... - */ -#define PHESESTVAL(phEseCompID, phEseStatus) \ - ( ((phEseStatus) == (ESESTATUS_SUCCESS)) ? (ESESTATUS_SUCCESS) : \ - ( (((ESESTATUS)(phEseStatus)) & (PHESESTBLOWER)) | \ - (((uint16_t)(phEseCompID)) << (PHESESTSHL8)) ) ) - -/* - * PHESESTATUS - * Get grp_retval from Status Code - */ -#define PHESESTATUS(phEseStatus) ((phEseStatus) & 0x00FFU) -#define PHESECID(phEseStatus) (((phEseStatus) & 0xFF00U)>>8) - -/* - * Status Codes - * - * Generic Status codes for the ESE components. Combined with the Component ID - * they build the value (status) returned by each function. - * Example: - * grp_comp_id "Component ID" - e.g. 0x10, plus - * status code as listed in this file - e.g. 0x03 - * result in a status value of 0x0003. - */ - -/* - * The function indicates successful completion - */ -#define ESESTATUS_SUCCESS (0x0000) - -/* - * The function indicates successful completion - */ -#define ESESTATUS_OK (ESESTATUS_SUCCESS) - -/* - * At least one parameter could not be properly interpreted - */ -#define ESESTATUS_INVALID_PARAMETER (0x0001) - -/* - * Invalid buffer provided by application - * */ -#define ESESTATUS_INVALID_BUFFER (0x0002) - -/* - * The buffer provided by the caller is too small - */ -#define ESESTATUS_BUFFER_TOO_SMALL (0x0003) - -/* - * Invalid class byte provided by application - * */ -#define ESESTATUS_INVALID_CLA (0x0004) - -/* - * Invalid command pdu type provided by application - * */ -#define ESESTATUS_INVALID_CPDU_TYPE (0x0005) - -/* - * Invalid command LE type provided by application - * */ -#define ESESTATUS_INVALID_LE_TYPE (0x0007) - -/* - * Device specifier/handle value is invalid for the operation - */ -#define ESESTATUS_INVALID_DEVICE (0x0006) - -/* - * The function executed successfully but could have returned - * more information than space provided by the caller - */ -#define ESESTATUS_MORE_FRAME (0x0008) - -/* - * No response from the remote device received: Time-out - */ -#define ESESTATUS_LAST_FRAME (0x0009) - -/* - * CRC Error during data transaction with the device - */ -#define ESESTATUS_CRC_ERROR (0x000A) - -/* - * SOF Error during data transaction with the device - */ -#define ESESTATUS_SOF_ERROR (0x000B) - -/* - * Not enough resources Memory, Timer etc(e.g. allocation failed.) - */ -#define ESESTATUS_INSUFFICIENT_RESOURCES (0x000C) - -/* - * A non-blocking function returns this immediately to indicate - * that an internal operation is in progress - */ -#define ESESTATUS_PENDING (0x000D) - -/* - * A board communication error occurred - * (e.g. Configuration went wrong) - */ -#define ESESTATUS_BOARD_COMMUNICATION_ERROR (0x000F) - -/* - * Invalid State of the particular state machine - */ -#define ESESTATUS_INVALID_STATE (0x0011) - - -/* - * This Layer is Not initialized, hence initialization required. - */ -#define ESESTATUS_NOT_INITIALISED (0x0031) - - -/* - * The Layer is already initialized, hence initialization repeated. - */ -#define ESESTATUS_ALREADY_INITIALISED (0x0032) - - -/* - * Feature not supported - */ -#define ESESTATUS_FEATURE_NOT_SUPPORTED (0x0033) - -/* - * Parity Error - */ -#define ESESTATUS_PARITY_ERROR (0x0034) - - -/* The Registration command has failed because the user wants to register on - * an element for which he is already registered - */ -#define ESESTATUS_ALREADY_REGISTERED (0x0035) - -/* Chained frame is being sent */ -#define ESESTATUS_CHAINED_FRAME (0x0036) - -/* - * Single frame is sent - */ -#define ESESTATUS_SINGLE_FRAME (0x0037) - -/* - * A DESELECT event has occurred - */ -#define ESESTATUS_DESELECTED (0x0038) - -/* - * A RELEASE event has occurred - */ -#define ESESTATUS_RELEASED (0x0039) - -/* - * The operation is currently not possible or not allowed - */ -#define ESESTATUS_NOT_ALLOWED (0x003A) - -/* - * Other indicaated error sent by JCOP. - */ -#define ESESTATUS_OTHER_ERROR (0x003C) -/* - * The system is busy with the firmware download operation. - */ -#define ESESTATUS_DWNLD_BUSY (0x006E) - -/* - * The system is busy with the previous operation. - */ -#define ESESTATUS_BUSY (0x006F) - - -/* NDEF Mapping error codes */ - -/* The remote device (type) is not valid for this request. */ -#define ESESTATUS_INVALID_REMOTE_DEVICE (0x001D) - -/* Read operation failed */ -#define ESESTATUS_READ_FAILED (0x0014) - -/* - * Write operation failed - */ -#define ESESTATUS_WRITE_FAILED (0x0015) - - -/* Non Ndef Compliant */ -#define ESESTATUS_NO_NDEF_SUPPORT (0x0016) - -/* resend the frame with seq_counter 0*/ -#define ESESTATUS_RESET_SEQ_COUNTER_FRAME_RESEND (0x001A) - -/* Incorrect number of bytes received from the card*/ -#define ESESTATUS_INVALID_RECEIVE_LENGTH (0x001B) - -/* The data format/composition is not understood/correct. */ -#define ESESTATUS_INVALID_FORMAT (0x001C) - - -/* There is not sufficient storage available. */ -#define ESESTATUS_INSUFFICIENT_STORAGE (0x001F) - -/* The last command would be re-sent */ -#define ESESTATUS_FRAME_RESEND (0x0023) - -/* The write timeout error */ -#define ESESTATUS_WRITE_TIMEOUT (0x0024) - -/* - * Response Time out for the control message(ESEC not responded) - */ -#define ESESTATUS_RESPONSE_TIMEOUT (0x0025) - -/* - * Resend the last R Frame - */ -#define ESESTATUS_FRAME_RESEND_R_FRAME (0x0026) - -/* - * Send next chained frame - */ -#define ESESTATUS_SEND_NEXT_FRAME (0x0027) - -/* - * Protocol revovery started - */ -#define ESESTATUS_REVOCERY_STARTED (0x0028) - -/* - * Single Target Detected - */ -#define ESESTATUS_SEND_R_FRAME (0x0029) - -/* - * Resend the RNAK - */ - -#define ESESTATUS_FRAME_RESEND_RNAK (0x0030) - -/* - * Resend the last R Frame - */ -#define ESESTATUS_FRAME_SEND_R_FRAME (0x003B) - -/* - * Unknown error Status Codes - */ -#define ESESTATUS_UNKNOWN_ERROR (0x00FE) - -/* - * Status code for failure - */ -#define ESESTATUS_FAILED (0x00FF) - -/* - * The function/command has been aborted - */ -#define ESESTATUS_CMD_ABORTED (0x0002) - -/* - * No target found after poll - */ -#define ESESTATUS_NO_TARGET_FOUND (0x000A) - -/* Attempt to disconnect a not connected remote device. */ -#define ESESTATUS_NO_DEVICE_CONNECTED (0x000B) - - -/* requesting a resynchronization */ -#define ESESTATUS_RESYNCH_REQ (0x000E) - -/* - * acknowledging resynchronization - */ -#define ESESTATUS_RESYNCH_RES (0x0010) - -/* - * S-block offering a maximum size of the information field - */ -#define ESESTATUS_IFS_REQ (0x001E) - -/* S-block offering a maximum size of the information field */ -#define ESESTATUS_IFS_RES (0x0017) - -/* S-block requesting a chain abortion */ -#define ESESTATUS_ABORT_REQ (0x00F0) - - -/*S-block acknowledging the chain abortion*/ -#define ESESTATUS_ABORT_RES (0x00F2) - - -/* S-block requesting a waiting time extension*/ -#define ESESTATUS_WTX_REQ (0x00F5) - -/* S-block acknowledging the waiting time extension */ -#define ESESTATUS_WTX_RES (0x00F6) - -/* S-block interface reset request */ -#define ESESTATUS_RESET_REQ (0x00F7) - -/* S-block interface reset response */ -#define ESESTATUS_RESET_RES (0x00F8) - -/* S-block requesting a end of apdu transfer*/ -#define ESESTATUS_END_APDU_REQ (0x00F9) - -/* S-block acknowledging end of apdu transfer*/ -#define ESESTATUS_END_APDU_RES (0x00FA) - -/* - * Shutdown in progress, cannot handle the request at this time. - */ -#define ESESTATUS_SHUTDOWN (0x0091) - -/* - * Target is no more in RF field - */ -#define ESESTATUS_TARGET_LOST (0x0092) - -/* - * Request is rejected - */ -#define ESESTATUS_REJECTED (0x0093) - -/* - * Target is not connected - */ -#define ESESTATUS_TARGET_NOT_CONNECTED (0x0094) - -/* - * Invalid handle for the operation - */ -#define ESESTATUS_INVALID_HANDLE (0x0095) - -/* - * Process aborted - */ -#define ESESTATUS_ABORTED (0x0096) - -/* - * Requested command is not supported - */ -#define ESESTATUS_COMMAND_NOT_SUPPORTED (0x0097) - -/* - * Tag is not NDEF compilant - */ -#define ESESTATUS_NON_NDEF_COMPLIANT (0x0098) - -/* - * Not enough memory available to complete the requested operation - */ -#define ESESTATUS_NOT_ENOUGH_MEMORY (0x001F) - -/* - * Indicates incoming connection - */ -#define ESESTATUS_INCOMING_CONNECTION (0x0045) - -/* - * Indicates Connection was successful - */ -#define ESESTATUS_CONNECTION_SUCCESS (0x0046) - -/* - * Indicates Connection failed - */ -#define ESESTATUS_CONNECTION_FAILED (0x0047) - -#endif /* PHESESTATUS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h deleted file mode 100644 index 6a511644b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 2010-2014,2018-2019 NXP - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PHESETYPES_H -#define PHESETYPES_H -#include -#include -#include -#include - -typedef uint8_t utf8_t; /* UTF8 Character String */ -typedef uint8_t bool_t; /* boolean data type */ -typedef uint16_t ESESTATUS; /* Return values */ -#define STATIC static - -#define UNUSED(X) (void)X; - -#endif /* PHESETYPES_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h deleted file mode 100644 index 8b44bc7d6..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 2010-2014,2018-2020 NXP - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - /** - * \addtogroup eSe_PAL_I2C - * \brief PAL I2C port implementation for linux - * @{ */ -#ifndef _PHNXPESE_PAL_I2C_H -#define _PHNXPESE_PAL_I2C_H - -/* Basic type definitions */ -#include - - -/*! - * \brief ESE Poll timeout (min 1 miliseconds) - */ -#define ESE_POLL_DELAY_MS (1) -/*! - * \brief ESE Poll timeout. - * As Max WTX timeout is 1sec, select ESE_NAD_POLLING_MAX count in such a way that WTX request frm SE is not skiped - * select target value is 2 sec. - * - * Note: Here ESE_NAD_POLLING_MAX is depend on platform, If i2c driver does not have backoff delay implemented, - * then set ESE_NAD_POLLING_MAX value to >=300 - * - */ -#if AX_EMBEDDED //back off delay is implemented for AX_EMBEDDED devices - /*TODO:semslite need more than 20 polling count right now max is set to 60 as 46 was the max sof counter observed - SIMW-2927*/ -#if defined(LPC_55x) - #define ESE_NAD_POLLING_MAX (2*250) - #else - #define ESE_NAD_POLLING_MAX (2*30) -#endif -#else - #define ESE_NAD_POLLING_MAX (2*250) -#endif -/*! - * \brief Max retry count for Write - */ -#define MAX_RETRY_COUNT 3 - -/*! - * \brief ESE wakeup delay in case of write error retry - */ -#define WAKE_UP_DELAY_MS 5 //5 ms -/*! - * \brief ESE wakeup delay in case of write error retry - */ -#define NAD_POLLING_SCALER 1 -/*! - * \brief ESE wakeup delay in case of write error retry - */ -#define CHAINED_PKT_SCALER 1 -/*! - * \brief This function is used to set slave address of ESE - * - */ -// #define I2C_MASTER_SLAVE_ADDR_7BIT (0x90U >> 1) //slve bit address is 20U but driver do right shift so set to 40U -#define SMCOM_I2C_ADDRESS (0x90) - -/*! - * \ingroup eSe_PAL_I2C - * - * \brief PAL Configuration exposed to upper layer. - */ -typedef struct phPalEse_Config -{ - int8_t *pDevName; - /*!< Port name connected to ESE - * - * Platform specific canonical device name to which ESE is connected. - * - * e.g. On Linux based systems this would be /dev/p73 - */ - - int8_t DeviceAddress; - /*!< I2C Address of SE connected - */ - - uint32_t dwBaudRate; - /*!< Communication speed between DH and ESE - * - * This is the baudrate of the bus for communication between DH and ESE - */ - - void *pDevHandle; - /*!< Device handle output */ -} phPalEse_Config_t,*pphPalEse_Config_t; /* pointer to phPalEse_Config_t */ - -void phPalEse_i2c_close(void *pDevHandle); -ESESTATUS phPalEse_i2c_open_and_configure(pphPalEse_Config_t pConfig); -int phPalEse_i2c_read(void *pDevHandle, uint8_t * pBuffer, int nNbBytesToRead); -int phPalEse_i2c_write(void *pDevHandle,uint8_t * pBuffer, int nNbBytesToWrite); -/** @} */ -#endif /* _PHNXPESE_PAL_I2C_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h deleted file mode 100644 index ccfd00e87..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h +++ /dev/null @@ -1,443 +0,0 @@ -/* - * Copyright 2010-2014,2018-2020 NXP - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef _PHNXPESEPROTO7816_3_H_ -#define _PHNXPESEPROTO7816_3_H_ -#include - - -/** - * \addtogroup ISO7816-3_protocol_lib - * \brief 7816-3 PROTOCOL STACK - * @{ */ - -/********************* Definitions and structures *****************************/ - -/*! - * \brief S-Frame types used in 7816-3 protocol stack - */ -typedef enum sFrameTypes { - RESYNCH_REQ = 0x00,/*!< Re-synchronisation request between host and ESE */ - RESYNCH_RSP = 0x20,/*!< Re-synchronisation response between host and ESE */ - IFSC_REQ = 0x01,/*!< IFSC size request */ - IFSC_RES = 0x21,/*!< IFSC size response */ - ABORT_REQ = 0x02,/*!< Abort request */ - ABORT_RES = 0x22,/*!< Abort response */ - WTX_REQ = 0x03,/*!< WTX request */ - WTX_RSP = 0x23,/*!< WTX response */ -#if defined(T1oI2C_UM11225) - INTF_RESET_REQ = 0x0F,/*!< Interface reset request */ - INTF_RESET_RSP = 0x2F,/*!< Interface reset response */ - PROP_END_APDU_REQ = 0x05,/*!< Proprietary Enf of APDU request */ - PROP_END_APDU_RSP = 0x25,/*!< Proprietary Enf of APDU response */ - CHIP_RESET_REQ = 0x06, /*chip reset request*/ - CHIP_RESET_RES = 0x26, /*chip reset response*/ - ATR_REQ = 0x07, /* get ATR request*/ - ATR_RES = 0x27, /*get ATR response*/ -#elif defined(T1oI2C_GP1_0) - SWR_REQ = 0x0F,/*!< Software reset request */ - SWR_RSP = 0x2F,/*!< Software reset response */ - COLD_RESET_REQ = 0x1E, /*cold reset request*/ - COLD_RESET_RES = 0x3E, /*cold reset response*/ - RELEASE_REQ = 0x06, /* Release request*/ - RELEASE_RES = 0x26, /* Release response*/ - CIP_REQ = 0x04,/*!< Get CIP request */ - CIP_RES = 0x24,/*!< Get CIP response */ -#endif - INVALID_REQ_RES /*!< Invalid request */ - } sFrameTypes_t; - -/*! - * \brief R-Frame types used in 7816-3 protocol stack - */ -typedef enum rFrameTypes -{ - RACK = 0x01, /*!< R-frame Acknowledgement frame indicator */ - RNACK = 0x02 /*!< R-frame Negative-Acknowledgement frame indicator */ -}rFrameTypes_t; - -/*! - * \brief R-Frame error types used 7816-3 protocol stack - */ -typedef enum rFrameErrorTypes -{ - NO_ERROR, /*!< R-frame received with success */ - PARITY_ERROR, /*!< R-frame received with parity error */ - OTHER_ERROR, /*!< R-frame received with Other error */ - SOF_MISSED_ERROR, /*!< R-frame received with frame missing error */ - UNDEFINED_ERROR /*!< R-frame received with some undefined error */ -}rFrameErrorTypes_t; - -/*! - * \brief Frame types used in 7816-3 protocol stack - */ -typedef enum phNxpEseProto7816_FrameTypes -{ - IFRAME,/*!< Frame type: I-frame */ - SFRAME,/*!< Frame type: S-frame */ - RFRAME,/*!< Frame type: R-frame */ - INVALID,/*!< Frame type: Invalid */ - UNKNOWN /*!< Frame type: Unknown */ -}phNxpEseProto7816_FrameTypes_t; - -/*! - * \brief 7816-3 protocol stack states - */ -typedef enum phNxpEseProto7816_State -{ - PH_NXP_ESE_PROTO_7816_IDLE,/*!< 7816-3 protocol state: IDLE */ - PH_NXP_ESE_PROTO_7816_TRANSCEIVE,/*!< 7816-3 protocol state: TRANSCEIVE going on */ - PH_NXP_ESE_PROTO_7816_DEINIT /*!< 7816-3 protocol state: DeInit going on */ -}phNxpEseProto7816_State_t; - -/*! - * \brief 7816-3 protocol transceive states - */ -typedef enum phNxpEseProto7816_TransceiveStates -{ - IDLE_STATE, /*!< 7816-3 protocol transceive state: IDLE */ - SEND_IFRAME, /*!< 7816-3 protocol transceive state: I-frame to be sent */ - SEND_R_NACK, /*!< 7816-3 protocol transceive state: R-NACK frame to be sent */ - SEND_R_ACK, /*!< 7816-3 protocol transceive state: R-ACK frame to be sent */ - SEND_S_RSYNC, /*!< 7816-3 protocol transceive state: S-frame re-synchronisation command to be sent */ -#if defined(T1oI2C_UM11225) - SEND_S_INTF_RST, /*!< 7816-3 protocol transceive state: S-frame interface reset command to be sent */ - SEND_S_EOS, /*!< 7816-3 protocol transceive state: S-frame end of session command to be sent */ - SEND_S_ATR, /*!< 7816-3 protocol transceive state: S-frame ATR command to be sent */ - SEND_S_CHIP_RST, /*!< 7816-3 protocol transceive state: S-frame chip reset command to be sent */ -#elif defined(T1oI2C_GP1_0) - SEND_S_SWR, /*!< 7816-3 protocol transceive state: S-frame Software reset command to be sent */ - SEND_S_RELEASE, /*!< 7816-3 protocol transceive state: S-frame RELEASE command to be sent */ - SEND_S_CIP, /*!< 7816-3 protocol transceive state: S-frame CIP command to be sent */ - SEND_S_COLD_RST, /*!< 7816-3 protocol transceive state: S-frame cold reset command to be sent */ -#endif - SEND_S_WTX_REQ, /*!< 7816-3 protocol transceive state: S-frame WTX command to be sent */ - SEND_S_WTX_RSP, /*!< 7816-3 protocol transceive state: S-frame WTX response to be sent */ - -}phNxpEseProto7816_TransceiveStates_t; - -/*! - * \brief I-frame information structure for ISO 7816-3 - * - * This structure holds the information of I-frame used for sending - * and receiving the frame packet. - * - */ -typedef struct iFrameInfo -{ - bool_t isChained; /*!< I-frame: Indicates if more frames to follow in the same data packet or not */ - uint8_t *p_data; /*!< I-frame: Actual data (Information field (INF)) */ - uint8_t seqNo; /*!< I-frame: Sequence number of the I-frame */ - uint32_t maxDataLen; /*!< I-frame: Maximum data length to be allowed in a single I-frame */ - uint32_t dataOffset; /*!< I-frame: Offset to the actual data(INF) for the current frame of the packet */ - uint32_t totalDataLen; /*!< I-frame: Total data left in the packet, used to set the chained flag/calculating offset */ - uint32_t sendDataLen; /*!< I-frame: the length of the I-frame actual data */ -}iFrameInfo_t; - -/*! - * \brief S-frame information structure for ISO 7816-3 - * - * This structure holds the information of S-frame used for sending - * and receiving the frame packet. - * - */ -typedef struct sFrameInfo -{ - sFrameTypes_t sFrameType;/*!< S-frame: Type of S-frame cmd/rsp */ -}sFrameInfo_t; - -/*! - * \brief R-frame information structure for ISO 7816-3 - * - * This structure holds the information of R-frame used for sending - * and receiving the frame packet. - * - */ -typedef struct rFrameInfo -{ - uint8_t seqNo; /*!< R-frame: Sequence number of the expected I-frame */ - rFrameErrorTypes_t errCode; /*!< R-frame: Error type */ -}rFrameInfo_t; - -/*! - * \brief Next/Last Tx information structure holding transceive data - * - * This structure holds the information of the next/last sent - * I-frame/R-frame/S-frame depending on the frame type - * - */ -typedef struct phNxpEseProto7816_NextTx_Info -{ - //union { - iFrameInfo_t - IframeInfo; /*!< Information of the I-frame to be send next or the last sent I-frame depending on the frame type */ - rFrameInfo_t - RframeInfo; /*!< Information of the R-frame to be send next or the last sent R-frame depending on the frame type */ - sFrameInfo_t - SframeInfo; /*!< Information of the S-frame to be send next or the last sent S-frame depending on the frame type */ - //} f; - phNxpEseProto7816_FrameTypes_t FrameType; /*!< Frame (I/R/S frames) type to be sent next */ -}phNxpEseProto7816_NextTx_Info_t; - -/*! - * \brief Last sent Tx ransceive data - * - * This structure holds the information of the last sent - * I-frame/R-frame/S-frame - * - */ -typedef phNxpEseProto7816_NextTx_Info_t phNxpEseProto7816_LastTx_Info_t; - -/*! - * \brief Last Rx information structure holding transceive data - * - * This structure holds the information of the next/last sent - * I-frame/R-frame/S-frame - * - */ -typedef struct phNxpEseRx_Cntx -{ - iFrameInfo_t lastRcvdIframeInfo; /*!< I-frame: Last received frame */ - rFrameInfo_t lastRcvdRframeInfo; /*!< R-frame: Last received frame */ - sFrameInfo_t lastRcvdSframeInfo; /*!< S-frame: Last received frame */ - phNxpEseProto7816_FrameTypes_t lastRcvdFrameType; /*!< Last received frame type */ - phNxpEse_data *pRsp; -}phNxpEseRx_Cntx_t; - -/*! - * \brief 7816-3 protocol stack context structure - * - * This structure holds the complete information of the - * 7816-3 protocol stack context - * - */ -typedef struct phNxpEseProto7816 -{ - phNxpEseProto7816_LastTx_Info_t phNxpEseLastTx_Cntx; /*!< Last transmitted frame information */ - phNxpEseProto7816_NextTx_Info_t phNxpEseNextTx_Cntx; /*!< Next frame to be transmitted */ - phNxpEseRx_Cntx_t phNxpEseRx_Cntx; /*!< Last received frame information */ - phNxpEseProto7816_TransceiveStates_t phNxpEseProto7816_nextTransceiveState; /*!< Next Transceive state. It determines the next - action to be done from host */ - phNxpEseProto7816_State_t phNxpEseProto7816_CurrentState;/*!< Current protocol stack state */ - uint8_t recoveryCounter; /*!< Keeps track of number of error recovery done. Stack exits after it reaches max. count */ - unsigned long int wtx_counter_limit; /*!< Max. WTX counter limit */ - unsigned long int wtx_counter; /*!< WTX count tracker */ - uint8_t timeoutCounter; /*!< Keeps track of number of timeout happened. Stack exits after it reaches max. count */ - phNxpEseProto7816_FrameTypes_t lastSentNonErrorframeType; /*!< Copy of the last sent non-error frame type: R-ACK, S-frame, I-frame */ - unsigned long int rnack_retry_limit; - unsigned long int rnack_retry_counter; -}phNxpEseProto7816_t; - -/*! - * \brief 7816-3 protocol stack init params - * - * This structure holds the parameters to be passed to open 7816-3 protocl stack instance - * - */ -typedef struct phNxpEseProto7816InitParam -{ - unsigned long int wtx_counter_limit; /*!< WTX count limit */ - bool_t interfaceReset; /*!< INTF reset required or not>*/ - unsigned long int rnack_retry_limit; -}phNxpEseProto7816InitParam_t; - -/*! - * \brief 7816-3 protocol PCB bit level structure - * - * This structure holds the bit level information of PCB byte - * as per 7816-3 protocol - * - */ -typedef struct phNxpEseProto7816_PCB_bits { - uint8_t lsb :1; /*!< PCB: lsb */ - uint8_t bit2 :1; /*!< PCB: bit2 */ - uint8_t bit3 :1; /*!< PCB: bit3 */ - uint8_t bit4 :1; /*!< PCB: bit4 */ - uint8_t bit5 :1; /*!< PCB: bit5 */ - uint8_t bit6 :1; /*!< PCB: bit6 */ - uint8_t bit7 :1; /*!< PCB: bit7 */ - uint8_t msb :1; /*!< PCB: msb */ -}phNxpEseProto7816_PCB_bits_t; - -/*! - * \brief 7816_3 protocol stack instance - */ -//phNxpEseProto7816_t phNxpEseProto7816_3_Var; - -/*! - * \brief Max. size of the frame that can be sent - */ -#define IFSC_SIZE_SEND 254 -/*! - * \brief Delay to be used before sending the next frame, after error reported by ESE - */ -#define DELAY_ERROR_RECOVERY 3500 -/*! - * \brief 7816-3 protocol frame header length - */ -#if defined(T1oI2C_UM11225) - #define PH_PROTO_7816_HEADER_LEN 0x03 // LEN field is 1 byte -#elif defined(T1oI2C_GP1_0) - #define PH_PROTO_7816_HEADER_LEN 0x04 // LEN field is 2 byte -#endif -/*! - * \brief 7816-3 protocol frame CRC length - */ -#define PH_PROTO_7816_CRC_LEN 0x02 -/*! - * \brief 7816-3 Chaining flag bit for masking - */ -#define PH_PROTO_7816_CHAINING 0x20 -/*! - * \brief 7816-3 frame length offset - */ -#define PH_PROPTO_7816_FRAME_LENGTH_OFFSET 0x02 -/*! - * \brief 7816-3 S-block request command mask - */ -#define PH_PROTO_7816_S_BLOCK_REQ 0xC0 -/*! - * \brief 7816-3 S-block response mask - */ -#define PH_PROTO_7816_S_BLOCK_RSP 0xE0 -/*! - * \brief 7816-3 S-block reset command mask - */ -#define PH_PROTO_7816_S_RESET 0x0F -/*! - * \brief 7816-3 S-block End of APDU cmd mask - */ -#define PH_PROTO_7816_S_END_OF_APDU 0x05 -/*! - * \brief 7816-3 S-block WTX mask - */ -#define PH_PROTO_7816_S_WTX 0x03 -/*! - * \brief 7816-3 S-block re-sync mask - */ -#define PH_PROTO_7816_S_RESYNCH 0x00 -/*! - * \brief 7816-3 protocol max. error retry counter - */ -#define PH_PROTO_7816_FRAME_RETRY_COUNT 10 -/*! - * \brief 7816-3 protocol max. WTX default count - */ -#define PH_PROTO_WTX_DEFAULT_COUNT 500 -/*! - * \brief 7816-3 protocol max. timeout retry count - */ -#define PH_PROTO_7816_TIMEOUT_RETRY_COUNT 1 -/*! - * \brief 7816-3 to represent magic number zero - */ -#define PH_PROTO_7816_VALUE_ZERO 0x00 -/*! - * \brief 7816-3 to represent magic number one - */ -#define PH_PROTO_7816_VALUE_ONE 0x01 -/*! - * \brief 7816-3 for max retry for CRC error - */ -#define MAX_RNACK_RETRY_LIMIT 0x02 -/*! - * \brief 7816-3 S-block chip reset mask - */ -#if defined(T1oI2C_UM11225) -#define PH_PROTO_7816_S_CHIP_RST 0x06 -#elif defined(T1oI2C_GP1_0) -#define PH_PROTO_7816_S_COLD_RST 0x1E -#endif -/*! - * \brief 7816-3 S-block get atr mask - */ -#define PH_PROTO_7816_S_GET_ATR 0x07 -/*! - * \brief 7816-3 S-block software reset mask - */ -#define PH_PROTO_7816_S_SWR 0x0F -/*! - * \brief 7816-3 S-block release cmd mask - */ -#define PH_PROTO_7816_S_RELEASE 0x06 -/*! - * \brief 7816-3 S-block get CIP cmd mask - */ -#define PH_PROTO_7816_S_GET_CIP 0x04 - -/* T=1 protocol Block format for T1oI2C UM11225_SE050 - ___________________________________________________________________________________________________ -| Prologue Filed (Mandatory) | Information Field (Optional)| Epilogue Filed (Mandatory) | -|________________________________________|_____________________________|____________________________| -|NAD(1 byte) | PCB(1 byte) | LEN(1 byte) | INF(LEN bytes) | CRC(2 bytes) | | -|____________|_____________|_____________|_____________________________|____________________________| | -*/ - -/* T=1 protocol Block format for T1oI2C GP - ___________________________________________________________________________________________________ -| Prologue Filed (Mandatory) | Information Field (Optional)| Epilogue Filed (Mandatory) | -|________________________________________|_____________________________|____________________________| -|NAD(1 byte) | PCB(1 byte) | LEN(2 byte) | INF(LEN bytes) | CRC(2 bytes) | | -|____________|_____________|_____________|_____________________________|____________________________| | -*/ - -#define PH_PROPTO_7816_NAD_OFFSET 0 -#define PH_PROPTO_7816_PCB_OFFSET 1 -#define PH_PROPTO_7816_LEN_UPPER_OFFSET 2 -#define PH_PROPTO_7816_LEN_LOWER_OFFSET 3 /* for GP lower byte will be a part of T=1 protocol frame*/ -#define PH_PROPTO_7816_INF_BYTE_OFFSET (PH_PROTO_7816_HEADER_LEN) - - - -/*! - * \brief Start of frame marker - * \ communication Direction NAD value - * \ SE host to SE 0x5A - * \ SE to SE host 0xA5 - * \ eUICC host to Euicc 0x4B - * \ eUICC to eUICC host 0xB4 - */ -#define SEND_PACKET_SOF 0x5A -/*! - * \Retrieve Information Filed from 7816-3 T=1 protocol frame - * NAD -1 byte - * PCB -1 byte - * LEN -(1 or 3 bytes for UM11225_SE050) & (2 bytes for GP) - * CRC16 -2 bytes - */ -#define PH_PROTO_7816_INF_FILED (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN) -/* - * APIs exposed from the 7816-3 protocol layer - */ - -#if defined(T1oI2C_UM11225) -bool_t phNxpEseProto7816_IntfReset(void* conn_ctx, phNxpEse_data *AtrRsp); -bool_t phNxpEseProto7816_GetAtr(void* conn_ctx, phNxpEse_data *pRsp); -bool_t phNxpEseProto7816_ChipReset(void* conn_ctx); -#endif -bool_t phNxpEseProto7816_Close(void* conn_ctx); -bool_t phNxpEseProto7816_Open(void* conn_ctx, phNxpEseProto7816InitParam_t initParam , phNxpEse_data *AtrRsp); -bool_t phNxpEseProto7816_Transceive(void* conn_ctx, phNxpEse_data *pCmd, phNxpEse_data *pRsp); -bool_t phNxpEseProto7816_Reset(void); -bool_t phNxpEseProto7816_SetIfscSize(uint16_t IFSC_Size); -bool_t phNxpEseProto7816_ResetProtoParams(void); -#if defined(T1oI2C_GP1_0) -bool_t phNxpEseProto7816_SoftReset(void* conn_ctx); -bool_t phNxpEseProto7816_GetCip(void* conn_ctx, phNxpEse_data *pRsp); -bool_t phNxpEseProto7816_ColdReset(void* conn_ctx); -#endif -uint8_t getMaxSupportedSendIFrameSize(void); -/** @} */ -#endif /* _PHNXPESEPROTO7816_3_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h deleted file mode 100644 index 6b8e2025b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * - * \brief ESE Lib layer interface to application - * @{ */ - -#ifndef _PHNXPESE_API_H_ -#define _PHNXPESE_API_H_ - -#include -#include -#include -#include "smComT1oI2C.h" - -#include "phEseStatus.h" - -/** - * - * \brief Ese data buffer - * - */ -typedef struct phNxpEse_data -{ - uint32_t len; /*!< length of the buffer */ - uint8_t *p_data; /*!< pointer to a buffer */ -} phNxpEse_data; - - -/** - * - * \brief Ese library init parameters to be set while calling phNxpEse_init - * - */ -typedef struct phNxpEse_initParams -{ - phNxpEse_initMode initMode; /*!< Ese communication mode */ -} phNxpEse_initParams; - - -ESESTATUS phNxpEse_init(void *conn_ctx, phNxpEse_initParams initParams, phNxpEse_data *AtrRsp); -ESESTATUS phNxpEse_open(void **conn_ctx, phNxpEse_initParams initParams, const char *pConnString); -ESESTATUS phNxpEse_Transceive(void* conn_ctx, phNxpEse_data *pCmd, phNxpEse_data *pRsp); -ESESTATUS phNxpEse_deInit(void* conn_ctx); -ESESTATUS phNxpEse_close(void* conn_ctx); -ESESTATUS phNxpEse_reset(void* conn_ctx); -ESESTATUS phNxpEse_chipReset(void* conn_ctx); -ESESTATUS phNxpEse_setIfsc(uint16_t IFSC_Size); -ESESTATUS phNxpEse_EndOfApdu(void* conn_ctx); -void* phNxpEse_memset(void *buff, int val, size_t len); -void* phNxpEse_memcpy(void *dest, const void *src, size_t len); -void *phNxpEse_memalloc(uint32_t size); -void phNxpEse_free(void* ptr); -ESESTATUS phNxpEse_getAtr(void* conn_ctx, phNxpEse_data *pRsp); -ESESTATUS phNxpEse_getCip(void* conn_ctx, phNxpEse_data *pRsp); -/** @} */ -#endif /* _PHNXPESE_API_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h deleted file mode 100644 index cea3c0c4b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef _PHNXPESE_INTERNAL_H_ -#define _PHNXPESE_INTERNAL_H_ - -#include -#include - -#ifdef T1oI2C_UM1225_SE050 -/* MW version 02.13.00 onwards */ -# error Do not define T1oI2C_UM1225_SE050, define T1oI2C_UM11225 instead. -#endif - -/********************* Definitions and structures *****************************/ - -typedef enum -{ - ESE_STATUS_CLOSE = 0x00, - ESE_STATUS_BUSY, - ESE_STATUS_RECOVERY, - ESE_STATUS_IDLE, - ESE_STATUS_OPEN, -} phNxpEse_LibStatus; - -/* I2C Control structure */ -typedef struct phNxpEse_Context -{ - phNxpEse_LibStatus EseLibStatus; /* Indicate if Ese Lib is open or closed */ - void *pDevHandle; - - uint8_t p_read_buff[MAX_DATA_LEN]; - uint16_t cmd_len; - uint8_t p_cmd_data[MAX_DATA_LEN]; - phNxpEse_initParams initParams; -} phNxpEse_Context_t; - - -ESESTATUS phNxpEse_WriteFrame(void* conn_ctx, uint32_t data_len, const uint8_t *p_data); -ESESTATUS phNxpEse_read(void* conn_ctx, uint32_t *data_len, uint8_t **pp_data); -void phNxpEse_clearReadBuffer(void* conn_ctx); - -#endif /* _PHNXPESE_INTERNAL_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h deleted file mode 100644 index b87c5d400..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * - * Copyright 2016 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _APDUCOMM_H_ -#define _APDUCOMM_H_ - -#include "sm_types.h" -/// @cond -#define APDU_OFFSET_CLA (0) -#define APDU_OFFSET_INS (1) -#define APDU_OFFSET_P1 (2) -#define APDU_OFFSET_P2 (3) -/// @endcond -#define APDU_OFFSET_LC (4) //!< Zero index based offset into the APDU of the LC field. - -/** - * Contains APDU exchanged between Host and Secure Modulde. - */ -typedef struct -{ - U8 cla; - U8 ins; - U8 p1; - U8 p2; - U8* pBuf; - U16 buflen; - U16 rxlen; - U8 extendedLength; - U8 hasData; - U16 lc; - U8 lcLength; - U8 hasLe; - U16 le; - U8 leLength; - U16 offset; - -#ifdef TGT_A71CL - U8 txHasChkSum; - U16 txChkSum; - U16 txChkSumLength; - U8 rxHasChkSum; - U16 rxChkSum; - U16 rxChkSumLength; -#endif - -} apdu_t; - -/** - * Contains APDU TxRx case as described in ISO/IEC FDIS 7816-3 spec. - */ -typedef enum -{ - APDU_TXRX_CASE_1 = 0x00, - APDU_TXRX_CASE_2 = 0x01, - APDU_TXRX_CASE_2E = 0x02, - APDU_TXRX_CASE_3 = 0x03, - APDU_TXRX_CASE_3E = 0x04, - APDU_TXRX_CASE_4 = 0x05, - APDU_TXRX_CASE_4E = 0x06, - APDU_TXRX_CASE_INVALID = 0xFF, -} apduTxRx_case_t; -#endif //_APDUCOMM_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h deleted file mode 100644 index 797d5b1a0..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * - * Copyright 2016-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * Interface of installable communication layer to exchange APDU's between Host and Secure Module. - */ - -#ifndef _SCCOM_H_ -#define _SCCOM_H_ - -#include "sm_types.h" -#include "apduComm.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define SMCOM_OK 0x9000 //!< Communication successful -#define SMCOM_SND_FAILED 0x7010 //!< Communication failed while sending data -#define SMCOM_RCV_FAILED 0x7011 //!< Communication failed while receiving data -#define SMCOM_COM_FAILED 0x7012 //!< Cannot open communication link with ax device -#define SMCOM_PROTOCOL_FAILED 0x7013 //!< APDU exchange protocol failed to be established successfully -#define SMCOM_NO_ATR 0x7014 //!< No ATR can be retrieved -#define SMCOM_NO_PRIOR_INIT 0x7015 //!< The callbacks doing the actual transfer have not been installed -#define SMCOM_COM_ALREADY_OPEN 0x7016 //!< Communication link is already open with device -#define SMCOM_COM_INIT_FAILED 0x7017 //!< Communication init failed - - -/* ------------------------------------------------------------------------- */ -typedef U32 (*ApduTransceiveFunction_t) (void* conn_ctx, apdu_t * pAdpu); -typedef U32 (*ApduTransceiveRawFunction_t) (void* conn_ctx, U8 * pTx, U16 txLen, U8 * pRx, U32 * pRxLen); - -U16 smCom_Init(ApduTransceiveFunction_t pTransceive, ApduTransceiveRawFunction_t pTransceiveRaw); -void smCom_DeInit(void); -U32 smCom_Transceive(void *conn_ctx, apdu_t *pApdu); -U32 smCom_TransceiveRaw(void *conn_ctx, U8 *pTx, U16 txLen, U8 *pRx, U32 *pRxLen); - -#if defined(SMCOM_JRCP_V2) -void smCom_Echo(void *conn_ctx, const char *comp, const char *level, const char *buffer); -#endif - -#ifdef __cplusplus -} -#endif -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h deleted file mode 100644 index 6def7131b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * This file provides the API of the SmCom T1oI2C communication layer. - * - *****************************************************************************/ - -#ifndef _SMCOMT1OI2C_H_ -#define _SMCOMT1OI2C_H_ - -#include "smCom.h" - -/** - * \ingroup spi_libese - * \brief Ese Channel mode - * - */ -typedef enum -{ - ESE_MODE_NORMAL = 0, /*!< All wired transaction other OSU */ - ESE_MODE_OSU /*!< Jcop Os update mode */ -} phNxpEse_initMode; - -#if defined(__cplusplus) -extern "C" { -#endif - -/** - * closes the T=1 o I2C communication layer. - * @param conn_ctx connection context - * @param mode Ese Communication mode either - * ESE_MODE_NORMAL: All wired transaction other OSU or - * ESE_MODE_OSU :Jcop Os update mode - * @return - */ -U16 smComT1oI2C_Close(void *conn_ctx, U8 mode); - -/** - * @param conn_ctx connection context - * Reset the T=1 o protocol instance. - * @return - */ -U16 smComT1oI2C_ComReset(void *conn_ctx); - -/** - * Initializes or resumes the T=1 o I2C communication layer. - * @param conn_ctx IN: connection context - * @param mode Ese Communication mode either ESE_MODE_NORMAL: All wired transaction other OSU or ESE_MODE_OSU :Jcop Os update mode - * @param T1oI2Catr IN: Pointer to buffer to contain SCI2C_ATR value - * @param T1oI2CatrLen IN: Size of buffer provided; OUT: Actual length of atr retrieved - * @return - */ -U16 smComT1oI2C_Open(void *conn_ctx, U8 mode, U8 seqCnt, U8 *T1oI2Catr, U16 *T1oI2CatrLen); - -/** -* Open I2C device. -* @param conn_ctx IN: pointer connection context -* @param pConnParam IN: I2C address -* @return -*/ -U16 smComT1oI2C_Init(void **conn_ctx, const char *pConnString); - -#if defined(__cplusplus) -} -#endif -#endif /* _SMCOMT1OI2C_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h deleted file mode 100644 index dc1b72086..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h +++ /dev/null @@ -1,160 +0,0 @@ -/* - * - * Copyright 2017-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * - * I2C API used by SCI2C & T=1 over I2C protocol implementation. - * - * - SCIIC / SCI2C is the protocol used by A71CH / A71CL family of secure elements. - * - * - T=1 over I2C is the protocol used by SE050 family of secure elements. - * - * - T=1 over I2C with GP is the protocol used by other secure elements. - * - * These APIs are to be implemented when porting the Middleware stack to a new - * host platform. - * - * @note Few APIs are only required for the SCI2C protocol and few are only - * needed for T=1 over I2C Protocol. They are marked by the defines - * ``SCI2C`` , ``T1oI2C`` and ``T1oI2C_GP1_0`` - * - * # Convention of the APIs. - * - * - * APIs for which a buffer is input. e.g.:: - * - * i2c_error_t axI2CWrite(unsigned char bus, unsigned char addr, - * unsigned char * pTx, unsigned short txLen); - * - * - * In the above case :samp:`pTx` is a buffer input. It is assumed that - * the lengh as set in :samp:`txLen` is same as that pointed to by - * :samp:`pTx`. This parameter is used as is and any mistake by the - * calling/implemented API will have unpredictable errors. - * - * - * APIs for which a buffer is output. e.g.:: - * - * i2c_error_t axI2CWriteRead(unsigned char bus, - * unsigned char addr, - * unsigned char *pTx, - * unsigned short txLen, - * unsigned char *pRx, - * unsigned short *pRxLen); - * - * - * In the above case :samp:`pRx` is a buffer output and :samp:`pRxLen` - * is both input and output. It is assumed that the lengh as set in - * :samp:`pRxLen` is set to the maximum as available to the pointer - * pointed by :samp:`pRx`. This parameter is used as is and any mistake - * by the calling/implemented API will have unpredictable errors. - * - * @par History - * - **/ - -#ifndef _I2C_A7_H -#define _I2C_A7_H - -#include "sm_types.h" - -#define SCI2C_T_CMDG 180 //!< Minimum delay between stop of Wakeup command and start of subsequent command (Value in micro seconds) - -#define I2C_IDLE 0 -#define I2C_STARTED 1 -#define I2C_RESTARTED 2 -#define I2C_REPEATED_START 3 -#define DATA_ACK 4 -#define DATA_NACK 5 -#define I2C_BUSY 6 -#define I2C_NO_DATA 7 -#define I2C_NACK_ON_ADDRESS 8 -#define I2C_NACK_ON_DATA 9 -#define I2C_ARBITRATION_LOST 10 -#define I2C_TIME_OUT 11 -#define I2C_OK 12 -#define I2C_FAILED 13 - -typedef unsigned int i2c_error_t; -#define I2C_BUS_0 (0) - -#if defined(__cplusplus) -extern "C"{ -#endif -/** Initialize the I2C platform HW/Driver*/ - -/* MAX data supported by respective protocol in single read/write*/ -#if defined(SCI2C) -#define MAX_DATA_LEN 270 -#elif defined(T1oI2C) -#define MAX_DATA_LEN 260 -#endif - - -i2c_error_t axI2CInit(void **conn_ctx, const char *pDevName); - -/** Terminate / de-initialize the I2C platform HW/Driver - * - * - * @param[in] connection context. - * @param[in] mode Can be either 0 or 1. - * - * Where applicable, and implemented a value of 0 corresponds - * to a 'light-weight' terminate. - * - * In genral, this is not used for most of the porting - * platforms and use cases. - * - * - */ -void axI2CTerm(void* conn_ctx, int mode); - -#if AX_EMBEDDED -/** Smarter handling of back off logic - * - * When we get a NAK from SE, we back off and keep on increasing the delay for next I2C Read/Write. - * - * When we get an ACK from SE, we reset this back off delay. - */ -void axI2CResetBackoffDelay( void ); -#endif /* FREEDOM */ - -#if defined(SCI2C) /* Means SCI2C SCIIC */ -/** Write a byte. - * - * Needed only for SCI2C */ -i2c_error_t axI2CWriteByte(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pTx); -/** Write and read only after an ACK. - * - * Needed only for SCI2C */ -i2c_error_t axI2CWriteRead(void* conn_ctx, - unsigned char bus, - unsigned char addr, - unsigned char *pTx, - unsigned short txLen, - unsigned char *pRx, - unsigned short *pRxLen); -#endif - -#if defined(SCI2C) /* Means SCI2C SCIIC */ || defined(T1oI2C) -/** Write a frame. - * - * Needed for SCI2C and T=1 over I2C */ -i2c_error_t axI2CWrite(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pTx, unsigned short txLen); -#endif - -#ifdef T1oI2C -/** Read a byte. - * - * Needed only for T=1 over I2C */ -i2c_error_t axI2CRead(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pRx, unsigned short rxLen); -#endif /* T1oI2C */ -#if defined(__cplusplus) -} -#endif - -#endif // _I2C_A7_H diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h deleted file mode 100644 index 1c1da67dd..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * - * Copyright 2018-2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _SE05X_API_H -#define _SE05X_API_H - -/* - * Define Reset logic for reset pin on SE - * Active high for SE050 - */ -#define SE_RESET_LOGIC 1 - -void se05x_ic_reset(void); -void se05x_ic_power_on(void); -void se05x_ic_power_off(void); - -#endif // _SE05X_API_H diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h deleted file mode 100644 index eabfb652a..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * - * Copyright 2016-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _SM_PRINTF_H_ -#define _SM_PRINTF_H_ -#include -#include -#include "sm_types.h" -#ifdef __cplusplus -extern "C" { -#endif - - -#if AX_EMBEDDED \ - && (!defined (__MBED__)) -# include "fsl_debug_console.h" -#else -# define PRINTF printf -# define SCANF scanf -# define PUTCHAR putchar -# define GETCHAR getchar -#endif - -#define CONSOLE (0x01) -#define MEMORY (0x02) -#define LOGFILE (0x04) -#define DBGOUT_ALL (CONSOLE|MEMORY|LOGFILE) - -#define DBGOUT CONSOLE - -void sm_printf(unsigned char dev, const char * format, ...); -void AssertZeroAllocation(void); - -#ifdef __cplusplus -} -#endif -#endif // _SM_PRINTF_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h deleted file mode 100644 index 72c351264..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * - * Copyright 2016 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _SM_TIMER_H_ -#define _SM_TIMER_H_ - -#include -#ifdef __gnu_linux__ -#include -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* Change this value to tick rate used by the controller */ -#define TICK_RATE_HZ 1000 -#define MS_TO_TICKS(msec) (( (msec) * (TICK_RATE_HZ) ) / (1000)) - -/* function used for delay loops */ -uint32_t sm_initSleep(void); -void sm_sleep(uint32_t msec); -void sm_usleep(uint32_t microsec); - -#ifdef __cplusplus -} -#endif -#endif // _SM_TIMER_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h deleted file mode 100644 index 02ce2e318..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h +++ /dev/null @@ -1,1207 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#if SSS_HAVE_SE05X_VER_GTE_06_00 -/* OK */ -#else -#error "Only with SE051 based build" -#endif - -/** Se05x_API_AeadOneShot - * - * Authenticated encryption or decryption with associated data in one shot mode. - * - * The key object must be either an AES key or DES key. - * - * The AEADOneShot command returns the computed GMAC (when P2 equals - * P2_ENCRYPT_ONESHOT) or indicates whether the GMAC is correct (when P2 equals - * P2_DECRYPT_ONESHOT). The length of the GMAC is always 16 bytes when P2 equals - * P2_ENCRYPT_ONESHOT. - * - * When P2 equals P2_DECRYPT_ONESHOT: - * - * * the minimum tag length to pass is 4 bytes. - * - * * when the GMAC tag is not correct, only the result will be returned, no output data will be present. - * - * Note: on applet v4.4.0, the maximum lengths are not yet enforced and might - * differ from the values listed in the C-APDU. - * - * # Command to Applet - * - * @rst - * +---------+---------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+===========================+================================================+ - * | CLA | 0x80 | | - * +---------+---------------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+---------------------------+------------------------------------------------+ - * | P1 | P1_AEAD or P1_AEAD_INT_IV | See :cpp:type:`SE05x_P1_t` | - * +---------+---------------------------+------------------------------------------------+ - * | P2 | P2_ENCRYPT_ONESHOT or | See :cpp:type:`SE05x_P2_t` | - * | | P2_DECRYPT_ONESHOT | | - * +---------+---------------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+---------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 1-byte AEADMode | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data. Maximum | - * | | | length = 256 bytes. [Optional] | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Byte array containing Additional Authenticated | - * | | | Data. Maximum length = 64 bytes. [Optional] | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing an initialization vector | - * | | | (if P1 equals P1_AEAD) or 2-byte value | - * | | | containing the initialization vector length | - * | | | (if P1 equals P1_AEAD_SP800_108). Maximum IV | - * | | | length = 60 bytes. [Optional] | - * | | | [Conditional: required when P1 equals | - * | | | P1_AEAD_INT_IV] | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_6] | Byte array containing the GMAC tag to verify. | - * | | | [Conditional: when P2 equals | - * | | | P2_DECRYPT_ONESHOT] | - * +---------+---------------------------+------------------------------------------------+ - * | Le | 0x00 | Expecting return data. | - * +---------+---------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | Byte array containing output data. | - * +------------+----------------------------------------------+ - * | TLV[TAG_2] | Byte array containing tag (if P2 = | - * | | P2_ENCRYPT_ONESHOT) or byte array containing | - * | | Result (if P2 = P2_DECRYPT_ONESHOT) | - * +------------+----------------------------------------------+ - * | TLV[TAG_3] | Byte array containing the initialization | - * | | vector (if P1 = P1_AEAD_INT_IV and P2 = | - * | | P2_ENCRYPT_ONESHOT). | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] cipherMode The cipher mode - * @param[in] inputData The input data - * @param[in] inputDataLen The input data length - * @param[in] aad The aad - * @param[in] aadLen The aad length - * @param[in] IV The iv - * @param[in] IVLen The iv length - * @param tagData The tag data - * @param tagDataLen The tag data length - * @param outputData The output data - * @param poutputDataLen The poutput data length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadOneShot(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *IV, - size_t IVLen, - uint8_t *tagData, - size_t *tagDataLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_Cipher_Oper_OneShot_t operation); - -/** Se05x_API_AeadInit - * - * Initialize an authentication encryption or decryption with associated data. - * The Crypto Object keeps the state of the AEAD operation until it's finalized - * or deleted. Once the AEADFinal function is executed successfully, the Crypto - * Object state returns to the state immediately after the previous AEADInit - * function. - * - * When P1 equals P1_AEAD_INT_IV and P2 equals P1_ENCRYPT, TLV[TAG_5] must - * includes the length of the initialization vector. In that case, the - * initialization vector is generated internally and passed back in the response - * command. When the device is in FIPS mode (see FIPS Compliance), P1 equal to - * P1_AEAD will result in SW_CONDITIONS_NOT_SATISFIED. - * - * # Command to Applet - * - * @rst - * +---------+---------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+===========================+================================================+ - * | CLA | 0x80 | | - * +---------+---------------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+---------------------------+------------------------------------------------+ - * | P1 | P1_AEAD or P1_AEAD_INT_IV | See :cpp:type:`SE05x_P1_t` | - * +---------+---------------------------+------------------------------------------------+ - * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | - * +---------+---------------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+---------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing the initialization | - * | | | vector (if P1 equals P1_AEAD or P1 equals | - * | | | P1_AEAD and P2 equals P2_DECRYPT) or 2-byte | - * | | | value containing the initialization vector | - * | | | length (if P1 equals P1_AEAD_INT_IV and P2 | - * | | | equals P2_ENCRYPT) [Optional] | - * | | | [Conditional: required when P1 equals | - * | | | P1_AEAD_INT_IV and P2 equals P2_ENCRYPT] | - * +---------+---------------------------+------------------------------------------------+ - * | Le | - | | - * +---------+---------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------------------+ - * | Value | Description | - * +============+===============================================+ - * | TLV[TAG_3] | Byte array containing the used initialization | - * | | vector. It remains valid until deselect, | - * | | AEADInit, AEADFinal or AEADOneShot is called. | - * | | [Conditional: Only when P1 equals | - * | | P1_AEAD_INT_IV and P2 equals P2_ENCRYPT] | - * +------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] cryptoObjectID The crypto object id - * @param[in] pIV { parameter_description } - * @param[in] IVLen The iv length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pIV, - size_t IVLen, - const SE05x_Cipher_Oper_t operation); - -/** Se05x_API_AeadCCMInit - * - * Initialize an authentication encryption or decryption with associated data. - * The Crypto Object keeps the state of the AEAD operation until it's finalized - * or deleted. Once the AEADFinal function is executed successfully, the Crypto - * Object state returns to the state immediately after the previous AEADInit - * function.AEAD in CCM mode. - * - * # Command to Applet - * - * @rst - * +---------+--------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+==========================+================================================+ - * | CLA | 0x80 | | - * +---------+--------------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------------------+------------------------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------------------+------------------------------------------------+ - * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing the initialization | - * | | | vector [12 bytes until 60 bytes] or a 2-byte | - * | | | value containing the initialization vector | - * | | | length, depending on the AEADMode of the | - * | | | Crypto Object. | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_6] | Byte array containing 2-byte AAD length. | - * | | | [Conditional: needed if AEADMode equals | - * | | | AES_CCM] | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_7] | Byte array containing 2-byte message length. | - * | | | [Conditional: needed if AEADMode equals | - * | | | AES_CCM] | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_8] | Byte array containing 2-byte tag size. | - * | | | [Conditional: needed if AEADMode equals | - * | | | AES_CCM]. | - * +---------+--------------------------+------------------------------------------------+ - * | Le | - | | - * +---------+--------------------------+------------------------------------------------+ - * @endrst - * - * - * # R-APDU Body - * NA - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] cryptoObjectID The crypto object id - * @param[in] pIV { parameter_description } - * @param[in] IVLen The iv length - * @param[in] aadLen The aad length - * @param[in] payloadLen The payloadLen length - * @param[in] tagLen The tag length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadCCMInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *pIV, - size_t IVLen, - size_t aadLen, - size_t payloadLen, - size_t tagLen, - const SE05x_Cipher_Oper_t operation); - -/** - * @brief Se05x_API_AeadCCMLastUpdate - * - * # Command to Applet - * - * @rst - * +------------+---------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+===============+================================================+ - * | CLA | 0x80 | | - * +------------+---------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+---------------+------------------------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+---------------+------------------------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +------------+---------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +------------+---------------+------------------------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+---------------+------------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data | - * | | | [Conditional: only when | - * | | | TLV[TAG_4] is not present] | - * | | | [Optional] | - * +------------+---------------+------------------------------------------------+ - * | Le | 0x00 | Expecting returned data. | - * +------------+---------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * NA - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param[in] pInputData The input data - * @param[in] inputDataLen The input data length - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadCCMLastUpdate( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pInputData, size_t inputDataLen); - -/** Se05x_API_AeadCCMFinal - * - * Finish a sequence of AES_CCM AEAD operations. - * - * # Command to Applet - * - * @rst - * +------------+----------------------------------+---------------------------------+ - * | Field | Value | Description | - * +============+==================================+=================================+ - * | CLA | 0x80 | | - * +------------+----------------------------------+---------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+----------------------------------+---------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+----------------------------------+---------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +------------+----------------------------------+---------------------------------+ - * | Lc | #(Payload) | | - * +------------+----------------------------------+---------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+----------------------------------+---------------------------------+ - * | TLV[TAG_6] | Byte array containing tag to | | - * | | verify [Conditional] When the | | - * | | mode is decrypt and verify (i.e. | | - * | | AEADInit has been called with | | - * | | P2 = P2_DECRYPT). | | - * +------------+----------------------------------+---------------------------------+ - * | Le | 0x00 | Expected returned data. | - * +------------+----------------------------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | Output data | - * | | | - * +------------+------------------------------------------------+ - * | TLV[TAG_2] | Byte array containing tag (if P2 = P2_ENCRYPT) | - * | | or byte array containing Result (if P2 = | - * | | P2_DECRYPT) | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param[out] pOutputData The output data - * @param[out] pOutputLen The output length - * @param tag The tag - * @param tagLen The tag length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadCCMFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pOutputData, - size_t *pOutputLen, - uint8_t *pTag, - size_t *pTagLen, - const SE05x_Cipher_Oper_t operation); - -/** Se05x_API_AeadUpdate_aad - * - * Update a Crypto Object of type CC_AEAD. - * - * The user either needs to send input data or Additional Authenticated Data - * (AAD), but not both at once. - * - * # Command to Applet - * - * @rst - * +------------+----------------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+==================================+================================================+ - * | CLA | 0x80 | | - * +------------+----------------------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+----------------------------------+------------------------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+----------------------------------+------------------------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +------------+----------------------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +------------+----------------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+----------------------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Byte array containing Additional Authenticated | - * | | | Data. [Conditional: only when TLV[TAG_3] is | - * | | | not present] [Optional] | - * +------------+----------------------------------+------------------------------------------------+ - * | Le | 0x00 | Expecting returned data. | - * +------------+----------------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param[in] pAadData The aad data - * @param[in] aadDataLen The aad data length - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadUpdate_aad( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pAadData, size_t aadDataLen); - -/** - * @brief Se05x_API_AeadUpdate - * - * # Command to Applet - * - * @rst - * +------------+---------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+===============+================================================+ - * | CLA | 0x80 | | - * +------------+---------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+---------------+------------------------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+---------------+------------------------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +------------+---------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +------------+---------------+------------------------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+---------------+------------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data | - * | | | [Conditional: only when | - * | | | TLV[TAG_4] is not present] | - * | | | [Optional] | - * +------------+---------------+------------------------------------------------+ - * | Le | 0x00 | Expecting returned data. | - * +------------+---------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+---------------------------------------+ - * | Value | Description | - * +============+=======================================+ - * | TLV[TAG_1] | Output data [Conditional: only when | - * | | TLV[TAG_3] is passed as input] | - * +------------+---------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param[in] pInputData The input data - * @param[in] inputDataLen The input data length - * @param pOutputData The output data - * @param pOutputLen The output length - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadUpdate(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *pInputData, - size_t inputDataLen, - uint8_t *pOutputData, - size_t *pOutputLen); - -/** Se05x_API_AeadFinal - * - * Finish a sequence of AEAD operations. The AEADFinal command provides the - * computed GMAC or indicates whether the GMAC is correct depending on the P2 - * parameters passed during AEADInit. The length of the GMAC is always 16 bytes - * when P2 equals P2_ENCRYPT. When P2 equals P2_DECRYPT, the minimum tag length - * to pass is 4 bytes. - * - * # Command to Applet - * - * @rst - * +------------+----------------------------------+---------------------------------+ - * | Field | Value | Description | - * +============+==================================+=================================+ - * | CLA | 0x80 | | - * +------------+----------------------------------+---------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+----------------------------------+---------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+----------------------------------+---------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +------------+----------------------------------+---------------------------------+ - * | Lc | #(Payload) | | - * +------------+----------------------------------+---------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+----------------------------------+---------------------------------+ - * | TLV[TAG_6] | Byte array containing tag to | | - * | | verify [Conditional] When the | | - * | | mode is decrypt and verify (i.e. | | - * | | AEADInit has been called with | | - * | | P2 = P2_DECRYPT). | | - * +------------+----------------------------------+---------------------------------+ - * | Le | 0x00 | Expected returned data. | - * +------------+----------------------------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_2] | Byte array containing tag (if P2 = P2_ENCRYPT) | - * | | or byte array containing Result (if P2 = | - * | | P2_DECRYPT) | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param tag The tag - * @param tagLen The tag length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *tag, - size_t *tagLen, - const SE05x_Cipher_Oper_t operation); - -/** Se05x_API_DisableObjCreation - * - * - * # Command to Applet - * - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] lockIndicator [1:kSE05x_TAG_1] - * @param[in] restrictMode [2:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_DisableObjCreation( - pSe05xSession_t session_ctx, SE05x_LockIndicator_t lockIndicator, SE05x_RestrictMode_t restrictMode); - -/** Se05x_API_ReadObjectAttributes - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[out] data [0:kSE05x_TAG_2] - * @param[in,out] pdataLen Length for data - */ -smStatus_t Se05x_API_ReadObjectAttributes( - pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *data, size_t *pdataLen); - -/** Se05x_API_TriggerSelfTest - * - * Trigger a system health check for the system. When calling this command, a self-test is - * triggered in the operating system. When the test fails, the device might not respond with - * a R-APDU as the chip is reset. - * If HealthCheckMode is set to HCM_FIPS, the test will only work if the device is running in - * FIPS approved mode of operation. - * - * # Command to Applet - * - * - * @rst - * +------------+---------------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+=================================+================================================+ - * | CLA | 0x80 | | - * +------------+---------------------------------+------------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t`. In addition to | - * | | | INS_CRYPTO, users can set the INS_ATTEST | - * | | | flag. In that case, attestation applies. | - * +------------+---------------------------------+------------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +------------+---------------------------------+------------------------------------------------+ - * | P2 | P2_SANITY | See :cpp:type:`SE05x_P2_t` | - * +------------+---------------------------------+------------------------------------------------+ - * | Lc | #(Payload) | Payload length | - * +------------+---------------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte value from HealthCheckMode | - * +------------+---------------------------------+------------------------------------------------+ - * | Le | 0x00 | 2-byte response + attested data (if INS_ATTEST | - * | | | is set). | - * +------------+---------------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | TLV containing 1-byte Result. | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] HealthCheckMode The health check mode - * @param result The result of Self Test - * - * @return The sm status. - */ - -smStatus_t Se05x_API_TriggerSelfTest( - pSe05xSession_t session_ctx, SE05x_HealthCheckMode_t healthCheckMode, uint8_t *result); - -/** Se05x_API_TriggerSelfTest_W_Attst - * - * Trigger a system health check for the system. When calling this command, a self-test is - * triggered in the operating system. When the test fails, the device might not respond with - * a R-APDU as the chip is reset. - * If HealthCheckMode is set to HCM_FIPS, the test will only work if the device is running in - * FIPS approved mode of operation. - * - * # Command to Applet - * - * - * @rst - * +------------+---------------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+=================================+================================================+ - * | CLA | 0x80 | | - * +------------+---------------------------------+------------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t`. In addition to | - * | | | INS_CRYPTO, users can set the INS_ATTEST | - * | | | flag. In that case, attestation applies. | - * +------------+---------------------------------+------------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +------------+---------------------------------+------------------------------------------------+ - * | P2 | P2_SANITY | See :cpp:type:`SE05x_P2_t` | - * +------------+---------------------------------+------------------------------------------------+ - * | Lc | #(Payload) | Payload length | - * +------------+---------------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte value from HealthCheckMode | - * +------------+---------------------------------+------------------------------------------------+ - * | TLV[TAG_5] | 4-byte attestation object | | - * | | identifier. [Optional] | | - * | | [Conditional: only when | | - * | | INS_ATTEST is set] | | - * +------------+---------------------------------+------------------------------------------------+ - * | TLV[TAG_6] | 1-byte AttestationAlgo | | - * | | [Optional] [Conditional: only | | - * | | when INS_ATTEST is set] | | - * +------------+---------------------------------+------------------------------------------------+ - * | TLV[TAG_7] | 16-byte freshness random | | - * | | [Optional] [Conditional: only | | - * | | when INS_ATTEST is set] | | - * +------------+---------------------------------+------------------------------------------------+ - * | Le | 0x00 | 2-byte response + attested data (if INS_ATTEST | - * | | | is set). | - * +------------+---------------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | TLV containing 1-byte Result. | - * +------------+------------------------------------------------+ - * | TLV[TAG_3] | TLV containing 12-byte timestamp | - * | | [Conditional: only when C-APDU contains | - * | | INS_ATTEST] | - * +------------+------------------------------------------------+ - * | TLV[TAG_4] | TLV containing 16-byte freshness (random) | - * | | [Conditional: only when C-APDU contains | - * | | INS_ATTEST] | - * +------------+------------------------------------------------+ - * | TLV[TAG_5] | TLV containing 18-byte chip unique ID | - * | | [Conditional: only when C-APDU contains | - * | | INS_ATTEST] | - * +------------+------------------------------------------------+ - * | TLV[TAG_6] | TLV containing signature over the concatenated | - * | | values of TLV[TAG_1], TLV[TAG_3], TLV[TAG_4] | - * | | and TLV[TAG_5]. [Conditional: only when | - * | | C-APDU contains INS_ATTEST] | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] HealthCheckMode The health check mode - * @param[in] attestID The attest id - * @param[in] attestAlgo The attest algorithm - * @param[in] random The random - * @param[in] randomLen The random length - * @param result The result of Self Test - * @param ptimeStamp The ptime stamp - * @param outrandom The outrandom - * @param poutrandomLen The poutrandom length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * - * @return The sm status. - */ -smStatus_t Se05x_API_TriggerSelfTest_W_Attst(pSe05xSession_t session_ctx, - SE05x_HealthCheckMode_t healthCheckMode, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *result, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ECDHGenerateSharedSecret_InObject - * - * See @ref Se05x_API_ECDHGenerateSharedSecret - * - */ -smStatus_t Se05x_API_ECDHGenerateSharedSecret_InObject(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *pubKey, - size_t pubKeyLen, - uint32_t sharedSecretID, - uint8_t invertEndianness); - -/* -* @param[in] session_ctx Session Context[0:kSE05x_pSession] -* @param[in] keyPairId keyPairId[1:kSE05x_TAG_1] -* @param[in] pskId pskId[2:kSE05x_TAG_2] -* @param[in] hmacKeyId hmacKeyId[3:kSE05x_TAG_3] -* @param[in] inputData inputData[4:kSE05x_TAG_4] -* @param[in] inputDataLen Length of inputData -* @param[in] clientVersion client version[6:kSE05x_TAG_6] -* @param[in] clientVersionLen Length of client version -*/ - -smStatus_t Se05x_API_TLSCalculateRsaPreMasterSecret(pSe05xSession_t session_ctx, - uint32_t keyPairId, - uint32_t pskId, - uint32_t hmacKeyId, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *clientVersion, - size_t clientVersionLen); - -/** Se05x_API_WriteRSAKey_Ver -* -* See @ref Se05x_API_WriteRSAKey. Also allows to set key version (4 bytes). -* -*/ -smStatus_t Se05x_API_WriteRSAKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format, - uint32_t version); - -/** Se05x_API_UpdateRSAKey_Ver -* -* See @ref Se05x_API_WriteRSAKey. Also allows to set key version (4 bytes). -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdateRSAKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format, - uint32_t version); - -#define Se05x_API_WriteECKey_with_version Se05x_API_WriteECKey_Ver -/** Se05x_API_WriteECKey_Ver -* -* See @ref Se05x_API_WriteECKey. Also allows to set key version (4 bytes). -* -*/ -smStatus_t Se05x_API_WriteECKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - uint32_t version); - -/** Se05x_API_UpdateECKey_Ver -* -* See @ref Se05x_API_WriteECKey. Also allows to set key version (4 bytes). -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdateECKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - uint32_t version); - -/** Se05x_API_WriteSymmKey_Ver -* -* See @ref Se05x_API_WriteSymmKey. Also allows to set key version (4 bytes). -* -*/ -smStatus_t Se05x_API_WriteSymmKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type, - uint32_t version); - -/** Se05x_API_UpdateSymmKey_Ver -* -* See @ref Se05x_API_WriteSymmKey. Also allows to set key version (4 bytes). -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdateSymmKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type, - uint32_t version); - -/** Se05x_API_WriteBinary_Ver -* -* See @ref Se05x_API_WriteBinary. Also allows to set key version (4 bytes). -* -*/ -smStatus_t Se05x_API_WriteBinary_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t version); - -/** Se05x_API_UpdateBinary_Ver -* -* See @ref Se05x_API_WriteBinary. Also allows to set key version (4 bytes). -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -* -*/ -smStatus_t Se05x_API_UpdateBinary_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t version); - -/** Se05x_API_ReadState -* -* -* # Command to Applet -* -* -* # R-APDU Body -* -* NA -* -* # R-APDU Trailer -* -* -* -* -* @param[in] session_ctx Session Context [0:kSE05x_pSession] -* @param[out] pstateValues [1:kSE05x_TAG_1] -*/ -smStatus_t Se05x_API_ReadState(pSe05xSession_t session_ctx, uint8_t *pstateValues, size_t *pstateValuesLen); - -/** Se05x_API_GetExtVersion -* -* Gets the applet extended version information. -* -* This will return 37-byte VersionInfo (including major, minor and patch version -* of the applet, supported applet features and secure box version). -* -* # Command to Applet -* -* @rst -* +-------+------------------------------+----------------------------------------------+ -* | Field | Value | Description | -* +=======+==============================+==============================================+ -* | CLA | 0x80 | | -* +-------+------------------------------+----------------------------------------------+ -* | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | -* +-------+------------------------------+----------------------------------------------+ -* | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | -* +-------+------------------------------+----------------------------------------------+ -* | P2 | P2_VERSION or P2_VERSION_EXT | See :cpp:type:`SE05x_P2_t` | -* +-------+------------------------------+----------------------------------------------+ -* | Lc | #(Payload) | | -* +-------+------------------------------+----------------------------------------------+ -* | Le | 0x00 | Expecting TLV with 7-byte data (when P2 = | -* | | | P2_VERSION) or a TLV with 37 byte data (when | -* | | | P2= P2_VERSION_EXT). | -* +-------+------------------------------+----------------------------------------------+ -* @endrst -* -* -* # R-APDU Body -* -* @rst -* +------------+------------------------------------------------+ -* | Value | Description | -* +============+================================================+ -* | TLV[TAG_1] | 7-byte :cpp:type:`VersionInfoRef` (if P2 = | -* | | P2_VERSION) or 7-byte VersionInfo followed by | -* | | 30 bytes extendedFeatureBits (if P2 = | -* | | P2_VERSION_EXT) | -* +------------+------------------------------------------------+ -* @endrst -* -* # R-APDU Trailer -* -* @rst -* +-------------+--------------------------------+ -* | SW | Description | -* +=============+================================+ -* | SW_NO_ERROR | Data is returned successfully. | -* +-------------+--------------------------------+ -* @endrst -* -* @param[in] session_ctx The session context -* @param pappletVersion The papplet version -* @param appletVersionLen The applet version length -* -* @return The sm status. -*/ -smStatus_t Se05x_API_GetExtVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen); - -/**Se05x_API_SendCardManagerCmd -* -* Sends a command to the Card Manager. -* -* This APDU will send command to Card Manager -* -* # Command to Card Manager -* -* @rst -* +---------+---------------+--------------------------------------+ -* | Field | Value | Description | -* +=========+===============+======================================+ -* | CLA | 0x80 | | -* +---------+---------------+--------------------------------------+ -* | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | -* +---------+---------------+--------------------------------------+ -* | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | -* +---------+---------------+--------------------------------------+ -* | P2 | P2_CM_COMMAND | See :cpp:type:`SE05x_P2_t` | -* +---------+---------------+--------------------------------------+ -* | Lc | #(Payload) | Payload length | -* +---------+---------------+--------------------------------------+ -* | Payload | TLV[TAG_1] | APDU to be sent to the Card Manager. | -* +---------+---------------+--------------------------------------+ -* | Le | 0x00 | Expected response length | -* +---------+---------------+--------------------------------------+ -* @endrst -* -* # R-APDU Body -* -* @rst -* +------------+----------------------------------------+ -* | Value | Description | -* +============+========================================+ -* | TLV[TAG_1] | Byte array containing the Card Manager | -* | | response. | -* +------------+----------------------------------------+ -* @endrst -* -* # R-APDU Trailer -* -* @rst -* +-------------+--------------------------------------+ -* | SW | Description | -* +=============+======================================+ -* | SW_NO_ERROR | The command is handled successfully. | -* +-------------+--------------------------------------+ -* @endrst -* -* @param[in] session_ctx The session context -* @param[in] pCmdData The command input data -* @param[in] cmdDataLen The command input data length -* @param[out] pOutputData The response data -* @param[out] pOutputDataLen The response data length -* -* @return The sm status. -*/ -smStatus_t Se05x_API_SendCardManagerCmd( - pSe05xSession_t session_ctx, uint8_t *pCmdData, size_t cmdDataLen, uint8_t *pOutputData, size_t *pOutputDataLen); - -/** Se05x_API_UpdatePCR -* -* See @ref Se05x_API_WritePCR. -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdatePCR( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t pcrID, const uint8_t *inputData, size_t inputDataLen); - -/** Se05x_API_UpdateCounter -* -* See @ref Se05x_API_SetCounterValue. -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdateCounter( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size, uint64_t value); diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h deleted file mode 100644 index ac531d92b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h +++ /dev/null @@ -1,1535 +0,0 @@ -/* - * Copyright 2020 NXP - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include -#include -#include - -#if defined(NONSECURE_WORLD) -#include "veneer_printf_table.h" -#endif - -#if SSS_HAVE_SE05X_VER_GTE_06_00 -/* OK */ -#else -#error "Only with SE051 based build" -#endif - -#ifndef NEWLINE -#define NEWLINE must be already defined -#endif - -smStatus_t Se05x_API_AeadOneShot(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - const uint8_t *pInputData, - size_t inputDataLen, - const uint8_t *pAad, - size_t aadLen, - uint8_t *pIV, - size_t IVLen, - uint8_t *pTagData, - size_t *pTagDataLen, - uint8_t *pOutputData, - size_t *pOutputDataLen, - const SE05x_Cipher_Oper_OneShot_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - SE05x_Result_t result; - uint16_t ivlen16 = (uint16_t)IVLen; - size_t ivlen32 = IVLen; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadOneShot []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CipherMode("cipherMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cipherMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("AdditionalData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pAad, aadLen); - if (0 != tlvRet) { - goto cleanup; - } - - if ((cipherMode == kSE05x_CipherMode_AES_GCM) || - ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_OneShot_Decrypt))) { - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - } - else { - tlvRet = TLVSET_U16("IVLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, ivlen16); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_OneShot_Decrypt) { - tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTagData, *pTagDataLen); - if (0 != tlvRet) { - goto cleanup; - } - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - if (inputDataLen != 0) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_OneShot_Encrypt) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTagData, pTagDataLen); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_OneShot_Decrypt) { - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); - if (0 != tlvRet) { - goto cleanup; - } - if (result != kSE05x_Result_SUCCESS) { - goto cleanup; - } - } - if ((operation == kSE05x_Cipher_Oper_OneShot_Encrypt) && (cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV)) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, pIV, &ivlen32); - if (0 != tlvRet) { - goto cleanup; - } - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pIV, - size_t IVLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - uint16_t ivlen16 = (uint16_t)IVLen; - size_t ivlen32 = IVLen; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - if ((cipherMode == kSE05x_CipherMode_AES_GCM) || - ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_Decrypt))) { - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - } - else { - tlvRet = TLVSET_U16("IVLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, ivlen16); - if (0 != tlvRet) { - goto cleanup; - } - } - if ((cipherMode == kSE05x_CipherMode_AES_GCM) || - ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_Decrypt))) { - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - } - else { - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pIV, &ivlen32); - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadCCMInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *pIV, - size_t IVLen, - size_t aadLen, - size_t payloadLen, - size_t tagLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint16_t aadLen16 = (uint16_t)aadLen; - uint16_t payloadLen16 = (uint16_t)payloadLen; - uint16_t tagLen16 = (uint16_t)tagLen; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadCCMInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("aadLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, aadLen16); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("payloadLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, payloadLen16); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("tagLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, tagLen16); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadUpdate_aad( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pAadData, size_t aadDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate_aad []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("aad", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pAadData, aadDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadUpdate(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *pInputData, - size_t inputDataLen, - uint8_t *pOutputData, - size_t *pOutputLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputLen); - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadCCMLastUpdate( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pInputData, size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadCCMFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pOutputData, - size_t *pOutputLen, - uint8_t *pTag, - size_t *pTagLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - size_t tagLen = *pTagLen; - SE05x_Result_t result; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - if (operation == kSE05x_Cipher_Oper_Decrypt) { - tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTag, tagLen); - if (0 != tlvRet) { - goto cleanup; - } - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputLen); - if (0 != tlvRet) { - goto cleanup; - } - if (operation == kSE05x_Cipher_Oper_Encrypt) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTag, pTagLen); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_Decrypt) { - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); - if (0 != tlvRet) { - goto cleanup; - } - - if (result != kSE05x_Result_SUCCESS) { - goto cleanup; - } - } - - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pTag, - size_t *pTagLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - size_t tagLen = *pTagLen; - SE05x_Result_t result; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - if (operation == kSE05x_Cipher_Oper_Decrypt) { - tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTag, tagLen); - if (0 != tlvRet) { - goto cleanup; - } - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - if (operation == kSE05x_Cipher_Oper_Encrypt) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTag, pTagLen); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_Decrypt) { - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); - if (0 != tlvRet) { - goto cleanup; - } - if (result != kSE05x_Result_SUCCESS) { - goto cleanup; - } - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DisableObjCreation( - pSe05xSession_t session_ctx, SE05x_LockIndicator_t lockIndicator, SE05x_RestrictMode_t restrictMode) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_RESTRICT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DisableObjCreation []"); -#endif /* VERBOSE_APDU_LOGS */ - - tlvRet = TLVSET_U8("lockIndicator", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, lockIndicator); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("restrictMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, restrictMode); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TriggerSelfTest( - pSe05xSession_t session_ctx, SE05x_HealthCheckMode_t healthCheckMode, uint8_t *result) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SANITY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TriggerSelfTest []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U16("health check mode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, healthCheckMode); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, result); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TriggerSelfTest_W_Attst(pSe05xSession_t session_ctx, - SE05x_HealthCheckMode_t healthCheckMode, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *result, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT | kSE05x_INS_ATTEST, kSE05x_P1_DEFAULT, kSE05x_P2_SANITY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TriggerSelfTest []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U16("health check mode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, healthCheckMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, result); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadObjectAttributes( - pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *data, size_t *pdataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_ATTRIBUTES}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadObjectAttributes []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadObjectAttributes_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_ATTRIBUTES}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadObjectAttributes_W_Attst []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDHGenerateSharedSecret_InObject(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *pubKey, - size_t pubKeyLen, - uint32_t sharedSecretID, - uint8_t invertEndianness) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = { - {kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_EC, invertEndianness == 0x01 ? kSE05x_P2_DH_REVERSE : kSE05x_P2_DH}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDHGenerateSharedSecret []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("sharedSecretID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, sharedSecretID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - if (2 == rspbufLen) { - retStatus = (rspbuf[0] << 8) | (rspbuf[1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TLSCalculateRsaPreMasterSecret(pSe05xSession_t session_ctx, - uint32_t keyPairId, - uint32_t pskId, - uint32_t hmacKeyId, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *clientVersion, - size_t clientVersionLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_TLS_PMS}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TLSCalculateRsaPreMasterSecret []"); -#endif /* VERBOSE_APDU_LOGS */ - if (pskId != 0) { - tlvRet = TLVSET_U32("pskId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pskId); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_U32("keyPairId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, keyPairId); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("hmacKeyId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, hmacKeyId); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("clientVersion", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, clientVersion, clientVersionLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteRSAKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteRSAKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("To be Checked(last 3 not pdf)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteECKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteECKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteSymmKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteSymmKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteBinary_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteBinary_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadState(pSe05xSession_t session_ctx, uint8_t *pstateValues, size_t *pstateValuesLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_READ_STATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadState []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pstateValues, pstateValuesLen); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetExtVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VERSION_EXT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetVersion []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pappletVersion, appletVersionLen); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SendCardManagerCmd( - pSe05xSession_t session_ctx, uint8_t *pCmdData, size_t cmdDataLen, uint8_t *pOutputData, size_t *pOutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_CM_COMMAND}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SendCardManagerCmd []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("cmdData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pCmdData, cmdDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateRSAKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateRSAKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - /* Tag policy Check is not applicable for Generate key */ - if (((p != NULL) && (pLen != 0)) || ((pubExp != NULL) && (pubExpLen != 0)) || ((priv != NULL) && (privLen != 0))) { - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateECKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateECKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - - /* Tag policy Check is not applicable for Generate key */ - if (((privKey != NULL) && (privKeyLen != 0)) || ((pubKey != NULL) && (pubKeyLen != 0))) { - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - } - - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateBinary_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateBinary_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateSymmKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateSymmKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdatePCR( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t pcrID, const uint8_t *inputData, size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_PCR, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(pcrID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdatePCR []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pcrID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateCounter( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size, uint64_t value) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_CreateCounter []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy check", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - - if ((size > 0) && (size <= 8)) { - if (value != 0) { - tlvRet = TLVSET_U64_SIZE("value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, value, size); - if (0 != tlvRet) { - goto cleanup; - } - } - } - else { - LOG_E("Wrong size provided"); - goto cleanup; - } - - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h deleted file mode 100644 index b01f54216..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file */ - -#ifndef SE050X_APDU_H -#define SE050X_APDU_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "se05x_tlv.h" -#include "se05x_const.h" -#include "se05x_APDU_apis.h" - -/** Se05x_API_DeleteAll_Iterative - * - * Go through each object and delete it individually. - * - * This API does not use the Applet API @ref Se05x_API_DeleteAll. It - * does not delete ALL objects and purposefully skips few objects. - * - * Instead, this API uses @ref Se05x_API_ReadIDList and @ref - * Se05x_API_ReadCryptoObjectList to first fetch list of objects to host, and - * **selectitvely** deletes. - * - * For e.g. It does not kill objects from: - * - The range SE05X_OBJID_SE05X_APPLET_RES_START to - * SE05X_OBJID_SE05X_APPLET_RES_END. This range is used by applet. - * - The range EX_SSS_OBJID_DEMO_AUTH_START to EX_SSS_OBJID_DEMO_AUTH_END, - * which is used by middleware DEMOS for authentication. - * - And others. - * - * Kindly see the Implementation of is API Se05x_API_DeleteAll_Iterative to see - * the list of ranges that are skipped. - * - * @param[in] session_ctx Session Context - * - * @return The status of API. - */ -smStatus_t Se05x_API_DeleteAll_Iterative(pSe05xSession_t session_ctx); - -/** - * @brief Get the Curve ID for existing Key. - * - * This API is functionally same as @ref Se05x_API_GetECCurveId - * but uses @ref SE05x_ECCurve_t as a type instead of uint8_t. - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param pcurveId The pcurve identifier - * - * - * @return The sm status. - */ -smStatus_t Se05x_API_EC_CurveGetId(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_ECCurve_t *pcurveId); - -/** Wrapper for @ref Se05x_API_ECDHGenerateSharedSecret */ - -#define Se05x_API_ECGenSharedSecret Se05x_API_ECDHGenerateSharedSecret - -/** Wrapper for @ref Se05x_API_DigestOneShot */ -#define Se05x_API_SHAOneShot Se05x_API_DigestOneShot - -// For SIMW-656 -bool Se05x_IsInValidRangeOfUID(uint32_t uid); - -#ifdef __cplusplus -} -#endif - -#endif /* SE050X_APDU_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h deleted file mode 100644 index ca095d260..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h +++ /dev/null @@ -1,5812 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file */ - -#ifndef SE050X_APDU_APIS_H_INC -#define SE050X_APDU_APIS_H_INC - -#include "se05x_enums.h" -#include "se05x_tlv.h" - -/* Enable compilation of deprecated API Se05x_API_WritePCR - * Deprecated from Q1 2021. - * Support will be removed by Q1 2022 - */ -#define ENABLE_DEPRECATED_API_WritePCR 1 - -/** Se05x_API_CreateSession - * - * Creates a session on SE05X . - * - * Depending on the authentication object being referenced, a specific method of - * authentication applies. The response needs to adhere to this authentication - * method. - * - * - * # Command to Applet - * - * @rst - * +---------+-------------------+------------------------------+ - * | Field | Value | Description | - * +=========+===================+==============================+ - * | CLA | 0x80 | | - * +---------+-------------------+------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+-------------------+------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+-------------------+------------------------------+ - * | P2 | P2_SESSION_CREATE | See :cpp:type:`SE05x_P2_t` | - * +---------+-------------------+------------------------------+ - * | Lc | #(Payload) | Payload length. | - * +---------+-------------------+------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte authentication object | - * | | | identifier. | - * +---------+-------------------+------------------------------+ - * | Le | 0x0A | Expecting TLV with 8-byte | - * | | | session ID. | - * +---------+-------------------+------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------+ - * | Value | Description | - * +============+============================+ - * | TLV[TAG_1] | 8-byte session identifier. | - * +------------+----------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * SW_NO_ERROR: - * * The command is handled successfully. - * - * SW_CONDITIONS_NOT_SATISFIED: - * * The authenticator does not exist - * * The provided input data are incorrect. - * * The session is invalid. - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] authObjectID auth [1:kSE05x_TAG_1] - * @param[out] sessionId [0:kSE05x_TAG_1] - * @param[in,out] psessionIdLen Length for sessionId - * - * - */ -smStatus_t Se05x_API_CreateSession( - pSe05xSession_t session_ctx, uint32_t authObjectID, uint8_t *sessionId, size_t *psessionIdLen); - -/** Se05x_API_ExchangeSessionData - * - * Sets session policies for the current session. - * - * - * # Command to Applet - * - * @rst - * +---------+-------------------+-----------------------------+ - * | Field | Value | Description | - * +=========+===================+=============================+ - * | CLA | 0x80 or 0x84 | - | - * +---------+-------------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+-------------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+-------------------+-----------------------------+ - * | P2 | P2_SESSION_POLICY | See P2 | - * +---------+-------------------+-----------------------------+ - * | Lc | #(Payload) | Payload length. | - * +---------+-------------------+-----------------------------+ - * | Payload | TLV[TAG_1] | Session policies | - * +---------+-------------------+-----------------------------+ - * | | C-MAC | If applicable | - * +---------+-------------------+-----------------------------+ - * | Le | 0x00 | - | - * +---------+-------------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +-------+----------------------------+ - * | Value | Description | - * +=======+============================+ - * | R-MAC | Optional, depending on | - * | | established security level | - * +-------+----------------------------+ - * @endrst - * - * - * @rst - * +-----------------------------+------------------------+ - * | SW | Description | - * +=============================+========================+ - * | SW_NO_ERROR | The command is handled | - * | | successfully. | - * +-----------------------------+------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | Invalid policies | - * +-----------------------------+------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy Check pdf [1:kSE05x_TAG_1] - * - */ -smStatus_t Se05x_API_ExchangeSessionData(pSe05xSession_t session_ctx, pSe05xPolicy_t policy); - -/** Se05x_API_RefreshSession - * - * Refreshes a session on , the policy of the running session can be updated; the - * rest of the session state remains. - * - * # Command to Applet - * - * @rst - * +-------+--------------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+====================+===============================================+ - * | CLA | 0x80 | - | - * +-------+--------------------+-----------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+--------------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------------+-----------------------------------------------+ - * | P2 | P2_SESSION_REFRESH | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------------+-----------------------------------------------+ - * | Lc | #(Payload) | Payload length. | - * +-------+--------------------+-----------------------------------------------+ - * | | TLV[TAG_POLICY] | Byte array containing the policy to attach to | - * | | | the session. [Optional] | - * +-------+--------------------+-----------------------------------------------+ - * | Le | - | | - * +-------+--------------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy policy [1:kSE05x_TAG_POLICY] - */ -smStatus_t Se05x_API_RefreshSession(pSe05xSession_t session_ctx, pSe05xPolicy_t policy); - -/** Se05x_API_CloseSession - * - * Closes a running session. - * - * When a session is closed, it cannot be reopened. - * - * All session parameters are transient. - * - * # Command to Applet - * - * @rst - * +-------+------------------+-----------------------------+ - * | Field | Value | Description | - * +=======+==================+=============================+ - * | CLA | 0x80 | | - * +-------+------------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------+-----------------------------+ - * | P2 | P2_SESSION_CLOSE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+-------------------------------------+ - * | SW | Description | - * +=============+=====================================+ - * | SW_NO_ERROR | The session is closed successfully. | - * +-------------+-------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - */ -smStatus_t Se05x_API_CloseSession(pSe05xSession_t session_ctx); - -/** Se05x_API_VerifySessionUserID - * - * Verifies the session user identifier (UserID) in order to allow setting up a - * session. If the UserID is correct, the session establishment is successful; - * otherwise the session cannot be opened (SW_CONDITIONS_NOT_SATISFIED is - * returned). - * - * # Command to Applet - * - * @rst - * +-------+-------------------+-----------------------------+ - * | Field | Value | Description | - * +=======+===================+=============================+ - * | CLA | 0x80 | | - * +-------+-------------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+-------------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+-------------------+-----------------------------+ - * | P2 | P2_SESSION_USERID | See :cpp:type:`SE05x_P2_t` | - * +-------+-------------------+-----------------------------+ - * | Lc | #(Payload) | Payload length. | - * +-------+-------------------+-----------------------------+ - * | | TLV[TAG_1] | UserID value | - * +-------+-------------------+-----------------------------+ - * | Le | - | | - * +-------+-------------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] userId userId [1:kSE05x_TAG_1] - * @param[in] userIdLen Length of userId - */ -smStatus_t Se05x_API_VerifySessionUserID(pSe05xSession_t session_ctx, const uint8_t *userId, size_t userIdLen); - -/** Se05x_API_SetLockState - * - * Sets the applet transport lock (locked or unlocked). There is a Persistent - * lock and a Transient Lock. If the Persistent lock is UNLOCKED, the device is - * unlocked (regardless of the Transient lock). If the Persistent lock is LOCKED, - * the device is only unlocked when the Transient lock is UNLOCKED and the device - * will be locked again after deselect of the applet. - * - * Note that regardless of the lock state, the credential RESERVED_ID_TRANSPORT - * allows access to all features. For example, it is possible to write/update - * objects within the session opened by RESERVED_ID_TRANSPORT, even if the applet - * is locked. - * - * The default TRANSIENT_LOCK state is LOCKED; there is no default - * PERSISTENT_LOCK state (depends on product configuration). - * - * This command can only be used in a session that used the credential with - * identifier RESERVED_ID_TRANSPORT as authentication object. - * - * @rst - * +-----------------+----------------+-----------------------------------------------+ - * | PERSISTENT_LOCK | TRANSIENT_LOCK | Behavior | - * +=================+================+===============================================+ - * | UNLOCKED | UNLOCKED | Unlocked until PERSISTENT_LOCK set to LOCKED. | - * +-----------------+----------------+-----------------------------------------------+ - * | UNLOCKED | LOCKED | Unlocked until PERSISTENT_LOCK set to LOCKED. | - * +-----------------+----------------+-----------------------------------------------+ - * | LOCKED | UNLOCKED | Unlocked until deselect or TRANSIENT_LOCK set | - * | | | to LOCKED. | - * +-----------------+----------------+-----------------------------------------------+ - * | LOCKED | LOCKED | Locked until PERSISTENT_LOCK set to UNLOCKED. | - * +-----------------+----------------+-----------------------------------------------+ - * @endrst - * - * - * # Command to Applet - * - * @rst - * +---------+--------------+-------------------------------------+ - * | Field | Value | Description | - * +=========+==============+=====================================+ - * | CLA | 0x80 | | - * +---------+--------------+-------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+--------------+-------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------+-------------------------------------+ - * | P2 | P2_TRANSPORT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------+-------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------+-------------------------------------+ - * | Payload | TLV[TAG_1] | 1-byte :cpp:type:`LockIndicatorRef` | - * +---------+--------------+-------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`LockStateRef` | - * +---------+--------------+-------------------------------------+ - * | Le | | | - * +---------+--------------+-------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] lockIndicator lock indicator [1:kSE05x_TAG_1] - * @param[in] lockState lock state [2:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_SetLockState(pSe05xSession_t session_ctx, uint8_t lockIndicator, uint8_t lockState); - -/** Se05x_API_SetPlatformSCPRequest - * - * Sets the required state for platform SCP (required or not required). This is a - * persistent state. - * - * If platform SCP is set to SCP_REQUIRED, any applet APDU command will be - * refused by the applet when platform SCP is not enabled. Enabled means full - * encryption and MAC, both on C-APDU and R-APDU. Any other level is not - * sufficient and will not be accepted. SCP02 will not be accepted (as there is - * no response MAC and encryption). - * - * If platform SCP is set to "not required," any applet APDU command will be - * accepted by the applet. - * - * This command can only be used in a session that used the credential with - * identifier RESERVED_ID_PLATFORM_SCP as authentication object. - * - * Note that the default state is SCP_NOT_REQUIRED. - * - * - * # Command to Applet - * - * @rst - * +---------+------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+============+===============================================+ - * | CLA | 0x80 | | - * +---------+------------+-----------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-----------------------------------------------+ - * | P2 | P2_SCP | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+------------+-----------------------------------------------+ - * | Payload | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_PlatformSCPRequest_t` | - * +---------+------------+-----------------------------------------------+ - * | Le | | | - * +---------+------------+-----------------------------------------------+ - * @endrst - * - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] platformSCPRequest platf scp req [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_SetPlatformSCPRequest(pSe05xSession_t session_ctx, SE05x_PlatformSCPRequest_t platformSCPRequest); - -/** Se05x_API_SetAppletFeatures - * - * Sets the applet features that are supported. To successfully execute this - * command, the session must be authenticated using the RESERVED_ID_FEATURE. - * - * The 2-byte input value is a pre-defined AppletConfig value. - * - * # Command to Applet - * - * @rst - * +---------+------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+============+===============================================+ - * | CLA | 0x80 | | - * +---------+------------+-----------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-----------------------------------------------+ - * | P2 | P2_VARIANT | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-----------------------------------------------+ - * | Lc | #(Payload) | Payload length | - * +---------+------------+-----------------------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte Variant from | - * | | | :cpp:type:`SE05x_AppletConfig_t` | - * +---------+------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] variant variant [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_SetAppletFeatures(pSe05xSession_t session_ctx, pSe05xAppletFeatures_t appletVariant); - -/** Se05x_API_WriteECKey - * - * Write or update an EC key object. - * - * P1KeyPart indicates the key type to be created (if the object does not yet - * exist). - * - * If P1KeyPart = P1_KEY_PAIR, Private Key Value (TLV[TAG_3]) and Public Key - * Value (TLV[TAG_4) must both be present, or both be absent. If absent, the key - * pair is generated in the SE05X . - * - * If the object already exists, P1KeyPart is ignored. - * - * @rst - * +---------+------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+========================+================================================+ - * | P1 | :cpp:type:`SE05x_P1_t` | See :cpp:type:`SE05x_P1_t` , P1KeyType | - * | | | P1_EC | should only be set for new objects. | - * +---------+------------------------+------------------------------------------------+ - * | P2 | P2_DEFAULT | See P2 | - * +---------+------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional - only when the object | - * | | | identifier is not in use yet] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | - * | | | given, this means unlimited. [Optional: | - * | | | default unlimited] [Conditional: only when | - * | | | the object identifier is not in use yet and | - * | | | INS includes INS_AUTH_OBJECT; see | - * | | | AuthenticationObjectPolicies ] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 1-byte curve identifier, see ECCurve | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet; ] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_3] | Private key value (see :cpp:type:`ECKeyRef` | - * | | | ) [Conditional: only when the private key is | - * | | | externally generated and P1KeyType is either | - * | | | P1_KEY_PAIR or P1_PRIVATE] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Public key value (see :cpp:type:`ECKeyRef` ) | - * | | | [Conditional: only when the public key is | - * | | | externally generated and P1KeyType is either | - * | | | P1_KEY_PAIR or P1_PUBLIC] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+------------------------+------------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] policy The policy - * @param[in] maxAttempt The maximum attempt - * @param[in] objectID The object id - * @param[in] curveID The curve id - * @param[in] privKey The priv key - * @param[in] privKeyLen The priv key length - * @param[in] pubKey The pub key - * @param[in] pubKeyLen The pub key length - * @param[in] ins_type The insert type - * @param[in] key_part The key part - * - * @return The sm status. - */ -smStatus_t Se05x_API_WriteECKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part); - -/** Se05x_API_WriteRSAKey - * - * Creates or writes an RSA key or a key component. - * - * Supported key sizes are listed in RSABitLength. Other values are not - * supported. - * - * An RSA key creation requires multiple ADPUs to be sent: - * - * * The first APDU must contain: - * - * * Policy (optional, so only if non-default applies) - * - * * Object identifier - * - * * Key size - * - * * 1 of the key components. - * - * * Each next APDU must contain 1 of the key components. - * - * The policy applies only once all key components are set. - * - * Once an RSAKey object has been created, its format remains fixed and cannot - * be updated (so CRT or raw mode, no switch possible). - * - * If the object already exists, P1KeyType is ignored. - * - * For key pairs, if no component is present (TAG_3 until TAG_9), the key pair - * will be generated on chip; otherwise the key pair will be constructed - * starting with the given component. - * - * For private keys or public keys, there should always be exactly one of the - * tags TAG_3 until TAG_10. - * - * * TLV[TAG_8] and TLV[TAG_10] must only contain a value if the key pair is - * to be set to a known value and P1KeyType is either P1_KEY_PAIR or - * P1_PUBLIC; otherwise the value must be absent and the length must be - * equal to 0. - * - * * TLV[TAG_9] must only contain a value it the key is to be set in raw mode - * to a known value and P1KeyType is either P1_KEY_PAIR or P1_PRIVATE; - * otherwise the value must be absent and the length must be equal to 0. - * - * * If TLV[TAG_3] up to TLV[TAG_10] are absent (except TLV[TAG_8]), the RSA - * key will be generated on chip in case the object does not yet exist; - * otherwise it will be regenerated. This only applies to RSA key pairs. - * - * * Keys can be set by setting the different components of a key; only 1 - * component can be set at a time in this case. - * - * - * @rst - * +---------+-------------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+===============================+================================================+ - * | P1 | :cpp:type:`SE05x_KeyPart_t` | | See :cpp:type:`SE05x_P1_t` | - * | | P1_RSA | | - * +---------+-------------------------------+------------------------------------------------+ - * | P2 | P2_DEFAULT or P2_RAW | See :cpp:type:`SE05x_P2_t`; P2_RAW only in | - * | | | case P1KeyPart = P1_KEY_PAIR and TLV[TAG_3] | - * | | | until TLV[TAG_10] is empty and the must | - * | | | generate a raw RSA key pair; all other cases: | - * | | | P2_DEFAULT. | - * +---------+-------------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 2-byte key size in bits | - * | | | (:cpp:type:`SE05x_RSABitLength_t`) | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_3] | P component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Q component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_5] | DP component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_6] | DQ component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_7] | INV_Q component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_8] | Public exponent | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_9] | Private Key (non-CRT mode only) | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_10] | Public Key (Modulus) | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+-------------------------------+------------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] policy The policy - * @param[in] objectID The object id - * @param[in] size The size - * @param[in] p The part p - * @param[in] pLen The p length - * @param[in] q The quarter - * @param[in] qLen The quarter length - * @param[in] dp The part dp - * @param[in] dpLen The dp length - * @param[in] dq The part dq - * @param[in] dqLen The dq length - * @param[in] qInv The quarter inv - * @param[in] qInvLen The quarter inv length - * @param[in] pubExp The pub exponent - * @param[in] pubExpLen The pub exponent length - * @param[in] priv The priv - * @param[in] privLen The priv length - * @param[in] pubMod The pub modifier - * @param[in] pubModLen The pub modifier length - * @param[in] transient_type The transient type - * @param[in] key_part The key part - * @param[in] rsa_format The rsa format - * - * @return The sm status. - */ - -smStatus_t Se05x_API_WriteRSAKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t transient_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format); - -/** Se05x_API_WriteSymmKey - * - * Creates or writes an AES key, DES key or HMAC key, indicated by P1: - * - * * P1_AES - * - * * P1_DES - * - * * P1_HMAC - * - * Users can pass RFC3394 wrapped keys by indicating the KEK in TLV[TAG_2]. Note - * that RFC3394 required 8-byte aligned input, so this can only be used when the - * key has an 8-byte aligned length. - * - * # Command to Applet - * - * @rst - * +---------+-----------------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+=======================+===============================================+ - * | P1 | See above | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------------+-----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------------+-----------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | - * | | | given, this means unlimited. [Optional: | - * | | | default unlimited] [Conditional: only when | - * | | | the object identifier is not in use yet and | - * | | | INS includes INS_AUTH_OBJECT; see | - * | | | AuthenticationObjectPolicies] | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 4-byte KEK identifier [Conditional: only | - * | | | when the key value is RFC3394 wrapped] | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_3] | Key value, either plain or RFC3394 wrapped. | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_4] | Tag length for GCM/GMAC. Will only be used if | - * | | | the object is an AESKey. [Optional] | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+-----------------------+-----------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] policy The policy - * @param[in] maxAttempt The maximum attempt - * @param[in] objectID The object id - * @param[in] kekID The kek id - * @param[in] keyValue The key value - * @param[in] keyValueLen The key value length - * @param[in] ins_type The insert type - * @param[in] type The type - * - * @return The sm status. - */ -smStatus_t Se05x_API_WriteSymmKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type); - -/** Se05x_API_WriteBinary - * - * Creates or writes to a binary file object. Data are written to either the - * start of the file or (if specified) to the offset passed to the function. - * - * # Command to Applet - * - * @rst - * +---------+-----------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+=================+===============================================+ - * | P1 | P1_BINARY | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------+-----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------+-----------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 2-byte file offset [Optional: default = 0] | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_3] | 2-byte file length (up to 0x7FFF). | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_4] | Data to be written [Optional: if not given, | - * | | | TAG_3 must be filled] | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+-----------------+-----------------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy policy [1:kSE05x_TAG_POLICY] - * @param[in] objectID object id [2:kSE05x_TAG_1] - * @param[in] offset offset [3:kSE05x_TAG_2] - * @param[in] length length [4:kSE05x_TAG_3] - * @param[in] inputData input data [5:kSE05x_TAG_4] - * @param[in] inputDataLen Length of inputData - */ - -smStatus_t Se05x_API_WriteBinary(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen); - -/** Se05x_API_WriteUserID - * - * Creates a UserID object, setting the user identifier value. The policy defines - * the maximum number of attempts that can be performed as comparison. - * - * # Command to Applet - * - * @rst - * +-------+-----------------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+=======================+===============================================+ - * | P1 | P1_USERID | See :cpp:type:`SE05x_P1_t` | - * +-------+-----------------------+-----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +-------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +-------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | - * | | | given, this means unlimited. For pins, the | - * | | | maximum number of attempts must be smaller | - * | | | than 256. [Optional: default = 0] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet and INS includes | - * | | | INS_AUTH_OBJECT; see :cpp:type:`-`] | - * +-------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier. | - * +-------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_2] | Byte array containing 4 to 16 bytes user | - * | | | identifier value. | - * +-------+-----------------------+-----------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] policy The policy - * @param[in] maxAttempt The maximum attempt - * @param[in] objectID The object id - * @param[in] userId The user identifier - * @param[in] userIdLen The user identifier length - * @param[in] attestation_type The attestation type - * - * @return The sm status. - */ -smStatus_t Se05x_API_WriteUserID(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - const uint8_t *userId, - size_t userIdLen, - const SE05x_AttestationType_t attestation_type); - -/** Se05x_API_CreateCounter - * - * Creates a new counter object. - * - * Counters can only be incremented, not decremented. - * - * When a counter reaches its maximum value (e.g., 0xFFFFFFFF for a 4-byte - * counter), they cannot be incremented again. - * - * An input value (TAG_3) must always have the same length as the existing - * counter (if it exists); otherwise the command will return an error. - * - * # Command to Applet - * - * @rst - * +---------+-----------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+=================+================================================+ - * | P1 | P1_COUNTER | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------+------------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------+------------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte counter identifier. | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_2] | 2-byte counter size (1 up to 8 bytes). | - * | | | [Conditional: only if object doesn't exist yet | - * | | | and TAG_3 is not given] | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_3] | Counter value [Optional: - if object doesn't | - * | | | exist: must be present if TAG_2 is not given. | - * | | | - if object exists: if not present, increment | - * | | | by 1. if present, set counter to value.] | - * +---------+-----------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * NA - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy policy [1:kSE05x_TAG_POLICY] - * @param[in] objectID object id [2:kSE05x_TAG_1] - * @param[in] size size [3:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_CreateCounter( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size); - -/** Se05x_API_SetCounterValue - * - * See @ref Se05x_API_CreateCounter - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] size size [3:kSE05x_TAG_2] - * @param[in] value value [4:kSE05x_TAG_3] - */ -smStatus_t Se05x_API_SetCounterValue(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t size, uint64_t value); - -/** Se05x_API_IncCounter - * - * See @ref Se05x_API_CreateCounter - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_IncCounter(pSe05xSession_t session_ctx, uint32_t objectID); - -/** Se05x_API_WritePCR - * - * Creates or writes to a PCR object. - * - * A PCR is a hash to which data can be appended; i.e., writing data to a PCR - * will update the value of the PCR to be the hash of all previously inserted - * data concatenated with the new input data. - * - * A PCR will always use DigestMode = DIGEST_SHA256; no other configuration - * possible. - * - * If TAG_2 and TAG_3 is not passed, the PCR is reset to its initial value (i.e., - * the value set when the PCR was created). - * - * This reset is controlled under the POLICY_OBJ_ALLOW_DELETE policy, so users - * that can delete the PCR can also reset the PCR to initial value. - * - * # Command to Applet - * - * @rst - * +---------+-----------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+=================+================================================+ - * | P1 | P1_PCR | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------+------------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------+------------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte PCR identifier. | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_2] | Initial hash value [Conditional: only when | - * | | | the object identifier is not in use yet] | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_3] | Data to be extended to the existing PCR. | - * | | | [Conditional: only when the object identifier | - * | | | is already in use] [Optional: not present if | - * | | | a Reset is requested] | - * +---------+-----------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy policy [1:kSE05x_TAG_POLICY] - * @param[in] pcrID object id [2:kSE05x_TAG_1] - * @param[in] initialValue initialValue [3:kSE05x_TAG_2] - * @param[in] initialValueLen Length of initialValue - * @param[in] inputData inputData [4:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - */ -#if ENABLE_DEPRECATED_API_WritePCR -smStatus_t Se05x_API_WritePCR(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t pcrID, - const uint8_t *initialValue, - size_t initialValueLen, - const uint8_t *inputData, - size_t inputDataLen); -#endif // ENABLE_DEPRECATED_API_WritePCR -smStatus_t Se05x_API_WritePCR_WithType(pSe05xSession_t session_ctx, - const SE05x_INS_t ins_type, - pSe05xPolicy_t policy, - uint32_t pcrID, - const uint8_t *initialValue, - size_t initialValueLen, - const uint8_t *inputData, - size_t inputDataLen); - -/** Se05x_API_ImportObject - * - * Writes a serialized Secure Object to the SE05X (i.e., "import") - * - * # Command to Applet - * - * @rst - * +---------+------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+============+===============================================+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-----------------------------------------------+ - * | P2 | P2_IMPORT | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-----------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier. | - * +---------+------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t` | - * | | | [Conditional: only when the identifier refers | - * | | | to an RSAKey object] | - * +---------+------------+-----------------------------------------------+ - * | | TLV[TAG_3] | Serialized object (encrypted). | - * +---------+------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] rsaKeyComp rsaKeyComp [2:kSE05x_TAG_2] - * @param[in] serializedObject serializedObject [3:kSE05x_TAG_3] - * @param[in] serializedObjectLen Length of serializedObject - */ -smStatus_t Se05x_API_ImportObject(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAKeyComponent_t rsaKeyComp, - const uint8_t *serializedObject, - size_t serializedObjectLen); - -/** Se05x_API_ImportExternalObject - * - * Combined with the INS_IMPORT_EXTERNAL mask, enables users to send a - * WriteSecureObject APDU (WriteECKey until WritePCR) protected by a - * secure channel. - * - * Secure Objects can be imported into the SE05X through a secure channel which - * does not require the establishment of a session. This feature is also referred - * to single side import and can only be used to create or update objects. - * - * The mechanism is based on ECKey session to protect the Secure Object content - * and is summarized in the following figure. - * - * External import flow - * - * The flow above can be summarized in the following steps: - * - * 1. The user obtains the SE public key for import via the to get - * the public key from the device's key pair. Key ID 0x02 will - * return the public key of the EC key pair with - * RESERVED_ID_EXTERNAL_IMPORT. The response is signed by the - * same key pair. - * - * 2. The user calls with input: - * * the applet AID (e.g.A0000003965453000000010300000000) - * - * * the SCPparameters - * - * * 1-byte SCP identifier, must equal0xAB - * - * * 2-byte SCP parameter, must equal 0x01 followed by 1-byte - * security level (which follows the GlobalPlatform security - * level definition, see: . - * - * * key type, must be 0x88 (AES keytype) - * - * * key length, must be 0x10 (AES128key) - * - * * host public key (65-byte NIST P-256 publickey) - * - * * host public key curve identifier (must be 0x03 (=NIST_P256)) - * - * * ASN.1 signature over the TLV with tags 0xA6 and0x7F49. - * - * The applet will then calculate the master key by performing SHA256 - * over a byte array containing (in order): - * - * * 4-byte counter value being0x00000001 - * - * * shared secret (ECDH calculation according [IEEE P1363] using - * the private keyfrom RESERVED_ID_ECKEY_SESSION and the public - * key provided as input to ECKeySessionInternalAuthenticate. The - * length depends on the curve used (e.g. 32 byte for NIST P-256 - * curve). - * - * * 16-byte random generated by the SE05X. - * - * * 2-byte SCP parameter, must equal 0x01 followed by 1-byte - * security level (which follows the GlobalPlatform security level - * definition, see: . - * - * * 1-byte keytype - * - * * 1-byte keylength - * - * The master key will then be the 16 MSB's of the hash output. - * - * Using the master key, the 3 session keys are derived by following the - * GlobalPlatform specification to derive session keys, e.g. derivation input: - * - * * ENCsession key = CMAC(MK, 00000000000000000000000400008001) - * - * * CMACsession key = CMAC(MK, 00000000000000000000000600008001) - * - * * RMACsession key = CMAC(MK, 00000000000000000000000700008001) - * - * The Authentication Object ID needs to be passed using TAG_IMPORT_AUTH_KEY_ID, - * followed by the Write APDU command (using tag TAG_1). - * - * The Write APDU command needs to be constructed as follows: - * - * * Encrypt the command encryption counter (starting with - * 0x00000000000000000000000000000001) using the S_ENC key. This - * becomes the IV for the encrypted APDU. - * - * * Get the APDU command payload and pad it (ISO9797 M2 padding). - * - * * Encrypt the payload in AES CBC mode using the S_ENC key. - * - * * Set the Secure Messaging bit in the CLA (0x04). - * - * * Concatenate the MAC chaining value with the full APDU. - * - * * Then calculate the MAC on this byte array and append the 8-byte - * MAC value to the APDU. - * - * * Finally increment the encryption counter for the next command. - * - * A receipt will be generated by doing a CMAC operation on the input from tag - * 0xA6 and 0x7F49 using the RMAC session key, - * - * Receipt = CMAC(RMAC session key, ) - * - * There is no need to establish a session; therefore, the ImportExternalObject - * commands are always sent in the default session. The ImportExternalObject - * commands are replayable. - * - * The P1 and P2 parameters shall be coded as per the intended operation. For - * example, to import an EC Key, the P1 and P2 parameters as defined in - * WriteECKey shall be specified. - * - * # Command to Applet - * - * @rst - * +---------+-----------------------------+---------------------------------------------+ - * | Field | Value | Description | - * +=========+=============================+=============================================+ - * | CLA | 0x80 | | - * +---------+-----------------------------+---------------------------------------------+ - * | INS | INS_IMPORT_EXTERNAL | See :cpp:type:`SE05x_INS_t` | - * +---------+-----------------------------+---------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------------------+---------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+-----------------------------+---------------------------------------------+ - * | Payload | TLV[TAG_IMPORT_AUTH_DATA] | Authentication data | - * +---------+-----------------------------+---------------------------------------------+ - * | | TLV[TAG_IMPORT_AUTH_KEY_ID] | Host public key Identifier | - * +---------+-----------------------------+---------------------------------------------+ - * | | TLV[TAG_1]... | Wraps a complete WriteSecureObject command, | - * | | | protected by ECKey session secure messaging | - * +---------+-----------------------------+---------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+-----------------------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] ECKeydata ECKeydata [1:kSE05x_TAG_2] - * @param[in] ECKeydataLen Length of ECKeydata - * @param[in] serializedObject serializedObject [2:kSE05x_TAG_3] - * @param[in] serializedObjectLen Length of serializedObject - */ -smStatus_t Se05x_API_ImportExternalObject(pSe05xSession_t session_ctx, - const uint8_t *ECKeydata, - size_t ECKeydataLen, - const uint8_t *ECAuthKeyID, - size_t ECAuthKeyIDLen, - const uint8_t *serializedObject, - size_t serializedObjectLen); - -/** Se05x_API_ReadObject - * - * Reads the content of a Secure Object. - * - * * If the object is a key pair, the command will return the key - * pair's public key. - * - * * If the object is a public key, the command will return the public - * key. - * - * * If the object is a private key or a symmetric key or a userID, - * the command will return SW_CONDITIONS_NOT_SATISFIED. - * - * * If the object is a binary file, the file content is read, giving - * the offset in TLV[TAG_2] and the length to read in - * TLV[TAG_3]. Both TLV[TAG_2] and TLV[TAG_3] are bound together; - * i.e.. either both tags are present, or both are absent. If both - * are absent, the whole file content is returned. - * - * * If the object is a monotonic counter, the counter value is - * returned. - * - * * If the object is a PCR, the PCR value is returned. - * - * * If TLV[TAG_4] is filled, only the modulus or public exponent of - * an RSA key pair or RSA public key is read. It does not apply to - * other Secure Object types. - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | - * | | | INS_READ, users can set the INS_ATTEST flag. | - * | | | In that case, attestation applies. | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | Payload Length. | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | 2-byte offset [Optional: default 0] | - * | | | [Conditional: only when the object is a | - * | | | BinaryFile object] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | 2-byte length [Optional: default 0] | - * | | | [Conditional: only when the object is a | - * | | | BinaryFile object] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_4] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t`: | - * | | | either RSA_COMP_MOD or RSA_COMP_PUB_EXP. | - * | | | [Optional] [Conditional: only for RSA key | - * | | | components] | - * +-------+------------+----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | Data read from the secure object. | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | The read is done successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] offset offset [2:kSE05x_TAG_2] - * @param[in] length length [3:kSE05x_TAG_3] - * @param[out] data [0:kSE05x_TAG_1] - * @param[in,out] pdataLen Length for data - */ -smStatus_t Se05x_API_ReadObject( - pSe05xSession_t session_ctx, uint32_t objectID, uint16_t offset, uint16_t length, uint8_t *data, size_t *pdataLen); - -/** Se05x_API_ReadObject_W_Attst - * - * Read with attestation. - * - * See @ref Se05x_API_ReadObject - * - * When INS_ATTEST is set in addition to INS_READ, the secure object is read with - * attestation. In addition to the response in TLV[TAG_1], there are additional - * tags: - * - * TLV[TAG_2] will hold the object attributes (see ObjectAttributes). - * - * TLV[TAG_3] relative timestamp when the object has been retrieved - * - * TLV[TAG_4] will hold freshness random data - * - * TLV[TAG_5] will hold the unique ID of the device. - * - * TLV[TAG_6] will hold the signature over all concatenated Value fields tags of - * the response (TAG_1 until and including TAG_5). - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | - * | | | INS_READ, users can set the INS_ATTEST flag. | - * | | | In that case, attestation applies. | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | Payload Length. | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | 2-byte offset [Optional: default 0] | - * | | | [Conditional: only when the object is a | - * | | | BinaryFile object] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | 2-byte length [Optional: default 0] | - * | | | [Conditional: only when the object is a | - * | | | BinaryFile object] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_4] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t`: | - * | | | either RSA_COMP_MOD or RSA_COMP_PUB_EXP. | - * | | | [Optional] [Conditional: only for RSA key | - * | | | components] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_5] | 4-byte attestation object identifier. | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_6] | 1-byte :cpp:type:`SE05x_AttestationAlgo_t` | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_7] | 16-byte freshness random [Optional] | - * | | | [Conditional: only when INS_ATTEST is set] | - * +-------+------------+----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | Data read from the secure object. | - * +------------+--------------------------------------------+ - * | TLV[TAG_2] | (only when INS_ATTEST is set) Byte array | - * | | containing the attributes (see | - * | | :cpp:type:`ObjectAttributesRef`). | - * +------------+--------------------------------------------+ - * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | - * | | timestamp | - * +------------+--------------------------------------------+ - * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | - * | | freshness random | - * +------------+--------------------------------------------+ - * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | - * | | unique ID | - * +------------+--------------------------------------------+ - * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | - * | | applied over the value of TLV[TAG_1], | - * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | - * | | TLV[TAG_5]. | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | Data read from the secure object. | - * +------------+--------------------------------------------+ - * | TLV[TAG_2] | (only when INS_ATTEST is set) Byte array | - * | | containing the attributes (see | - * | | :cpp:type:`ObjectAttributesRef`). | - * +------------+--------------------------------------------+ - * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | - * | | timestamp | - * +------------+--------------------------------------------+ - * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | - * | | freshness random | - * +------------+--------------------------------------------+ - * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | - * | | unique ID | - * +------------+--------------------------------------------+ - * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | - * | | applied over the value of TLV[TAG_1], | - * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | - * | | TLV[TAG_5]. | - * +------------+--------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] offset The offset - * @param[in] length The length - * @param[in] attestID The attest id - * @param[in] attestAlgo The attest algorithm - * @param[in] random The random - * @param[in] randomLen The random length - * @param data The data - * @param pdataLen The pdata length - * @param attribute The attribute - * @param pattributeLen The pattribute length - * @param ptimeStamp The ptime stamp - * @param outrandom The outrandom - * @param poutrandomLen The poutrandom length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadObject_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - uint8_t *attribute, - size_t *pattributeLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ReadRSA - * - * See @ref Se05x_API_ReadObject - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] offset offset [2:kSE05x_TAG_2] - * @param[in] length length [3:kSE05x_TAG_3] - * @param[in] rsa_key_comp rsa_key_comp [4:kSE05x_TAG_4] - * @param[out] data [0:kSE05x_TAG_1] - * @param[in,out] pdataLen Length for data - */ -smStatus_t Se05x_API_ReadRSA(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - SE05x_RSAPubKeyComp_t rsa_key_comp, - uint8_t *data, - size_t *pdataLen); - -/** Se05x_API_ReadRSA_W_Attst - * - * See @ref Se05x_API_ReadObject_W_Attst - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] offset The offset - * @param[in] length The length - * @param[in] rsa_key_comp The rsa key component - * @param[in] attestID The attest id - * @param[in] attestAlgo The attest algorithm - * @param[in] random The random - * @param[in] randomLen The random length - * @param data The data - * @param pdataLen The pdata length - * @param attribute The attribute - * @param pattributeLen The pattribute length - * @param ptimeStamp The ptime stamp - * @param outrandom The outrandom - * @param poutrandomLen The poutrandom length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadRSA_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - SE05x_RSAPubKeyComp_t rsa_key_comp, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - uint8_t *attribute, - size_t *pattributeLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ReadObjectAttributes_W_Attst - * - * Reads the attributes of a Secure Object (without the value of the Secure - * Object). - * - * Each Secure Object has a number of attributes assigned to it. These attributes - * are listed in for Authentication Objects and in for non-Authentication - * Objects. - * - * # Authentication Object attributes - * - * @rst - * +----------------------------------+--------------+------------------------------------------------+ - * | Attribute | Size (bytes) | Description | - * +==================================+==============+================================================+ - * | Object identifier | 4 | See :cpp:type:`identifiersRef` | - * +----------------------------------+--------------+------------------------------------------------+ - * | Object type | 1 | One of SecureObjectType | - * +----------------------------------+--------------+------------------------------------------------+ - * | Authentication attribute | 1 | One of :cpp:type:`SetIndicatorRef` | - * +----------------------------------+--------------+------------------------------------------------+ - * | Object counter | 2 | Number of failed attempts for an | - * | | | authentication object if the Maximum | - * | | | Authentication Attempts has been set. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Authentication object identifier | 4 | "Owner" of the secure object; i.e., the | - * | | | identifier of the session authentication | - * | | | object when the object has been created. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Maximum authentication attempts | 2 | Maximum number of authentication attempts. 0 | - * | | | means unlimited. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Policy | Variable | Policy attached to the object | - * +----------------------------------+--------------+------------------------------------------------+ - * | Origin | 1 | One of :cpp:type:`OriginRef`; indicates the | - * | | | origin of the Secure Object, either | - * | | | externally set, internally generated or trust | - * | | | provisioned by NXP. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Version | 1 | The Secure Object version. Default = 0. See | - * | | | FIPS compliance for details about versioning | - * | | | of Secure Objects. | - * +----------------------------------+--------------+------------------------------------------------+ - * @endrst - * - * # Non-Authentication Objects - * - * @rst - * +----------------------------------+--------------+------------------------------------------------+ - * | Attribute | Size (bytes) | Description | - * +==================================+==============+================================================+ - * | Object identifier | 4 | See Object identifiers | - * +----------------------------------+--------------+------------------------------------------------+ - * | Object type | 1 | One of SecureObjectType | - * +----------------------------------+--------------+------------------------------------------------+ - * | Authentication attribute | 1 | One of :cpp:type:`SetIndicatorRef` | - * +----------------------------------+--------------+------------------------------------------------+ - * | Tag length | 2 | Set to 0x0000, except for AESKey objects: for | - * | | | AESKey objects, this indicates the GMAC | - * | | | length that applies when doing AEAD | - * | | | operations. If the value is set to 0 and AEAD | - * | | | operations are done, the GMAC length shall be | - * | | | 128 bit. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Authentication object identifier | 4 | "Owner" of the secure object; i.e., the | - * | | | identifier of the session authentication | - * | | | object when the object has been created. | - * +----------------------------------+--------------+------------------------------------------------+ - * | RFU | 2 | Set to 0x0000. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Policy | Variable | Policy attached to the object | - * +----------------------------------+--------------+------------------------------------------------+ - * | Origin | 1 | One of :cpp:type:`OriginRef`; indicates the | - * | | | origin of the Secure Object, either | - * | | | externally set, internally generated or trust | - * | | | provisioned by NXP. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Version | 1 | The Secure Object version. Default = 0. See | - * | | | FIPS compliance for details about versioning | - * | | | of Secure Objects. | - * +----------------------------------+--------------+------------------------------------------------+ - * @endrst - * - * - * # Command to Applet - * - * @rst - * +-------+---------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+===============+===============================================+ - * | CLA | 0x80 | | - * +-------+---------------+-----------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | - * | | | INS_READ, users can set the INS_ATTEST flag. | - * | | | In that case, attestation applies. | - * +-------+---------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------+-----------------------------------------------+ - * | P2 | P2_ATTRIBUTES | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------+-----------------------------------------------+ - * | Lc | #(Payload) | Payload Length. | - * +-------+---------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +-------+---------------+-----------------------------------------------+ - * | | TLV[TAG_5] | 4-byte attestation object identifier. | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+---------------+-----------------------------------------------+ - * | | TLV[TAG_6] | 1-byte AttestationAlgo [Optional] | - * | | | [Conditional: only when INS_ATTEST is set] | - * +-------+---------------+-----------------------------------------------+ - * | | TLV[TAG_7] | 16-byte freshness random [Optional] | - * | | | [Conditional: only when INS_ATTEST is set] | - * +-------+---------------+-----------------------------------------------+ - * | Le | 0x00 | | - * +-------+---------------+-----------------------------------------------+ - * @endrst - * - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_2] | Byte array containing the attributes (see | - * | | Object Attributes). | - * +------------+--------------------------------------------+ - * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | - * | | timestamp | - * +------------+--------------------------------------------+ - * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | - * | | freshness random | - * +------------+--------------------------------------------+ - * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | - * | | unique ID | - * +------------+--------------------------------------------+ - * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | - * | | applied over the value of TLV[TAG_2], | - * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | - * | | TLV[TAG_5]. | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | The read is done successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] attestID The attest id - * @param[in] attestAlgo The attest algorithm - * @param[in] random The random - * @param[in] randomLen The random length - * @param data The data - * @param pdataLen The pdata length - * @param ptimeStamp The ptime stamp - * @param outrandom The outrandom - * @param poutrandomLen The poutrandom length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadObjectAttributes_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ExportObject - * - * Reads a transient Secure Object from SE05X. - * - * Secure Objects can be serialized so the Secure Object can be represented as a - * byte array. The byte array contains all attributes of the Secure Object, as - * well as the value (including the secret part!) of the object. - * - * The purpose of the serialization is to be able to allow export and import of - * Secure Objects. Serialized Secure Objects can be reconstructed so they can be - * used as a (normal) Secure Object. Any operation like key or file management - * and crypto operation can only be done on a deserialized Secure Object. - * - * Users can export transient Secure Objects to a non-trusted environment (e.g., - * host controller). The object must be AESKey, DESKey, RSAKey or ECCKey. - * - * Exported credentials are always encrypted and MAC'ed. - * - * The following steps are taken: - * - * * The secure element holds a randomly generated persistent - * 256-bit AES cipher and an 128-bit AES CMAC key. Both keys do - * not require user interaction, they are internal to the SE05X . - * - * * A Secure Object that is identified for export is - * serialized. This means the key value as well as all Secure - * Object attributes are stored as byte array (see Object - * attributes for attribute details). - * - * * The serialized Secure Object is encrypted using AES CBC (no - * padding) and using the default IV. - * - * * A CMAC is applied to the serialized Secure Object + metadata - * using the AES CMAC key. - * - * * The byte array is exported. - * - * An object may only be imported into the store if the SecureObject ID and type - * are the same as the exported object. Therefore, it is not possible to import - * if the corresponding object in the applet has been deleted. - * - * NOTES: - * - * * The exported object is not deleted automatically. - * - * * The timestamp has a 100msec granularity, so it is possible to - * export multiple times with the same timestamp. The freshness - * (user input) should avoid duplicate attestation results as the - * user has to provide different freshness input. - * - * # Command to Applet - * - * @rst - * +-------+------------+--------------------------------------------+ - * | Field | Value | Description | - * +=======+============+============================================+ - * | CLA | 0x80 | | - * +-------+------------+--------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`. | - * +-------+------------+--------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+--------------------------------------------+ - * | P2 | P2_EXPORT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+--------------------------------------------+ - * | Lc | #(Payload) | Payload Length. | - * +-------+------------+--------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +-------+------------+--------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t` | - * | | | (only applies to Secure Objects of type | - * | | | RSAKey). | - * +-------+------------+--------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | Byte array containing exported Secure Object | - * | | data. | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+----------------------------------------------+ - * | SW | Description | - * +=============+==============================================+ - * | SW_NO_ERROR | The file is created or updated successfully. | - * +-------------+----------------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] rsaKeyComp rsaKeyComp [2:kSE05x_TAG_2] - * @param[out] data [0:kSE05x_TAG_1] - * @param[in,out] pdataLen Length for data - */ -smStatus_t Se05x_API_ExportObject(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAKeyComponent_t rsaKeyComp, - uint8_t *data, - size_t *pdataLen); - -/** Se05x_API_ReadType - * - * Get the type of a Secure Object. - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------+ - * | Field | Value | Description | - * +=======+============+=============================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------+ - * | P2 | P2_TYPE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier. | - * +-------+------------+-----------------------------+ - * | Le | 0x00 | | - * +-------+------------+-----------------------------+ - * @endrst - * - - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------+ - * | Value | Description | - * +============+===================================+ - * | TLV[TAG_1] | Type of the Secure Object: one of | - * | | :cpp:type:`SE05x_SecObjTyp_t` | - * +------------+-----------------------------------+ - * | TLV[TAG_2] | :cpp:type:`TransientIndicatorRef` | - * +------------+-----------------------------------+ - * @endrst - * - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param ptype The ptype - * @param pisTransient The pis transient - * @param[in] attestation_type The attestation type - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadType(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_SecureObjectType_t *ptype, - uint8_t *pisTransient, - const SE05x_AttestationType_t attestation_type); - -/** Se05x_API_ReadSize - * - * ReadSize - * - * Get the size of a Secure Object (in bytes): - * - * * For EC keys: the size of the curve is returned. - * - * * For RSA keys: the key size is returned. - * - * * For AES/DES/HMAC keys, the key size is returned. - * - * * For binary files: the file size is returned - * - * * For userIDs: nothing is returned (SW_CONDITIONS_NOT_SATISFIED). - * - * * For counters: the counter length is returned. - * - * * For PCR: the PCR length is returned. - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------+ - * | Field | Value | Description | - * +=======+============+=============================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------+ - * | P2 | P2_SIZE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier. | - * +-------+------------+-----------------------------+ - * | Le | 0x00 | | - * +-------+------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------+ - * | Value | Description | - * +============+=============================+ - * | TLV[TAG_1] | Byte array containing size. | - * +------------+-----------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param psize The psize - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadSize(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t *psize); - -/** Se05x_API_ReadIDList - * - * Get a list of present Secure Object identifiers. - * - * The offset in TAG_1 is an 0-based offset in the list of object. As the user - * does not know how many objects would be returned, the offset needs to be based - * on the return values from the previous ReadIDList. If the applet only returns - * a part of the result, it will indicate that more identifiers are available (by - * setting TLV[TAG_1] in the response to 0x01). The user can then retrieve the - * next chunk of identifiers by calling ReadIDList with an offset that equals the - * amount of identifiers listed in the previous response. - * - * _Example 1:_ first ReadIDList command TAG_1=0, response TAG_1=0, - * TAG_2=complete list - * - * _Example 2:_ first ReadIDList command TAG_1=0, response TAG_1=1, TAG_2=first - * chunk (m entries) second ReadIDList command TAG_1=m, response TAG_1=1, - * TAG_2=second chunk (n entries) thirst ReadIDList command TAG_1=(m+n), response - * TAG_1=0, TAG_2=third last chunk - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+===============================================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------------------------+ - * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 2-byte offset | - * +-------+------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte type filter: 1 byte from | - * | | | :cpp:type:`SE05x_SecObjTyp_t` or 0xFF for all | - * | | | types. | - * +-------+------------+-----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------------------------------------+ - * | Value | Description | - * +============+===========================================+ - * | TLV[TAG_1] | 1-byte :cpp:type:`MoreIndicatorRef` | - * +------------+-------------------------------------------+ - * | TLV[TAG_2] | Byte array containing 4-byte identifiers. | - * +------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] outputOffset output offset [1:kSE05x_TAG_1] - * @param[in] filter filter [2:kSE05x_TAG_2] - * @param[out] pmore If more ids are present [0:kSE05x_TAG_1] - * @param[out] idlist Byte array containing 4-byte identifiers [1:kSE05x_TAG_2] - * @param[in,out] pidlistLen Length for idlist - */ -smStatus_t Se05x_API_ReadIDList(pSe05xSession_t session_ctx, - uint16_t outputOffset, - uint8_t filter, - uint8_t *pmore, - uint8_t *idlist, - size_t *pidlistLen); - -/** Se05x_API_CheckObjectExists - * - * - * Check if a Secure Object with a certain identifier exists or not. - * - * # Command to Applet - * - * @rst - * +-------+------------+-------------------------------------------+ - * | Field | Value | Description | - * +=======+============+===========================================+ - * | CLA | 0x80 | | - * +-------+------------+-------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-------------------------------------------+ - * | P2 | P2_EXIST | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-------------------------------------------+ - * | | TLV[TAG_1] | 4-byte existing Secure Object identifier. | - * +-------+------------+-------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------+ - * | Value | Description | - * +============+===================================+ - * | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_Result_t` | - * +------------+-----------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_CheckObjectExists(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_Result_t *presult); - -/** Se05x_API_DeleteSecureObject - * - * Deletes a Secure Object. - * - * If the object origin = ORIGIN_PROVISIONED, an error will be returned and the - * object is not deleted. - * - * - * # Command to Applet - * - * @rst - * +-------+------------------+-------------------------------------------+ - * | Field | Value | Description | - * +=======+==================+===========================================+ - * | CLA | 0x80 | | - * +-------+------------------+-------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------+-------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------+-------------------------------------------+ - * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------+-------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------+-------------------------------------------+ - * | | TLV[TAG_1] | 4-byte existing Secure Object identifier. | - * +-------+------------------+-------------------------------------------+ - * | Le | - | | - * +-------+------------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+----------------------------------------------+ - * | SW | Description | - * +=============+==============================================+ - * | SW_NO_ERROR | The file is created or updated successfully. | - * +-------------+----------------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_DeleteSecureObject(pSe05xSession_t session_ctx, uint32_t objectID); - -/** Se05x_API_CreateECCurve - * - * Create an EC curve listed in ECCurve. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+-------------------------------+ - * | Field | Value | Description | - * +=======+============+===============================+ - * | CLA | 0x80 | | - * +-------+------------+-------------------------------+ - * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-------------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-------------------------------+ - * | P2 | P2_CREATE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-------------------------------+ - * | | TLV[TAG_1] | 1-byte curve identifier (from | - * | | | :cpp:type:`SE05x_ECCurve_t`). | - * +-------+------------+-------------------------------+ - * | Le | | | - * +-------+------------+-------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] curveID curve id [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_CreateECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID); - -/** Se05x_API_SetECCurveParam - * - * Set a curve parameter. The curve must have been created first by - * CreateEcCurve. - * - * All parameters must match the expected value for the listed curves. If the - * curve parameters are not correct, the curve cannot be used. - * - * Users have to set all 5 curve parameters for the curve to be usable. Once all - * curve parameters are given, the secure element will check if all parameters - * are correct and return SW_NO_ERROR.. - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_PARAM | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 1-byte curve identifier, from | - * | | | :cpp:type:`SE05x_ECCurve_t` | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_ECCurveParam_t` | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | Bytestring containing curve parameter value. | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] curveID curve id [1:kSE05x_TAG_1] - * @param[in] ecCurveParam ecCurveParam [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - */ -smStatus_t Se05x_API_SetECCurveParam(pSe05xSession_t session_ctx, - SE05x_ECCurve_t curveID, - SE05x_ECCurveParam_t ecCurveParam, - const uint8_t *inputData, - size_t inputDataLen); - -/** Se05x_API_GetECCurveId - * - * Get the curve associated with an EC key. - * - * - * # Command to Applet - * - * @rst - * +---------+------------+-----------------------------+ - * | Field | Value | Description | - * +=========+============+=============================+ - * | CLA | 0x80 | | - * +---------+------------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +---------+------------+-----------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-----------------------------+ - * | P2 | P2_ID | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-----------------------------+ - * | Lc | #(Payload) | | - * +---------+------------+-----------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier | - * +---------+------------+-----------------------------+ - * | Le | 0x00 | | - * +---------+------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------------------------+ - * | Value | Description | - * +============+===============================+ - * | TLV[TAG_1] | 1-byte curve identifier (from | - * | | :cpp:type:`SE05x_ECCurve_t`) | - * +------------+-------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[out] pcurveId [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_GetECCurveId(pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *pcurveId); - -/** Se05x_API_ReadECCurveList - * - * Get a list of (Weierstrass) EC curves that are instantiated. - * - * - * # Command to Applet - * - * @rst - * +-------+----------+-----------------------------+ - * | Field | Value | Description | - * +=======+==========+=============================+ - * | CLA | 0x80 | | - * +-------+----------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+----------+-----------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +-------+----------+-----------------------------+ - * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | - * +-------+----------+-----------------------------+ - * | Le | 0x00 | | - * +-------+----------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | Byte array listing all curve identifiers in | - * | | :cpp:type:`SE05x_ECCurve_t` (excluding UNUSED) | - * | | where the curve identifier < 0x40; for each | - * | | curve, a 1-byte :cpp:type:`SetIndicatorRef` is | - * | | returned. | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[out] curveList [0:kSE05x_TAG_1] - * @param[in,out] pcurveListLen Length for curveList - */ -smStatus_t Se05x_API_ReadECCurveList(pSe05xSession_t session_ctx, uint8_t *curveList, size_t *pcurveListLen); - -/** Se05x_API_DeleteECCurve - * - * Deletes an EC curve. - * - * # Command to Applet - * - * @rst - * +-------+------------------+-------------------------------+ - * | Field | Value | Description | - * +=======+==================+===============================+ - * | CLA | 0x80 | | - * +-------+------------------+-------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------+-------------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------+-------------------------------+ - * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------+-------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------+-------------------------------+ - * | | TLV[TAG_1] | 1-byte curve identifier (from | - * | | | :cpp:type:`SE05x_ECCurve_t`) | - * +-------+------------------+-------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] curveID curve id [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_DeleteECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID); - -/** Se05x_API_CreateCryptoObject - * - * Creates a Crypto Object on the SE05X . Once the Crypto Object is created, it - * is bound to the user who created the Crypto Object. - * - * A CryptoObject is a 2-byte value consisting of a CryptoContext in MSB and one - * of the following in LSB: - * - * * DigestMode in case CryptoContext = CC_DIGEST - * - * * CipherMode in case CryptoContext = CC_CIPHER - * - * * MACAlgo in case CryptoContext = CC_SIGNATURE - * - * * AEADMode in case CryptoContext = CC_AEAD - * - * # Command to Applet - * - * @rst - * +---------+---------------+-------------------------------------------+ - * | Field | Value | Description | - * +=========+===============+===========================================+ - * | CLA | 0x80 | | - * +---------+---------------+-------------------------------------------+ - * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | - * +---------+---------------+-------------------------------------------+ - * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | - * +---------+---------------+-------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+---------------+-------------------------------------------+ - * | Lc | #(Payload) | Payload length | - * +---------+---------------+-------------------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte Crypto Object identifier | - * +---------+---------------+-------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_CryptoObject_t` | - * +---------+---------------+-------------------------------------------+ - * | | TLV[TAG_3] | 1-byte Crypto Object subtype, either from | - * | | | :cpp:type:`DigestModeRef`, CipherMode, | - * | | | MACAlgo (depending on TAG_2) or AEADMode. | - * +---------+---------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+----------------------------------------------+ - * | SW | Description | - * +=============+==============================================+ - * | SW_NO_ERROR | The file is created or updated successfully. | - * +-------------+----------------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_1] - * @param[in] cryptoContext cryptoContext [2:kSE05x_TAG_2] - * - * @param[in] subtype 1-byte Crypto Object subtype, either from - * DigestMode, CipherMode or MACAlgo (depending on - * TAG_2). [3:kSE05x_TAG_3] - */ -smStatus_t Se05x_API_CreateCryptoObject(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - SE05x_CryptoContext_t cryptoContext, - SE05x_CryptoModeSubType_t subtype); - -/** Se05x_API_ReadCryptoObjectList - * - * Get the list of allocated Crypto Objects indicating the identifier, the - * CryptoContext and the sub type of the CryptoContext. - * - * # Command to Applet - * - * @rst - * +-------+---------------+-----------------------------+ - * | Field | Value | Description | - * +=======+===============+=============================+ - * | CLA | 0x80 | | - * +-------+---------------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+---------------+-----------------------------+ - * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------+-----------------------------+ - * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------+-----------------------------+ - * | Le | 0x00 | | - * +-------+---------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------------------+ - * | Value | Description | - * +============+===============================================+ - * | TLV[TAG_1] | Byte array containing a list of 2-byte Crypto | - * | | Object identifiers, followed by 1-byte | - * | | CryptoContext and 1-byte subtype for each | - * | | Crypto Object (so 4 bytes for each Crypto | - * | | Object). | - * +------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[out] idlist If more ids are present [0:kSE05x_TAG_1] - * @param[in,out] pidlistLen Length for idlist - */ -smStatus_t Se05x_API_ReadCryptoObjectList(pSe05xSession_t session_ctx, uint8_t *idlist, size_t *pidlistLen); - -/** Se05x_API_DeleteCryptoObject - * - * Deletes a Crypto Object on the SE05X . - * - * Note: when a Crypto Object is deleted, the memory (as mentioned in ) is de- - * allocated, but the transient memory is only freed when de-selecting the - * applet! - * - * # Command to Applet - * - * @rst - * +---------+------------------+---------------------------------+ - * | Field | Value | Description | - * +=========+==================+=================================+ - * | CLA | 0x80 | | - * +---------+------------------+---------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+------------------+---------------------------------+ - * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | - * +---------+------------------+---------------------------------+ - * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | - * +---------+------------------+---------------------------------+ - * | Lc | #(Payload) | Payload length | - * +---------+------------------+---------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte Crypto Object identifier | - * +---------+------------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+----------------------------------------------+ - * | SW | Description | - * +=============+==============================================+ - * | SW_NO_ERROR | The file is created or updated successfully. | - * +-------------+----------------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_DeleteCryptoObject(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID); - -/** Se05x_API_ECDSASign - * - * The ECDSASign command signs external data using the indicated key pair or - * private key. - * - * The ECSignatureAlgo indicates the ECDSA algorithm that is used, but the - * hashing of data always must be done on the host. E.g., if ECSignatureAlgo = - * SIG_ ECDSA_SHA256, the user must have applied SHA256 on the input data - * already. - * - * The user must take care of providing the correct input length; i.e., the data - * input length (TLV[TAG_3]) must match the digest indicated in the signature - * algorithm (TLV[TAG_2]). - * - * In any case, the APDU payload must be smaller than MAX_APDU_PAYLOAD_LENGTH. - * - * This is performed according to the ECDSA algorithm as specified in [ANSI - * X9.62]. The signature (a sequence of two integers 'r' and 's') as - * returned in the response adheres to the ASN.1 DER encoded formatting rules for - * integers. - * - * # Command to Applet - * - * @rst - * +-------+--------------+---------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+=============================================+ - * | CLA | 0x80 | | - * +-------+--------------+---------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+---------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+---------------------------------------------+ - * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | - * | | | key. | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_2] | 1-byte ECSignatureAlgo. | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data. | - * +-------+--------------+---------------------------------------------+ - * | Le | 0x00 | Expecting ASN.1 signature | - * +-------+--------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------+ - * | Value | Description | - * +============+==================================+ - * | TLV[TAG_1] | ECDSA Signature in ASN.1 format. | - * +------------+----------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] ecSignAlgo ecSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] signature [0:kSE05x_TAG_1] - * @param[in,out] psignatureLen Length for signature - */ -smStatus_t Se05x_API_ECDSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECSignatureAlgo_t ecSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_EdDSASign - * - * The EdDSASign command signs external data using the indicated key pair or - * private key (using a Twisted Edwards curve). This is performed according to - * the EdDSA algorithm as specified in [RFC8032]. - * - * The input data need to be the plain data (not hashed). - * - * The signature as returned in the response is a 64-byte array, being the - * concatenation of the signature r and s component (without leading zeroes for - * sign indication). - * - * # Command to Applet - * - * @rst - * +-------+--------------+---------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+=============================================+ - * | CLA | 0x80 | | - * +-------+--------------+---------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+---------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+---------------------------------------------+ - * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | - * | | | key. | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_2] | 1-byte EDSignatureAlgo | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing plain input data. | - * +-------+--------------+---------------------------------------------+ - * | Le | 0x00 | Expecting signature | - * +-------+--------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------+ - * | Value | Description | - * +============+==========================================+ - * | TLV[TAG_1] | EdDSA Signature (r concatenated with s). | - * +------------+------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] edSignAlgo edSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] signature [0:kSE05x_TAG_1] - * @param[in,out] psignatureLen Length for signature - */ -smStatus_t Se05x_API_EdDSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_EDSignatureAlgo_t edSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ECDAASign - * - * The ECDAASign command signs external data using the indicated key pair or - * private key. This is performed according to ECDAA. The generated signature is: - * - * * r = random mod n - * - * * s = (r + T.ds) mod n where d is the private key - * - * The ECDAASignatureAlgo indicates the applied algorithm. - * - * This APDU command should be used with a key identifier linked to - * TPM_ECC_BN_P256 curve. - * - * _Note:_ The applet allows the random input to be 32 bytes of zeroes; the user - * must take care that this is not considered as valid input. Only input in the - * interval [1, n-1] must be considered as valid. - * - * # Command to Applet - * - * @rst - * +-------+--------------+------------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+================================================+ - * | CLA | 0x80 | | - * +-------+--------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+------------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+------------------------------------------------+ - * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | - * | | | key. | - * +-------+--------------+------------------------------------------------+ - * | | TLV[TAG_2] | 1-byte ECDAASignatureAlgo | - * +-------+--------------+------------------------------------------------+ - * | | TLV[TAG_3] | T = 32-byte array containing hashed input | - * | | | data. | - * +-------+--------------+------------------------------------------------+ - * | | TLV[TAG_4] | r = 32-byte array containing random data, must | - * | | | be in the interval [1, n-1] where n is the | - * | | | order of the curve. | - * +-------+--------------+------------------------------------------------+ - * | Le | 0x00 | Expecting signature | - * +-------+--------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------+ - * | Value | Description | - * +============+==========================================+ - * | TLV[TAG_1] | ECDSA Signature (r concatenated with s). | - * +------------+------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] ecdaaSignAlgo ecdaaSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] randomData randomData [4:kSE05x_TAG_4] - * @param[in] randomDataLen Length of randomData - * @param[out] signature [0:kSE05x_TAG_1] - * @param[in,out] psignatureLen Length for signature - */ -smStatus_t Se05x_API_ECDAASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECDAASignatureAlgo_t ecdaaSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *randomData, - size_t randomDataLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ECDSAVerify - * - * The ECDSAVerify command verifies whether the signature is correct for a given - * (hashed) data input using an EC public key or EC key pair's public key. - * - * The ECSignatureAlgo indicates the ECDSA algorithm that is used, but the - * hashing of data must always be done on the host. E.g., if ECSignatureAlgo = - * SIG_ ECDSA_SHA256, the user must have applied SHA256 on the input data - * already. - * - * The key cannot be passed externally to the command directly. In case users - * want to use the command to verify signatures using different public keys or - * the public key value regularly changes, the user should create a transient key - * object to which the key value is written and then the identifier of that - * transient secure object can be used by this ECDSAVerify command. - * - * # Command to Applet - * - * @rst - * +-------+--------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+===============================================+ - * | CLA | 0x80 | | - * +-------+--------------+-----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+-----------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+-----------------------------------------------+ - * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | - * | | | key. | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte ECSignatureAlgo. | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing ASN.1 signature | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing hashed data to compare. | - * +-------+--------------+-----------------------------------------------+ - * | Le | 0x03 | Expecting TLV with :cpp:type:`SE05x_Result_t` | - * +-------+--------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------+ - * | Value | Description | - * +============+======================================+ - * | TLV[TAG_1] | Result of the signature verification | - * | | (:cpp:type:`SE05x_Result_t`). | - * +------------+--------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-----------------------------+--------------------------------------+ - * | SW | Description | - * +=============================+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-----------------------------+--------------------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | Incorrect data | - * +-----------------------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] ecSignAlgo ecSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] signature signature [4:kSE05x_TAG_5] - * @param[in] signatureLen Length of signature - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_ECDSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECSignatureAlgo_t ecSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult); - -/** Se05x_API_EdDSAVerify - * - * The EdDSAVerify command verifies whether the signature is correct for a given - * data input (hashed using SHA512) using an EC public key or EC key pair's - * public key. The signature needs to be given as concatenation of r and s. - * - * The data needs to be compared with the plain message without being hashed. - * - * _Note_ : See chapter 7 for correct byte order as both r and s need to be byte - * swapped. - * - * This is performed according to the EdDSA algorithm as specified in [RFC8032]. - * - * The key cannot be passed externally to the command directly. In case users - * want to use the command to verify signatures using different public keys or - * the public key value regularly changes, the user should create a transient key - * object to which the key value is written and then the identifier of that - * transient secure object can be used by this EdDSAVerify command. - * - * # Command to Applet - * - * @rst - * +-------+--------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+===============================================+ - * | CLA | 0x80 | | - * +-------+--------------+-----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+-----------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+-----------------------------------------------+ - * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | - * | | | key. | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`EDSignatureAlgoRef`. | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_3] | 64-byte array containing the signature | - * | | | (concatenation of r and s). | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing plain data to compare. | - * +-------+--------------+-----------------------------------------------+ - * | Le | 0x03 | Expecting TLV with :cpp:type:`SE05x_Result_t` | - * +-------+--------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------+ - * | Value | Description | - * +============+======================================+ - * | TLV[TAG_1] | Result of the signature verification | - * | | (:cpp:type:`SE05x_Result_t`). | - * +------------+--------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-----------------------------+--------------------------------------+ - * | SW | Description | - * +=============================+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-----------------------------+--------------------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | Incorrect data | - * +-----------------------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] edSignAlgo edSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] signature signature [4:kSE05x_TAG_5] - * @param[in] signatureLen Length of signature - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_EdDSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_EDSignatureAlgo_t edSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult); - -/** Se05x_API_ECDHGenerateSharedSecret - * - * The ECDHGenerateSharedSecret command generates a shared secret ECC point on - * the curve using an EC private key on SE05X and an external public key provided - * by the caller. The output shared secret is returned to the caller. - * - * All curves from ECCurve are supported, except ECC_ED_25519. - * - * Note that ECDHGenerateSharedSecret commands with EC keys using curve - * ID_ECC_MONT_DH_25519 or ID_ECC_MONT_DH_448 cause NVM write operations for each - * call. This is not the case for the other curves. - * - * When CONFIG_FIPS_MODE_DISABLED is not set, this function will always return - * SW_CONDTIONS_NOT_SATISFIED. - * - * The shared secret can only be received when the Secure Object containing the - * key pair or private key (TLV[TAG_1]) does not contain the policy - * POLICY_OBJ_FORBID_DERIVED_OUTPUT. If that is the case, the user must provide - * TLV[TAG_7} to store the shared secret in an HMACKey object. The user is - * responsible to assign the correct size of the HMACKey object: this must equal - * the size of the shared secret exactly. - * - * On applet 4.4.0, the policy POLICY_OBJ_FORBID_DERIVED_OUTPUT is not yet - * verified for this function. It will always be allowed. - * - * # Command to Applet - * - * @rst - * +------------+------------------------------+----------------------------------------------+ - * | Field | Value | Description | - * +============+==============================+==============================================+ - * | CLA | 0x80 | | - * +------------+------------------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+------------------------------+----------------------------------------------+ - * | P1 | P1_EC | See :cpp:type:`SE05x_P1_t` | - * +------------+------------------------------+----------------------------------------------+ - * | P2 | P2_DH | See :cpp:type:`SE05x_P2_t` | - * +------------+------------------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +------------+------------------------------+----------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or private | - * | | | key. | - * +------------+------------------------------+----------------------------------------------+ - * | TLV[TAG_2] | External public key (see | | - * | | :cpp:type:`ECKeyRef`). | | - * +------------+------------------------------+----------------------------------------------+ - * | TLV[TAG_7] | 4-byte HMACKey identifier to | | - * | | store output. [Optional] | | - * +------------+------------------------------+----------------------------------------------+ - * | Le | 0x00 | Expected shared secret length. | - * +------------+------------------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | The returned shared secret. [Conditional: | - * | | only when the input does not contain | - * | | TLV[TAG_7].} | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] pubKey pubKey [2:kSE05x_TAG_2] - * @param[in] pubKeyLen Length of pubKey - * @param[out] sharedSecret [0:kSE05x_TAG_1] - * @param[in,out] psharedSecretLen Length for sharedSecret - */ -smStatus_t Se05x_API_ECDHGenerateSharedSecret(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *pubKey, - size_t pubKeyLen, - uint8_t *sharedSecret, - size_t *psharedSecretLen); - -/** Se05x_API_RSASign - * - * The RSASign command signs the input message using an RSA private key. - * - * @rst - * +----------------------+-------+----------------------------+ - * | Name | Value | Description | - * +======================+=======+============================+ - * | RSA_SHA1_PKCS1_PSS | 0x15 | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA224_PKCS1_PSS | 0x2B | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA256_PKCS1_PSS | 0x2C | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA384_PKCS1_PSS | 0x2D | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA512_PKCS1_PSS | 0x2E | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA1_PKCS1 | 0x0A | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * | RSA_SHA_224_PKCS1 | 0x27 | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * | RSA_SHA_256_PKCS1 | 0x28 | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * | RSA_SHA_384_PKCS1 | 0x29 | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * | RSA_SHA_512_PKCS1 | 0x2A | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * @endrst - * - * # Command to Applet - * - * @rst - * +-------+--------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+==============================================+ - * | CLA | 0x80 | | - * +-------+--------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+----------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+----------------------------------------------+ - * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the key pair or private | - * | | | key. | - * +-------+--------------+----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSASignAlgo_t` | - * +-------+--------------+----------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data. | - * +-------+--------------+----------------------------------------------+ - * | Le | 0x00 | Expecting ASN.1 signature. | - * +-------+--------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------+ - * | Value | Description | - * +============+================================+ - * | TLV[TAG_1] | RSA signature in ASN.1 format. | - * +------------+--------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] rsaSigningAlgo rsaSigningAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] signature [0:kSE05x_TAG_1] - * @param[in,out] psignatureLen Length for signature - */ -smStatus_t Se05x_API_RSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSASignatureAlgo_t rsaSigningAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_RSAVerify - * - * The RSAVerify command verifies the given signature and returns the result. - * - * The key cannot be passed externally to the command directly. In case users - * want to use the command to verify signatures using different public keys or - * the public key value regularly changes, the user should create a transient key - * object to which the key value is written and then the identifier of that - * transient secure object can be used by this RSAVerify command. - * - * # Command to Applet - * - * @rst - * +---------+--------------+---------------------------------------------+ - * | Field | Value | Description | - * +=========+==============+=============================================+ - * | CLA | 0x80 | | - * +---------+--------------+---------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------+---------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------+---------------------------------------------+ - * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------+---------------------------------------------+ - * | Payload | | | - * +---------+--------------+---------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | - * | | | key. | - * +---------+--------------+---------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSASignAlgo_t` | - * +---------+--------------+---------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing data to be verified. | - * +---------+--------------+---------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing ASN.1 signature. | - * +---------+--------------+---------------------------------------------+ - * | Le | 0x03 | Expecting Result in TLV | - * +---------+--------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------+ - * | Value | Description | - * +============+==========================================+ - * | TLV[TAG_1] | :cpp:type:`SE05x_Result_t`: Verification | - * | | result | - * +------------+------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] rsaSigningAlgo rsaSigningAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] signature signature [4:kSE05x_TAG_5] - * @param[in] signatureLen Length of signature - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_RSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSASignatureAlgo_t rsaSigningAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult); - -/** Se05x_API_RSAEncrypt - * - * The RSAEncrypt command encrypts data. - * - * # Command to Applet - * - * @rst - * +---------+--------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=========+====================+==============================================+ - * | CLA | 0x80 | | - * +---------+--------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------------+----------------------------------------------+ - * | P1 | P1_RSA | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------------+----------------------------------------------+ - * | P2 | P2_ENCRYPT_ONESHOT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------------+----------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or public | - * | | | key. | - * +---------+--------------------+----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAEncryptionAlgo_t` | - * +---------+--------------------+----------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing data to be encrypted. | - * +---------+--------------------+----------------------------------------------+ - * | Le | 0x00 | Expected TLV with encrypted data. | - * +---------+--------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------+ - * | Value | Description | - * +============+================+ - * | TLV[TAG_1] | Encrypted data | - * +------------+----------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] rsaEncryptionAlgo rsaEncryptionAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] encryptedData [0:kSE05x_TAG_1] - * @param[in,out] pencryptedDataLen Length for encryptedData - */ -smStatus_t Se05x_API_RSAEncrypt(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *encryptedData, - size_t *pencryptedDataLen); - -/** Se05x_API_RSADecrypt - * - * The RSADecrypt command decrypts data. - * - * - * # Command to Applet - * - * @rst - * +---------+--------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=========+====================+==============================================+ - * | CLA | 0x80 | | - * +---------+--------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------------+----------------------------------------------+ - * | P1 | P1_RSA | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------------+----------------------------------------------+ - * | P2 | P2_DECRYPT_ONESHOT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------------+----------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or private | - * | | | key. | - * +---------+--------------------+----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAEncryptionAlgo_t` | - * +---------+--------------------+----------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing data to be decrypted. | - * +---------+--------------------+----------------------------------------------+ - * | Le | 0x00 | Expected TLV with decrypted data. | - * +---------+--------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------+ - * | Value | Description | - * +============+================+ - * | TLV[TAG_1] | Encrypted data | - * +------------+----------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] rsaEncryptionAlgo rsaEncryptionAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] decryptedData [0:kSE05x_TAG_1] - * @param[in,out] pdecryptedDataLen Length for decryptedData - */ -smStatus_t Se05x_API_RSADecrypt(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *decryptedData, - size_t *pdecryptedDataLen); - -/** Se05x_API_CipherInit - * - * Initialize a symmetric encryption or decryption. The Crypto Object keeps the - * state of the cipher operation until it's finalized or deleted. Once the - * CipherFinal function is executed successfully, the Crypto Object state returns - * to the state immediately after the previous CipherInit function. - * - * # Command to Applet - * - * @rst - * +---------+--------------------------+--------------------------------------------+ - * | Field | Value | Description | - * +=========+==========================+============================================+ - * | CLA | 0x80 | | - * +---------+--------------------------+--------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------------------+--------------------------------------------+ - * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------------------+--------------------------------------------+ - * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------------------+--------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------------------+--------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | - * +---------+--------------------------+--------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+--------------------------+--------------------------------------------+ - * | | TLV[TAG_4] | Initialization Vector [Optional] | - * | | | [Conditional: only when the Crypto Object | - * | | | type equals CC_CIPHER and subtype is not | - * | | | including ECB] | - * +---------+--------------------------+--------------------------------------------+ - * | Le | - | | - * +---------+--------------------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] - * @param[in] IV IV [3:kSE05x_TAG_4] - * @param[in] IVLen Length of IV - * @param[in] operation See @ref SE05x_Cipher_Oper_t - */ -smStatus_t Se05x_API_CipherInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *IV, - size_t IVLen, - const SE05x_Cipher_Oper_t operation); - -/** Se05x_API_CipherUpdate - * - * Update a cipher context. - * - * - * # Command to Applet - * - * @rst - * +------------+----------------------------------+---------------------------------+ - * | Field | Value | Description | - * +============+==================================+=================================+ - * | CLA | 0x80 | | - * +------------+----------------------------------+---------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+----------------------------------+---------------------------------+ - * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | - * +------------+----------------------------------+---------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +------------+----------------------------------+---------------------------------+ - * | Lc | #(Payload) | | - * +------------+----------------------------------+---------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+----------------------------------+---------------------------------+ - * | TLV[TAG_3] | Byte array containing input data | | - * +------------+----------------------------------+---------------------------------+ - * | Le | 0x00 | Expecting returned data. | - * +------------+----------------------------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | Output data | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - * @param[in] inputData inputData [2:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_CipherUpdate(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** Se05x_API_CipherFinal - * - * Finish a sequence of cipher operations. - * - * # Command to Applet - * - * @rst - * +------------+------------+---------------------------------+ - * | Field | Value | Description | - * +============+============+=================================+ - * | CLA | 0x80 | | - * +------------+------------+---------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+------------+---------------------------------+ - * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | - * +------------+------------+---------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +------------+------------+---------------------------------+ - * | Lc | #(Payload) | | - * +------------+------------+---------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+------------+---------------------------------+ - * | TLV[TAG_3] | Input data | | - * +------------+------------+---------------------------------+ - * | Le | 0x00 | Expected returned data. | - * +------------+------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | Output data | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - * @param[in] inputData inputData [2:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_CipherFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** - * @brief Se05x_API_CipherOneShot - * - * Encrypt or decrypt data in one shot mode. - * - * The key object must be either an AES key or DES key. - * - * # Command to Applet - * - * @rst - * +---------+-----------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+=======================+================================================+ - * | CLA | 0x80 | | - * +---------+-----------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+-----------------------+------------------------------------------------+ - * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------------+------------------------------------------------+ - * | P2 | P2_ENCRYPT_ONESHOT or | See :cpp:type:`SE05x_P2_t` | - * | | P2_DECRYPT_ONESHOT | | - * +---------+-----------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+-----------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | - * +---------+-----------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 1-byte CipherMode | - * +---------+-----------------------+------------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data. | - * +---------+-----------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Byte array containing an initialization | - * | | | vector. [Optional] [Conditional: only when | - * | | | the Crypto Object type equals CC_CIPHER and | - * | | | subtype is not including ECB] | - * +---------+-----------------------+------------------------------------------------+ - * | Le | 0x00 | Expecting return data. | - * +---------+-----------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | Output data | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] cipherMode The cipher mode - * @param[in] inputData The input data - * @param[in] inputDataLen The input data length - * @param[in] IV Initial vector - * @param[in] IVLen The iv length - * @param outputData The output data - * @param poutputDataLen The poutput data length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_CipherOneShot(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *IV, - size_t IVLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_Cipher_Oper_OneShot_t operation); - -/** Se05x_API_MACInit - * - * Initiate a MAC operation. The state of the MAC operation is kept in the Crypto - * Object until it's finalized or deleted. - * - * The 4-byte identifier of the key must refer to an AESKey, DESKey or HMACKey. - * - * - * # Command to Applet - * - * @rst - * +---------+----------------------------+-----------------------------------+ - * | Field | Value | Description | - * +=========+============================+===================================+ - * | CLA | 0x80 | | - * +---------+----------------------------+-----------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+----------------------------+-----------------------------------+ - * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | - * +---------+----------------------------+-----------------------------------+ - * | P2 | P2_GENERATE or P2_VALIDATE | See :cpp:type:`SE05x_P2_t` | - * +---------+----------------------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +---------+----------------------------+-----------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the MAC key. | - * +---------+----------------------------+-----------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+----------------------------+-----------------------------------+ - * | Le | 0x00 | | - * +---------+----------------------------+-----------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] - * @param[in] mac_oper The Operation - */ -smStatus_t Se05x_API_MACInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const SE05x_Mac_Oper_t mac_oper); - -/** Se05x_API_MACUpdate - * - * Update MAC - * - * # Command to Applet - * - * @rst - * +---------+------------+-------------------------------------------+ - * | Field | Value | Description | - * +=========+============+===========================================+ - * | CLA | 0x80 | | - * +---------+------------+-------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+------------+-------------------------------------------+ - * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-------------------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+------------+-------------------------------------------+ - * | Payload | TLV[TAG_1] | Byte array containing data to be taken as | - * | | | input to MAC. | - * +---------+------------+-------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+------------+-------------------------------------------+ - * | Le | - | | - * +---------+------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] inputData inputData [1:kSE05x_TAG_1] - * @param[in] inputDataLen Length of inputData - * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_MACUpdate( - pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen, SE05x_CryptoObjectID_t cryptoObjectID); - -/** Se05x_API_MACFinal - * - * # Command to Applet - * - * @rst - * +---------+------------+--------------------------------------------+ - * | Field | Value | Description | - * +=========+============+============================================+ - * | CLA | 0x80 | | - * +---------+------------+--------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+------------+--------------------------------------------+ - * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+--------------------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+--------------------------------------------+ - * | Payload | TLV[TAG_1] | Byte array containing data to be taken as | - * | | | input to MAC. | - * +---------+------------+--------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+------------+--------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing MAC to validate. | - * | | | [Conditional: only applicable the crypto | - * | | | object is set for validating (MACInit P2 = | - * | | | P2_VALIDATE)] | - * +---------+------------+--------------------------------------------+ - * | Le | 0x00 | Expecting MAC or result. | - * +---------+------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------------------+ - * | Value | Description | - * +============+===============================================+ - * | TLV[TAG_1] | MAC value (when MACInit had P2 = P2_GENERATE) | - * | | or :cpp:type:`SE05x_Result_t` (when MACInit | - * | | had P2 = P2_VERIFY). | - * +------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] inputData inputData [1:kSE05x_TAG_1] - * @param[in] inputDataLen Length of inputData - * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] - * @param[in] macValidateData macValidateData [3:kSE05x_TAG_3] - * @param[in] macValidateDataLen Length of macValidateData - * @param[out] macValue [0:kSE05x_TAG_1] - * @param[in,out] pmacValueLen Length for macValue - */ -smStatus_t Se05x_API_MACFinal(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *macValidateData, - size_t macValidateDataLen, - uint8_t *macValue, - size_t *pmacValueLen); - -/** Se05x_API_MACOneShot_G - * - * Generate. See @ref Se05x_API_MACOneShot_V for Verfiication. - * - * Performs a MAC operation in one shot (without keeping state). - * - * The 4-byte identifier of the key must refer to an AESKey, DESKey or HMACKey. - * - * # Command to Applet - * - * @rst - * +---------+------------------------+---------------------------------------------+ - * | Field | Value | Description | - * +=========+========================+=============================================+ - * | CLA | 0x80 | | - * +---------+------------------------+---------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+------------------------+---------------------------------------------+ - * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | - * +---------+------------------------+---------------------------------------------+ - * | P2 | P2_GENERATE_ONESHOT or | See :cpp:type:`SE05x_P2_t` | - * | | P2_VALIDATE_ONESHOT | | - * +---------+------------------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+------------------------+---------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | - * +---------+------------------------+---------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`MACAlgoRef` | - * +---------+------------------------+---------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing data to be taken as | - * | | | input to MAC. | - * +---------+------------------------+---------------------------------------------+ - * | | TLV[TAG_5] | MAC to verify (when P2=P2_VALIDATE_ONESHOT) | - * +---------+------------------------+---------------------------------------------+ - * | Le | 0x00 | Expecting MAC or Result. | - * +---------+------------------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+---------------------------------------+ - * | Value | Description | - * +============+=======================================+ - * | TLV[TAG_1] | MAC value (P2=P2_GENERATE_ONESHOT) or | - * | | :cpp:type:`SE05x_Result_t` (when | - * | | p2=P2_VALIDATE_ONESHOT). | - * +------------+---------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] macOperation macOperation [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] macValue [0:kSE05x_TAG_1] - * @param[in,out] pmacValueLen Length for macValue - */ -smStatus_t Se05x_API_MACOneShot_G(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t macOperation, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *macValue, - size_t *pmacValueLen); - -/** Se05x_API_MACOneShot_V - * - * Validate. See @ref Se05x_API_MACOneShot_G for Generation. - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] macOperation macOperation [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] MAC MAC to verify (when P2=P2_VALIDATE_ONESHOT) [4:kSE05x_TAG_5] - * @param[in] MACLen Length of MAC - * @param[out] macValue [0:kSE05x_TAG_1] - * @param[in,out] pmacValueLen Length for macValue - */ -smStatus_t Se05x_API_MACOneShot_V(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t macOperation, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *MAC, - size_t MACLen, - uint8_t *macValue, - size_t *pmacValueLen); - -/** Se05x_API_HKDF - * - * Note that this KDF is equal to the KDF in Feedback Mode described in [NIST - * SP800-108] with the PRF being HMAC with SHA256 and with an 8-bit counter at - * the end of the iteration variable. - * - * The full HKDF algorithm is executed, i.e. Extract-And-Expand. - * - * The caller must provide a salt length (0 up to 64 bytes). If salt length - * equals 0 or salt is not provided as input, the default salt will be used. - * - * The output of the HKDF functions can be either: - * - * * send back to the caller => _precondition_ : none of the input Secure Objects -if present- shall have a policy POLICY_OBJ_FORBID_DERIVED_OUTPUT set. - * - * * be stored in a Secure Object => _precondition_ : the Secure Object must be created upfront and the size must exactly match the expected length. - * - * - * # Command to Applet - * - * @rst - * +------------+--------------------------------+-----------------------------------+ - * | Field | Value | Description | - * +============+================================+===================================+ - * | CLA | 0x80 | | - * +------------+--------------------------------+-----------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+--------------------------------+-----------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +------------+--------------------------------+-----------------------------------+ - * | P2 | P2_HKDF | See :cpp:type:`SE05x_P2_t` | - * +------------+--------------------------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +------------+--------------------------------+-----------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte HMACKey identifier (= IKM) | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_2] | 1-byte DigestMode (except | | - * | | DIGEST_NO_HASH) | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_3] | Byte array (0-64 bytes) | | - * | | containing salt. [Optional] | | - * | | [Conditional: only when | | - * | | TLV[TAG_6] is absent.] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_4] | Info: The context and | | - * | | information to apply (1 to 80 | | - * | | bytes). [Optional] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_5] | 2-byte requested length (L): 1 | | - * | | up to MAX_APDU_PAYLOAD_LENGTH | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_6] | 4-byte HMACKey identifier | | - * | | containing salt. [Optional] | | - * | | [Conditional: only when | | - * | | TLV[TAG_3] is absent] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_7] | 4-byte HMACKey identifier to | | - * | | store output. [Optional] | | - * +------------+--------------------------------+-----------------------------------+ - * | Le | 0x00 | | - * +------------+--------------------------------+-----------------------------------+ - * @endrst - * - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | HKDF output. [Conditional: only when the | - * | | input does not contain TLV[TAG-7]] | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+------------------------------------+ - * | SW | Description | - * +=============+====================================+ - * | SW_NO_ERROR | The HKDF is executed successfully. | - * +-------------+------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] hmacID hmacID [1:kSE05x_TAG_1] - * @param[in] digestMode digestMode [2:kSE05x_TAG_2] - * @param[in] salt salt [3:kSE05x_TAG_3] - * @param[in] saltLen Length of salt - * @param[in] info info [4:kSE05x_TAG_4] - * @param[in] infoLen Length of info - * @param[in] deriveDataLen 2-byte requested length (L) [5:kSE05x_TAG_5] - * @param[out] hkdfOuput [0:kSE05x_TAG_1] - * @param[in,out] phkdfOuputLen Length for hkdfOuput - */ -smStatus_t Se05x_API_HKDF(pSe05xSession_t session_ctx, - uint32_t hmacID, - SE05x_DigestMode_t digestMode, - const uint8_t *salt, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - uint16_t deriveDataLen, - uint8_t *hkdfOuput, - size_t *phkdfOuputLen); - -/** Se05x_API_HKDF_Extended - * - * Only step 2 of the algorithm is executed, i.e. Expand only. - * - * Using an IV as input parameter results in a FIPS compliant SP800-108 KDF in - * Feedback Mode where K[0] is the provided IV. This KDF is then using a 8-bit - * counter, AFTER_FIXED counter location. - * - * # Command to Applet - * - * @rst - * +------------+--------------------------------+-----------------------------------+ - * | Field | Value | Description | - * +============+================================+===================================+ - * | CLA | 0x80 | | - * +------------+--------------------------------+-----------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+--------------------------------+-----------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +------------+--------------------------------+-----------------------------------+ - * | P2 | P2_HKDF_EXPAND_ONLY | See :cpp:type:`SE05x_P2_t` | - * +------------+--------------------------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +------------+--------------------------------+-----------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte HMACKey identifier (= PRK) | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_2] | 1-byte DigestMode (except | | - * | | DIGEST_NO_HASH) | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_3] | Byte array (0-64 bytes) | | - * | | containing IV. [Optional] | | - * | | [Conditional: only when | | - * | | TLV[TAG_6] is absent.] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_4] | Info: The context and | | - * | | information to apply (1 to 80 | | - * | | bytes). [Optional] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_5] | 2-byte requested length (L): 1 | | - * | | up to MAX_APDU_PAYLOAD_LENGTH | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_6] | 4-byte HMACKey identifier | | - * | | containing IV. [Optional] | | - * | | [Conditional: only when | | - * | | TLV[TAG_3] is absent] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_7] | 4-byte HMACKey identifier to | | - * | | store output. [Optional] | | - * +------------+--------------------------------+-----------------------------------+ - * | Le | 0x00 | | - * +------------+--------------------------------+-----------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | HKDF output. [Conditional: only when the | - * | | input does not contain TLV[TAG-7]] | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+------------------------------------+ - * | SW | Description | - * +=============+====================================+ - * | SW_NO_ERROR | The HKDF is executed successfully. | - * +-------------+------------------------------------+ - * - * - */ -smStatus_t Se05x_API_HKDF_Extended(pSe05xSession_t session_ctx, - uint32_t hmacID, - SE05x_DigestMode_t digestMode, - SE05x_HkdfMode_t hkdfMode, - const uint8_t *salt, - size_t saltLen, - uint32_t saltID, - const uint8_t *info, - size_t infoLen, - uint32_t derivedKeyID, - uint16_t deriveDataLen, - uint8_t *hkdfOuput, - size_t *phkdfOuputLen); - -/** Se05x_API_PBKDF2 - * - * Password Based Key Derivation Function 2 (PBKDF2) according [RFC8018]. - * - * The password is an input to the KDF and must be stored inside the . - * - * The output is returned to the host. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_PBKDF | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte password identifier (object type must | - * | | | be HMACKey) | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | Salt (0 to 64 bytes) [Optional] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | 2-byte Iteration count: 1 up to 0x7FFF. | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_4] | 2-byte Requested length: 1 up to 512 bytes. | - * +-------+------------+----------------------------------------------+ - * | Le | 0x00 | Expecting derived key material. | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------------------------------+ - * | Value | Description | - * +============+=====================================+ - * | TLV[TAG_1] | Derived key material (session key). | - * +------------+-------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID 4-byte password identifier (object type must be HMACKey) [1:kSE05x_TAG_1] - * @param[in] salt salt [2:kSE05x_TAG_2] - * @param[in] saltLen Length of salt - * @param[in] count count [3:kSE05x_TAG_3] - * @param[in] requestedLen requestedLen [4:kSE05x_TAG_4] - * @param[out] derivedSessionKey [0:kSE05x_TAG_1] - * @param[in,out] pderivedSessionKeyLen Length for derivedSessionKey - */ -smStatus_t Se05x_API_PBKDF2(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *salt, - size_t saltLen, - uint16_t count, - uint16_t requestedLen, - uint8_t *derivedSessionKey, - size_t *pderivedSessionKeyLen); - -/** Se05x_API_DFDiversifyKey - * - * - * Create a Diversified Key. Input is _divInput_ 1 up to 31 bytes. - * - * Note that users need to create the diversified key object before calling this - * function. - * - * Both the master key and the diversified key need the policy - * POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION to be set. - * - * # Command to Applet - * - * @rst - * +-------+--------------+------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+==========================================+ - * | CLA | 0x80 | | - * +-------+--------------+------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+------------------------------------------+ - * | P2 | P2_DIVERSIFY | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+------------------------------------------+ - * | | TLV[TAG_1] | 4-byte master key identifier. | - * +-------+--------------+------------------------------------------+ - * | | TLV[TAG_2] | 4-byte diversified key identifier. | - * +-------+--------------+------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing divInput (up to 31 | - * | | | bytes). | - * +-------+--------------+------------------------------------------+ - * | Le | | | - * +-------+--------------+------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-----------------------------+--------------------------------------+ - * | SW | Description | - * +=============================+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-----------------------------+--------------------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | No master key found. | - * +-----------------------------+--------------------------------------+ - * | | Wrong length for divInput. | - * +-----------------------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] masterKeyID masterKeyID [1:kSE05x_TAG_1] - * @param[in] diversifiedKeyID diversifiedKeyID [2:kSE05x_TAG_2] - * @param[in] divInputData divInputData [3:kSE05x_TAG_3] - * @param[in] divInputDataLen Length of divInputData - */ -smStatus_t Se05x_API_DFDiversifyKey(pSe05xSession_t session_ctx, - uint32_t masterKeyID, - uint32_t diversifiedKeyID, - const uint8_t *divInputData, - size_t divInputDataLen); - -/** Se05x_API_DFAuthenticateFirstPart1 - * - * MIFARE DESFire support - * - * MIFARE DESFire EV2 Key derivation (S-mode). This is limited to AES128 keys - * only. - * - * The SE05X can be used by a card reader to setup a session where the SE05X - * stores the master key(s) and the session keys are generated and passed to the - * host. - * - * The SE05X keeps an internal state of MIFARE DESFire authentication data during - * authentication setup. This state is fully transient, so it is lost on deselect - * of the applet. - * - * The MIFARE DESFire state is owned by 1 user at a time; i.e., the user who - * calls DFAuthenticateFirstPart1 owns the MIFARE DESFire context until - * DFAuthenticateFirstPart1 is called again or until DFKillAuthentication is - * called. - * - * The SE05X can also be used to support a ChangeKey command, either supporting - * ChangeKey or ChangeKeyEV2. To establish a correct use case, policies need to - * be applied to the keys to indicate keys can be used for ChangeKey or not, etc. - * (to be detailed) - * - * # Command to Applet - * - * @rst - * +-------+---------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+=====================+==============================================+ - * | CLA | 0x80 | | - * +-------+---------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+---------------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------------+----------------------------------------------+ - * | P2 | P2_AUTH_FIRST_PART1 | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+---------------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte key identifier. | - * +-------+---------------------+----------------------------------------------+ - * | | TLV[TAG_2] | 16-byte encrypted card challenge: E(Kx,RndB) | - * +-------+---------------------+----------------------------------------------+ - * | Le | 0x00 | | - * +-------+---------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+---------------------------------------------+ - * | Value | Description | - * +============+=============================================+ - * | TLV[TAG_1] | 32-byte output data: E(Kx, RandA || RandB') | - * +------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] inputData inputData [2:kSE05x_TAG_2] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_DFAuthenticateFirstPart1(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** Se05x_API_DFAuthenticateNonFirstPart1 - * - * - * # Command to Applet - * - * @rst - * +-------+------------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+========================+==============================================+ - * | CLA | 0x80 | | - * +-------+------------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+------------------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------------+----------------------------------------------+ - * | P2 | P2_AUTH_NONFIRST_PART1 | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte key identifier. | - * +-------+------------------------+----------------------------------------------+ - * | | TLV[TAG_2] | 16-byte encrypted card challenge: E(Kx,RndB) | - * +-------+------------------------+----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+---------------------------------------------+ - * | Value | Description | - * +============+=============================================+ - * | TLV[TAG_1] | 32-byte output data: E(Kx, RandA || RandB') | - * +------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] inputData inputData [2:kSE05x_TAG_2] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_DFAuthenticateNonFirstPart1(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** Se05x_API_DFAuthenticateFirstPart2 - * - * For First part 2, the key identifier is implicitly set to the identifier used - * for the First authentication. DFAuthenticateFirstPart1 needs to be called - * before; otherwise an error is returned. - * - * # Command to Applet - * - * @rst - * +-------+---------------------+------------------------------------+ - * | Field | Value | Description | - * +=======+=====================+====================================+ - * | CLA | 0x80 | | - * +-------+---------------------+------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+---------------------+------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------------+------------------------------------+ - * | P2 | P2_AUTH_FIRST_PART2 | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------------+------------------------------------+ - * | Lc | #(Payload) | | - * +-------+---------------------+------------------------------------+ - * | | TLV[TAG_1] | 32 byte input: | - * | | | E(Kx,TI||RndA'||PDcap2||PCDcap2) | - * +-------+---------------------+------------------------------------+ - * | Le | 0x00 | | - * +-------+---------------------+------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------+ - * | Value | Description | - * +============+==========================================+ - * | TLV[TAG_1] | 12-byte array returning PDcap2||PCDcap2. | - * +------------+------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-----------------------------+--------------------------------------+ - * | SW | Description | - * +=============================+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-----------------------------+--------------------------------------+ - * | SW_WRONG_DATA | | - * +-----------------------------+--------------------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | | - * +-----------------------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] inputData inputData [1:kSE05x_TAG_1] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_DFAuthenticateFirstPart2(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** Se05x_API_DFAuthenticateNonFirstPart2 - * - * For NonFirst part 2, the key identifier is implicitly set to the identifier - * used for the NonFirst part 1 authentication. DFAuthenticateNonFirstPart1 needs - * to be called before; otherwise an error is returned. - * - * If authentication fails, SW_WRONG_DATA will be returned. - * - * # Command to Applet - * - * @rst - * +-------+------------------------+----------------------------+ - * | Field | Value | Description | - * +=======+========================+============================+ - * | CLA | 0x80 | | - * +-------+------------------------+----------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+------------------------+----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------------+----------------------------+ - * | P2 | P2_AUTH_NONFIRST_PART2 | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------------+----------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------------+----------------------------+ - * | | TLV[TAG_1] | 16-byte E(Kx, RndA') | - * +-------+------------------------+----------------------------+ - * | Le | 0x00 | | - * +-------+------------------------+----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] inputData inputData [1:kSE05x_TAG_1] - * @param[in] inputDataLen Length of inputData - */ -smStatus_t Se05x_API_DFAuthenticateNonFirstPart2( - pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen); - -/** Se05x_API_DFDumpSessionKeys - * - * Dump the Transaction Identifier and the session keys to the host. - * - * - * # Command to Applet - * - * @rst - * +-------+-------------+-----------------------------------+ - * | Field | Value | Description | - * +=======+=============+===================================+ - * | CLA | 0x80 | | - * +-------+-------------+-----------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+-------------+-----------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+-------------+-----------------------------------+ - * | P2 | P2_DUMP_KEY | See :cpp:type:`SE05x_P2_t` | - * +-------+-------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +-------+-------------+-----------------------------------+ - * | Le | 0x28 | Expecting TLV with 38 bytes data. | - * +-------+-------------+-----------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------+ - * | Value | Description | - * +============+======================================+ - * | TLV[TAG_1] | 38 bytes: KeyID.SesAuthENCKey || | - * | | KeyID.SesAuthMACKey || TI || Cmd-Ctr | - * +------------+--------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[out] sessionData 38 bytes: KeyID.SesAuthENCKey || KeyID.SesAuthMACKey || TI || Cmd-Ctr [0:kSE05x_TAG_1] - * @param[in,out] psessionDataLen Length for sessionData - */ -smStatus_t Se05x_API_DFDumpSessionKeys(pSe05xSession_t session_ctx, uint8_t *sessionData, size_t *psessionDataLen); - -/** Se05x_API_DFChangeKeyPart1 - * - * - * The DFChangeKeyPart1 command is supporting the function to change keys on the - * DESFire PICC. The command generates the cryptogram required to perform such - * operation. - * - * The new key and, if used, the current (or old) key must be stored in the SE05X - * and have the POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION associated to execute - * this command. This means the new PICC key must have been loaded into the SE05X - * prior to issuing this command. - * - * The 1-byte key set number indicates whether DESFire ChangeKey or DESFire - * ChangeKeyEV2 is used. When key set equals 0xFF, ChangeKey is used. - * - * - * # Command to Applet - * - * @rst - * +-------+---------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=======+=====================+================================================+ - * | CLA | 0x80 | | - * +-------+---------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+---------------------+------------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------------+------------------------------------------------+ - * | P2 | P2_CHANGE_KEY_PART1 | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the old key. [Optional: | - * | | | if the authentication key is the same as the | - * | | | key to be replaced, this TAG should not be | - * | | | present]. | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 4-byte identifier of the new key. | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_3] | 1-byte key set number [Optional: default = | - * | | | 0xC6] | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_4] | 1-byte DESFire key number to be targeted. | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_5] | 1-byte key version | - * +-------+---------------------+------------------------------------------------+ - * | Le | 0x00 | | - * +-------+---------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------+ - * | Value | Description | - * +============+=============================+ - * | TLV[TAG_1] | Cryptogram holding key data | - * +------------+-----------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] oldObjectID oldObjectID [1:kSE05x_TAG_1] - * @param[in] newObjectID newObjectID [2:kSE05x_TAG_2] - * @param[in] keySetNr keySetNr [3:kSE05x_TAG_3] - * @param[in] keyNoDESFire keyNoDESFire [4:kSE05x_TAG_4] - * @param[in] keyVer keyVer [5:kSE05x_TAG_5] - * @param[out] KeyData [0:kSE05x_TAG_1] - * @param[in,out] pKeyDataLen Length for KeyData - */ -smStatus_t Se05x_API_DFChangeKeyPart1(pSe05xSession_t session_ctx, - uint32_t oldObjectID, - uint32_t newObjectID, - uint8_t keySetNr, - uint8_t keyNoDESFire, - uint8_t keyVer, - uint8_t *KeyData, - size_t *pKeyDataLen); - -/** Se05x_API_DFChangeKeyPart2 - * - * The DFChangeKeyPart2 command verifies the MAC returned by ChangeKey or - * ChangeKeyEV2. Note that this function only needs to be called if a MAC is - * returned (which is not the case if the currently authenticated key is changed - * on the DESFire card). - * - * # Command to Applet - * - * @rst - * +-------+---------------------+----------------------------+ - * | Field | Value | Description | - * +=======+=====================+============================+ - * | CLA | 0x80 | | - * +-------+---------------------+----------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+---------------------+----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------------+----------------------------+ - * | P2 | P2_CHANGE_KEY_PART2 | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------------+----------------------------+ - * | Lc | #(Payload) | | - * +-------+---------------------+----------------------------+ - * | | TLV[TAG_1] | MAC | - * +-------+---------------------+----------------------------+ - * | Le | 0x00 | | - * +-------+---------------------+----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------+ - * | Value | Description | - * +============+===================================+ - * | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_Result_t` | - * +------------+-----------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] MAC MAC [1:kSE05x_TAG_1] - * @param[in] MACLen Length of MAC - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_DFChangeKeyPart2(pSe05xSession_t session_ctx, const uint8_t *MAC, size_t MACLen, uint8_t *presult); - -/** Se05x_API_DFKillAuthentication - * - * DFKillAuthentication invalidates any authentication and clears the internal - * DESFire state. Keys used as input (master keys or diversified keys) are not - * touched. - * - * # Command to Applet - * - * @rst - * +-------+--------------+----------------------------+ - * | Field | Value | Description | - * +=======+==============+============================+ - * | CLA | 0x80 | | - * +-------+--------------+----------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+----------------------------+ - * | P2 | P2_KILL_AUTH | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+----------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - */ -smStatus_t Se05x_API_DFKillAuthentication(pSe05xSession_t session_ctx); - -/** Se05x_API_TLSGenerateRandom - * - * Generates a random that is stored in the SE05X and used by TLSPerformPRF. - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------------+ - * | Field | Value | Description | - * +=======+============+===================================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------------+ - * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------------+ - * | P2 | P2_RANDOM | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------------+ - * | Le | 0x22 | Expecting TLV with 32 bytes data. | - * +-------+------------+-----------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------+ - * | Value | Description | - * +============+======================+ - * | TLV[TAG_1] | 32-byte random value | - * +------------+----------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[out] randomValue [0:kSE05x_TAG_1] - * @param[in,out] prandomValueLen Length for randomValue - */ -smStatus_t Se05x_API_TLSGenerateRandom(pSe05xSession_t session_ctx, uint8_t *randomValue, size_t *prandomValueLen); - -/** Se05x_API_TLSCalculatePreMasterSecret - * - * The command TLSCalculatePreMasterSecret will compute the pre-master secret for - * TLS according [RFC5246]. The pre-master secret will always be stored in an - * HMACKey object (TLV[TAG_3]). The HMACKey object must be created before; - * otherwise the calculation of the pre-master secret will fail. - * - * It can use one of these algorithms: - - - - - * - * * PSK Key Exchange algorithm as defined in [RFC4279] - * - * * RSA_PSK Key Exchange algorithm as defined in [RFC4279] - * - * * ECDHE_PSK Key Exchange algorithm as defined in [RFC5489] - * - * * EC Key Exchange algorithm as defined in [RFC4492] - * - * * RSA Key Exchange algorithm as defined in [RFC5246] - * - * - * TLV[TAG_1] needs to be an (existing) HMACKey identifier containing the pre- - * shared Key. - * - * Input data in TLV[TAG_4] are: - * - * * An EC public key when TLV[TAG_2] refers to an EC key pair. - * - * * An RSA encrypted secret when TLV[TAG_2] refers to an RSA key pair. - * - * * Empty when TLV[TAG_2] is absent or empty. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_PMS | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte PSK identifier referring to a 16, 32, | - * | | | 48 or 64-byte Pre Shared Key. [Optional] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | 4-byte key pair identifier. [Optional] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | 4-byte target HMACKey identifier. | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_4] | Byte array containing input data. | - * +-------+------------+----------------------------------------------+ - * | Le | - | | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] keyPairId keyPairId [1:kSE05x_TAG_1] - * @param[in] pskId pskId [2:kSE05x_TAG_2] - * @param[in] hmacKeyId hmacKeyId [3:kSE05x_TAG_3] - * @param[in] inputData inputData [4:kSE05x_TAG_4] - * @param[in] inputDataLen Length of inputData - */ -smStatus_t Se05x_API_TLSCalculatePreMasterSecret(pSe05xSession_t session_ctx, - uint32_t keyPairId, - uint32_t pskId, - uint32_t hmacKeyId, - const uint8_t *inputData, - size_t inputDataLen); - -/** Se05x_API_TLSPerformPRF - * - * The command TLSPerformPRF will compute either: - * - * * the master secret for TLS according [RFC5246], section 8.1 - * - * * key expansion data from a master secret for TLS according [RFC5246], section 6.3 - * - * Each time before calling this function, TLSGenerateRandom must be called. - * Executing this function will clear the random that is stored in the SE05X . - * - * The function can be called as client or as server and either using the pre- - * master secret or master secret as input, stored in an HMACKey. The input - * length must be either 16, 32, 48 or 64 bytes. - * - * This results in P2 having 4 possibilities: - * - * * P2_TLS_PRF_CLI_HELLO: pass the clientHelloRandom to calculate a master secret, the serverHelloRandom is in SE05X , generated by TLSGenerateRandom. - * - * * P2_TLS_PRF_SRV_HELLO: pass the serverHelloRandom to calculate a master secret, the clientHelloRandom is in SE05X , generated by TLSGenerateRandom. - * - * * P2_TLS_PRF_CLI_RANDOM: pass the clientRandom to generate key expansion data, the serverRandom is in SE05X , generated by TLSGenerateRandom. - * - * * P2_TLS_PRF_SRV_RANDOM: pass the serverRandom to generate key expansion data, the clientRandom is in SE05X - * - * - * # Command to Applet - * - * @rst - * +-------+------------------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+========================+===============================================+ - * | CLA | 0x80 | | - * +-------+------------------------+-----------------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------------+-----------------------------------------------+ - * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------------+-----------------------------------------------+ - * | P2 | See description above. | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte HMACKey identifier. | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_DigestMode_t`, except | - * | | | DIGEST_NO_HASH. | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_3] | Label (1 to 64 bytes) | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_4] | 32-byte random | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_5] | 2-byte requested length | - * +-------+------------------------+-----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | Byte array containing requested output data. | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] digestAlgo The digest algorithm - * @param[in] label The label - * @param[in] labelLen The label length - * @param[in] random The random - * @param[in] randomLen The random length - * @param[in] reqLen The request length - * @param outputData The output data - * @param poutputDataLen The poutput data length - * @param[in] tlsprf The tlsprf - * - * @return The sm status. - */ -smStatus_t Se05x_API_TLSPerformPRF(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t digestAlgo, - const uint8_t *label, - size_t labelLen, - const uint8_t *random, - size_t randomLen, - uint16_t reqLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_TLSPerformPRFType_t tlsprf); - -/** Se05x_API_I2CM_ExecuteCommandSet - * - * Execute one or multiple I2C commands in master mode. Execution is conditional - * to the presence of the authentication object identified by - * RESERVED_ID_I2CM_ACCESS. If the credential is not present in the eSE, access - * is allowed in general. Otherwise, a session shall be established before - * executing this command. In this case, the I2CM_ExecuteCommandSet command shall - * be sent within the mentioned session. - * - * The I2C command set is constructed as a sequence of instructions described in - * with the following rules: - * - * * The length should be limited to MAX_I2CM_COMMAND_LENGTH. - * - * * The data to be read cannot exceed MAX_I2CM_COMMAND_LENGTH, including protocol overhead. - * - * # Command to Applet - * - * @rst - * +-------+------------+------------------------------------------------+ - * | Field | Value | Description | - * +=======+============+================================================+ - * | CLA | 0x80 | | - * +-------+------------+------------------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t`, in addition to | - * | | | INS_CRYPTO, users can set the INS_ATTEST flag. | - * | | | In that case, attestation applies. | - * +-------+------------+------------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+------------------------------------------------+ - * | P2 | P2_I2CM | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+------------------------------------------------+ - * | | TLV[TAG_1] | Byte array containing I2C Command set as TLV | - * | | | array. | - * +-------+------------+------------------------------------------------+ - * | | TLV[TAG_2] | 4-byte attestation object identifier. | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+------------+------------------------------------------------+ - * | | TLV[TAG_3] | 1-byte :cpp:type:`SE05x_AttestationAlgo_t` | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+------------+------------------------------------------------+ - * | | TLV[TAG_7] | 16-byte freshness random [Optional] | - * | | | [Conditional: only when INS_ATTEST is set] | - * +-------+------------+------------------------------------------------+ - * | Le | 0x00 | Expecting TLV with return data. | - * +-------+------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | Read response, a bytestring containing a | - * | | sequence of: * CONFIGURE (0x01), | - * | | followed by 1 byte of return code (0x5A = | - * | | SUCCESS). * WRITE (0x03), | - * | | followed by 1 byte of return code * | - * | | READ (0x04), followed by - | - * | | Length: 2 bytes in big endian encoded without | - * | | TLV length encoding - | - * | | Read bytes * | - * | | 0xFF followed by the error return code in case | - * | | of a structural error of the incoming buffer | - * | | (too long, for example) | - * +------------+------------------------------------------------+ - * | TLV[TAG_3] | TLV containing 12-byte timestamp | - * +------------+------------------------------------------------+ - * | TLV[TAG_4] | TLV containing 16-byte freshness (random) | - * +------------+------------------------------------------------+ - * | TLV[TAG_5] | TLV containing 18-byte chip unique ID | - * +------------+------------------------------------------------+ - * | TLV[TAG_6] | TLV containing signature over the concatenated | - * | | values of TLV[TAG_1], TLV[TAG_3], TLV[TAG_4] | - * | | and TLV[TAG_5]. | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * - * - * @param[in] session_ctx The session context - * @param[in] inputData The input data - * @param[in] inputDataLen The input data length - * @param[in] attestationID The attestation id - * @param[in] attestationAlgo The attestation algorithm - * @param response The response - * @param presponseLen The presponse length - * @param ptimeStamp The ptime stamp - * @param freshness The freshness - * @param pfreshnessLen The pfreshness length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * @param randomAttst The random attst - * @param[in] randomAttstLen The random attst length - * - * @return The sm status. - */ -smStatus_t Se05x_API_I2CM_ExecuteCommandSet(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t attestationID, - uint8_t attestationAlgo, - uint8_t *response, - size_t *presponseLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *freshness, - size_t *pfreshnessLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen, - uint8_t *randomAttst, - size_t randomAttstLen); - -/** Se05x_API_DigestInit - * - * Open a digest operation. The state of the digest operation is kept in the - * Crypto Object until the Crypto Object is finalized or deleted. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+---------------------------------+ - * | Field | Value | Description | - * +=======+============+=================================+ - * | CLA | 0x80 | | - * +-------+------------+---------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+---------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+---------------------------------+ - * | P2 | P2_INIT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+---------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+---------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +-------+------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_DigestInit(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID); - -/** Se05x_API_DigestUpdate - * - * - * # Command to Applet - * - * @rst - * +-------+------------+---------------------------------+ - * | Field | Value | Description | - * +=======+============+=================================+ - * | CLA | 0x80 | | - * +-------+------------+---------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+---------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+---------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+---------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+---------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +-------+------------+---------------------------------+ - * | | TLV[TAG_3] | Data to be hashed. | - * +-------+------------+---------------------------------+ - * | Le | | | - * +-------+------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - * @param[in] inputData inputData [2:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - */ -smStatus_t Se05x_API_DigestUpdate( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *inputData, size_t inputDataLen); - -/** Se05x_API_DigestFinal - * - * - * # Command to Applet - * - * @rst - * +-------+------------+------------------------------------+ - * | Field | Value | Description | - * +=======+============+====================================+ - * | CLA | 0x80 | | - * +-------+------------+------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+------------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +-------+------------+------------------------------------+ - * | | TLV[TAG_3] | Data to be encrypted or decrypted. | - * +-------+------------+------------------------------------+ - * | Le | 0x00 | Expecting TLV with hash value. | - * +-------+------------+------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | CMAC value | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+-----------------------------------+ - * | SW | Description | - * +=============+===================================+ - * | SW_NO_ERROR | The hash is created successfully. | - * +-------------+-----------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - * @param[in] inputData inputData [2:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] cmacValue [0:kSE05x_TAG_1] - * @param[in,out] pcmacValueLen Length for cmacValue - */ -smStatus_t Se05x_API_DigestFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *cmacValue, - size_t *pcmacValueLen); - -/** Se05x_API_DigestOneShot - * - * Performs a hash operation in one shot (without context). - * - * - * # Command to Applet - * - * @rst - * +-------+------------+-------------------------------------------+ - * | Field | Value | Description | - * +=======+============+===========================================+ - * | CLA | 0x80 | | - * +-------+------------+-------------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-------------------------------------------+ - * | P2 | P2_ONESHOT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-------------------------------------------+ - * | | TLV[TAG_1] | 1-byte DigestMode (except DIGEST_NO_HASH) | - * +-------+------------+-------------------------------------------+ - * | | TLV[TAG_2] | Data to hash. | - * +-------+------------+-------------------------------------------+ - * | Le | 0x00 | TLV expecting hash value | - * +-------+------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | Hash value. | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+-----------------------------------+ - * | SW | Description | - * +=============+===================================+ - * | SW_NO_ERROR | The hash is created successfully. | - * +-------------+-----------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] digestMode digestMode [1:kSE05x_TAG_1] - * @param[in] inputData inputData [2:kSE05x_TAG_2] - * @param[in] inputDataLen Length of inputData - * @param[out] hashValue [0:kSE05x_TAG_1] - * @param[in,out] phashValueLen Length for hashValue - */ -smStatus_t Se05x_API_DigestOneShot(pSe05xSession_t session_ctx, - uint8_t digestMode, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *hashValue, - size_t *phashValueLen); - -/** Se05x_API_GetVersion - * - * Gets the applet version information. - * - * This will return 7-byte VersionInfo (including major, minor and patch version - * of the applet, supported applet features and secure box version). - * - * # Command to Applet - * - * @rst - * +-------+------------------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+==============================+==============================================+ - * | CLA | 0x80 | | - * +-------+------------------------------+----------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------------------+----------------------------------------------+ - * | P2 | P2_VERSION or P2_VERSION_EXT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------------------+----------------------------------------------+ - * | Le | 0x00 | Expecting TLV with 7-byte data (when P2 = | - * | | | P2_VERSION) or a TLV with 37 byte data (when | - * | | | P2= P2_VERSION_EXT). | - * +-------+------------------------------+----------------------------------------------+ - * @endrst - * - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | 7-byte :cpp:type:`VersionInfoRef` (if P2 = | - * | | P2_VERSION) or 7-byte VersionInfo followed by | - * | | 30 bytes extendedFeatureBits (if P2 = | - * | | P2_VERSION_EXT) | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param pappletVersion The papplet version - * @param appletVersionLen The applet version length - * - * @return The sm status. - */ -smStatus_t Se05x_API_GetVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen); - -/** Se05x_API_GetTimestamp - * - * Gets a monotonic counter value (time stamp) from the operating system of the - * device (both persistent and transient part). See TimestampFunctionality for - * details on the timestamps. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+-------------------------------+ - * | Field | Value | Description | - * +=======+============+===============================+ - * | CLA | 0x80 | | - * +-------+------------+-------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-------------------------------+ - * | P2 | P2_TIME | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-------------------------------+ - * | Le | 0x2C | Expecting TLV with timestamp. | - * +-------+------------+-------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------------------------------------+ - * | Value | Description | - * +============+===========================================+ - * | TLV[TAG_1] | TLV containing a 12-byte operating system | - * | | timestamp. | - * +------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx The session context - * @param ptimeStamp The ptime stamp - * - * @return The sm status. - */ -smStatus_t Se05x_API_GetTimestamp(pSe05xSession_t session_ctx, SE05x_TimeStamp_t *ptimeStamp); - -/** Se05x_API_GetFreeMemory - * - * Gets the amount of free memory. MemoryType indicates the type of memory. - * - * The result indicates the amount of free memory. Note that behavior of the - * function might not be fully linear and can have a granularity of 16 bytes - * where the applet will typically report the "worst case" amount. For example, - * when allocating 2 bytes a time, the first report will show 16 bytes being - * allocated, which remains the same for the next 7 allocations of 2 bytes. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+---------------------------------+ - * | Field | Value | Description | - * +=======+============+=================================+ - * | CLA | 0x80 | | - * +-------+------------+---------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+---------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+---------------------------------+ - * | P2 | P2_MEMORY | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+---------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+---------------------------------+ - * | | TLV[TAG_1] | :cpp:type:`SE05x_MemTyp_t` | - * +-------+------------+---------------------------------+ - * | Le | 0x04 | Expecting TLV with 2-byte data. | - * +-------+------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | 2 bytes indicating the amount of free memory | - * | | of the requested memory type. 0x7FFF as | - * | | response means at least 32768 bytes are | - * | | available. | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx The session context - * @param[in] memoryType The memory type - * @param pfreeMem The pfree memory - * - * @return The sm status. - */ -smStatus_t Se05x_API_GetFreeMemory(pSe05xSession_t session_ctx, SE05x_MemoryType_t memoryType, uint16_t *pfreeMem); - -/** Se05x_API_GetRandom - * - * Gets random data from the SE05X . - * - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------+ - * | Field | Value | Description | - * +=======+============+=============================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------+ - * | P2 | P2_RANDOM | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------+ - * | | TLV[TAG_1] | 2-byte requested size. | - * +-------+------------+-----------------------------+ - * | Le | 0x00 | Expecting random data | - * +-------+------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------+ - * | Value | Description | - * +============+==============+ - * | TLV[TAG_1] | Random data. | - * +------------+--------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx The session context - * @param[in] size The size - * @param randomData The random data - * @param prandomDataLen The prandom data length - * - * @return The sm status. - */ -smStatus_t Se05x_API_GetRandom(pSe05xSession_t session_ctx, uint16_t size, uint8_t *randomData, size_t *prandomDataLen); - -/** Se05x_API_DeleteAll - * - * Delete all Secure Objects, delete all curves and Crypto Objects. Secure - * Objects that are trust provisioned by NXP are not deleted (i.e., all objects - * that have Origin set to ORIGIN_PROVISIONED, including the objects with - * reserved object identifiers listed in Object attributes). - * - * This command can only be used from sessions that are authenticated using the - * credential with index RESERVED_ID_FACTORY_RESET. - * - * _Important_ : if a secure messaging session is up & running (e.g., AESKey or - * ECKey session) and the command is sent within this session, the response of - * the DeleteAll command will not be wrapped (i.e., not encrypted and no R-MAC), - * so this will also break down the secure channel protocol (as the session is - * closed by the DeleteAll command itself). - * - * # Command to Applet - * - * @rst - * +-------+---------------+-----------------------------+ - * | Field | Value | Description | - * +=======+===============+=============================+ - * | CLA | 0x80 | | - * +-------+---------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+---------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------+-----------------------------+ - * | P2 | P2_DELETE_ALL | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------+-----------------------------+ - * | Lc | 0x00 | | - * +-------+---------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - */ -smStatus_t Se05x_API_DeleteAll(pSe05xSession_t session_ctx); - -#if SSS_HAVE_SE05X_VER_GTE_06_00 -#include "se05x_04_xx_APDU_apis.h" -#endif - -#endif /* SE050X_APDU_APIS_H_INC */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h deleted file mode 100644 index 4717f19f7..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h +++ /dev/null @@ -1,3470 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#if defined(NONSECURE_WORLD) -#include "veneer_printf_table.h" -#endif - -#if defined(NONSECURE_WORLD) -#define NEWLINE() DbgConsole_Printf_NSE("\r\n") -#else -#define NEWLINE() printf("\r\n") -#endif - -smStatus_t Se05x_API_CreateSession( - pSe05xSession_t session_ctx, uint32_t authObjectID, uint8_t *sessionId, size_t *psessionIdLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_CREATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CreateSession []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("auth", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, authObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, sessionId, psessionIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ExchangeSessionData(pSe05xSession_t session_ctx, pSe05xPolicy_t policy) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_POLICY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - // uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ExchangeSessionData []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("Policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, policy); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RefreshSession(pSe05xSession_t session_ctx, pSe05xPolicy_t policy) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_REFRESH}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RefreshSession []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CloseSession(pSe05xSession_t session_ctx) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_CLOSE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t iCnt = 0; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CloseSession []"); -#endif /* VERBOSE_APDU_LOGS */ - if (((session_ctx->value[0] || session_ctx->value[1] || session_ctx->value[2] || session_ctx->value[3] || - session_ctx->value[4] || session_ctx->value[5] || session_ctx->value[6] || session_ctx->value[7])) && - (session_ctx->hasSession == 1)) { - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - if (retStatus == SM_OK) { - for (iCnt = 0; iCnt < 8; iCnt++) { - session_ctx->value[iCnt] = 0; - } - session_ctx->hasSession = 0; - } - } - else { - LOG_D("CloseSession command is sent only if valid Session exists!!!"); - } - return retStatus; -} - -smStatus_t Se05x_API_VerifySessionUserID(pSe05xSession_t session_ctx, const uint8_t *userId, size_t userIdLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_UserID}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "VerifySessionUserID []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("userId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, userId, userIdLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetLockState(pSe05xSession_t session_ctx, uint8_t lockIndicator, uint8_t lockState) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_TRANSPORT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetLockState []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U8("lock indicator", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, lockIndicator); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("lock state", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, lockState); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetPlatformSCPRequest(pSe05xSession_t session_ctx, SE05x_PlatformSCPRequest_t platformSCPRequest) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SCP}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetPlatformSCPRequest []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_PlatformSCPRequest("platf scp req", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, platformSCPRequest); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetAppletFeatures(pSe05xSession_t session_ctx, pSe05xAppletFeatures_t appletVariant) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VARIANT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetAppletFeatures []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Variant(&pCmdbuf, &cmdbufLen, kSE05x_TAG_1, appletVariant); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteECKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteECKey []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteRSAKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteRSAKey []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("To be Checked(last 3 not pdf)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteSymmKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteSymmKey []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteBinary(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteBinary []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteUserID(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - const uint8_t *userId, - size_t userIdLen, - const SE05x_AttestationType_t attestation_type) -{ - smStatus_t retStatus = SM_NOT_OK; - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | attestation_type, kSE05x_P1_UserID, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteUserID []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("userId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, userId, userIdLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CreateCounter(pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_CreateCounter []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - - if (size != 0) { - tlvRet = TLVSET_U16("size", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); - if (0 != tlvRet) { - goto cleanup; - } - } - - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetCounterValue(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t size, uint64_t value) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetCounterValue []"); -#endif /* VERBOSE_APDU_LOGS */ - - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - - if ((size > 0) && (size <= 8)) { - if (value != 0) { - tlvRet = TLVSET_U64_SIZE("value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, value, size); - if (0 != tlvRet) { - goto cleanup; - } - } - } - else { - LOG_E("Wrong size provided"); - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_IncCounter(pSe05xSession_t session_ctx, uint32_t objectID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "IncCounter []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -#if ENABLE_DEPRECATED_API_WritePCR -smStatus_t Se05x_API_WritePCR(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t pcrID, - const uint8_t *initialValue, - size_t initialValueLen, - const uint8_t *inputData, - size_t inputDataLen) -{ - return Se05x_API_WritePCR_WithType( - session_ctx, kSE05x_INS_NA, policy, pcrID, initialValue, initialValueLen, inputData, inputDataLen); -} -#endif // ENABLE_DEPRECATED_API_WritePCR - -smStatus_t Se05x_API_WritePCR_WithType(pSe05xSession_t session_ctx, - const SE05x_INS_t ins_type, - pSe05xPolicy_t policy, - uint32_t pcrID, - const uint8_t *initialValue, - size_t initialValueLen, - const uint8_t *inputData, - size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_PCR, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(pcrID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WritePCR []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pcrID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("initialValue", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, initialValue, initialValueLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ImportObject(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAKeyComponent_t rsaKeyComp, - const uint8_t *serializedObject, - size_t serializedObjectLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_DEFAULT, kSE05x_P2_IMPORT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ImportObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - if (rsaKeyComp != kSE05x_RSAKeyComponent_NA) { - tlvRet = TLVSET_RSAKeyComponent("rsaKeyComp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaKeyComp); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_u8bufOptional( - "serializedObject", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, serializedObject, serializedObjectLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ImportExternalObject(pSe05xSession_t session_ctx, - const uint8_t *ECKeydata, - size_t ECKeydataLen, - const uint8_t *ECAuthKeyID, - size_t ECAuthKeyIDLen, - const uint8_t *serializedObject, - size_t serializedObjectLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, 0x06, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ImportExternalObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8buf("AuthData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_IMPORT_AUTH_DATA, ECKeydata, ECKeydataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("AuthID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_IMPORT_AUTH_KEY_ID, ECAuthKeyID, ECAuthKeyIDLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional( - "serializedObject", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, serializedObject, serializedObjectLen); - - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadObject( - pSe05xSession_t session_ctx, uint32_t objectID, uint16_t offset, uint16_t length, uint8_t *data, size_t *pdataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - - if (retStatus == SM_ERR_ACCESS_DENIED_BASED_ON_POLICY) - LOG_W("Denied to read object %08X bases on policy.", objectID); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadObject_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - uint8_t *attribute, - size_t *pattributeLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadObject_W_Attst []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - /* Keys with no read policy will not return TAG1 */ - //goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, attribute, pattributeLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadRSA(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - SE05x_RSAPubKeyComp_t rsa_key_comp, - uint8_t *data, - size_t *pdataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadRSA []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAPubKeyComp("rsa_key_comp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, rsa_key_comp); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadRSA_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - SE05x_RSAPubKeyComp_t rsa_key_comp, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - uint8_t *attribute, - size_t *pattributeLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadRSA_W_Attst []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAPubKeyComp("rsa_key_comp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, rsa_key_comp); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, attribute, pattributeLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ExportObject( - pSe05xSession_t session_ctx, uint32_t objectID, SE05x_RSAKeyComponent_t rsaKeyComp, uint8_t *data, size_t *pdataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_EXPORT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ExportObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAKeyComponent("rsaKeyComp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaKeyComp); - if (0 != tlvRet) { - goto cleanup; - } - - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadType(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_SecureObjectType_t *ptype, - uint8_t *pisTransient, - const SE05x_AttestationType_t attestation_type) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ | attestation_type, kSE05x_P1_DEFAULT, kSE05x_P2_TYPE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadType []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_SecureObjectType(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, ptype); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pisTransient); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadSize(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t *psize) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_SIZE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadSize []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U16(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, psize); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadIDList(pSe05xSession_t session_ctx, - uint16_t outputOffset, - uint8_t filter, - uint8_t *pmore, - uint8_t *idlist, - size_t *pidlistLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_LIST}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadIDList []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U16("output offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, outputOffset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("filter", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, filter); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pmore); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, - &rspIndex, - rspbufLen, - kSE05x_TAG_2, - idlist, - pidlistLen); /* Byte array containing 4-byte identifiers */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (smStatus_t)((pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1])); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CheckObjectExists(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_Result_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_EXIST}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CheckObjectExists []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DeleteSecureObject(pSe05xSession_t session_ctx, uint32_t objectID) -{ - smStatus_t retStatus = SM_NOT_OK; - - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_DELETE_OBJECT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DeleteSecureObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CreateECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CURVE, kSE05x_P2_CREATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CreateECCurve []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetECCurveParam(pSe05xSession_t session_ctx, - SE05x_ECCurve_t curveID, - SE05x_ECCurveParam_t ecCurveParam, - const uint8_t *inputData, - size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CURVE, kSE05x_P2_PARAM}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetECCurveParam []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECCurveParam("ecCurveParam", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecCurveParam); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetECCurveId(pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *pcurveId) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CURVE, kSE05x_P2_ID}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetECCurveId []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pcurveId); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadECCurveList(pSe05xSession_t session_ctx, uint8_t *curveList, size_t *pcurveListLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CURVE, kSE05x_P2_LIST}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadECCurveList []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, curveList, pcurveListLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DeleteECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_CURVE, kSE05x_P2_DELETE_OBJECT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DeleteECCurve []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CreateCryptoObject(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - SE05x_CryptoContext_t cryptoContext, - SE05x_CryptoModeSubType_t subtype) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CreateCryptoObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoContext("cryptoContext", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoContext); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoModeSubType( - "1-byte Crypto Object subtype, either from DigestMode, CipherMode or MACAlgo (depending on TAG_2).", - &pCmdbuf, - &cmdbufLen, - kSE05x_TAG_3, - subtype); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadCryptoObjectList(pSe05xSession_t session_ctx, uint8_t *idlist, size_t *pidlistLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_LIST}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadCryptoObjectList []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = - tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, idlist, pidlistLen); /* If more ids are present */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DeleteCryptoObject(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_DELETE_OBJECT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DeleteCryptoObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECSignatureAlgo_t ecSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDSASign []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECSignatureAlgo("ecSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_EdDSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_EDSignatureAlgo_t edSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "EdDSASign []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_EDSignatureAlgo("edSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, edSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDAASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECDAASignatureAlgo_t ecdaaSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *randomData, - size_t randomDataLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDAASign []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECDAASignatureAlgo("ecdaaSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecdaaSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("randomData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, randomData, randomDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECSignatureAlgo_t ecSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDSAVerify []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECSignatureAlgo("ecSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_EdDSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_EDSignatureAlgo_t edSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "EdDSAVerify []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_EDSignatureAlgo("edSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, edSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDHGenerateSharedSecret(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *pubKey, - size_t pubKeyLen, - uint8_t *sharedSecret, - size_t *psharedSecretLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_EC, kSE05x_P2_DH}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDHGenerateSharedSecret []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, sharedSecret, psharedSecretLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSASignatureAlgo_t rsaSigningAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RSASign []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSASignatureAlgo("rsaSigningAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaSigningAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSASignatureAlgo_t rsaSigningAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RSAVerify []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSASignatureAlgo("rsaSigningAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaSigningAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RSAEncrypt(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *encryptedData, - size_t *pencryptedDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_RSA, kSE05x_P2_ENCRYPT_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RSAEncrypt []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAEncryptionAlgo("rsaEncryptionAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaEncryptionAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, encryptedData, pencryptedDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RSADecrypt(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *decryptedData, - size_t *pdecryptedDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_RSA, kSE05x_P2_DECRYPT_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RSADecrypt []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAEncryptionAlgo("rsaEncryptionAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaEncryptionAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, decryptedData, pdecryptedDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CipherInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *IV, - size_t IVLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CipherInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, IV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CipherUpdate(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CipherUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CipherFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CipherFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CipherOneShot(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *IV, - size_t IVLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_Cipher_Oper_OneShot_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CipherOneShot []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CipherMode("cipherMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cipherMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, IV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const SE05x_Mac_Oper_t mac_oper) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, mac_oper}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACUpdate( - pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen, SE05x_CryptoObjectID_t cryptoObjectID) -{ - smStatus_t retStatus = SM_NOT_OK; - - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACFinal(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *macValidateData, - size_t macValidateDataLen, - uint8_t *macValue, - size_t *pmacValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional( - "macValidateData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, macValidateData, macValidateDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACOneShot_G(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t macOperation, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *macValue, - size_t *pmacValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_GENERATE_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACOneShot_G []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("macOperation", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, macOperation); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACOneShot_V(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t macOperation, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *MAC, - size_t MACLen, - uint8_t *macValue, - size_t *pmacValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_VALIDATE_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACOneShot_V []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("macOperation", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, macOperation); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional( - "MAC to verify (when P2=P2_VALIDATE_ONESHOT)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, MAC, MACLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_HKDF(pSe05xSession_t session_ctx, - uint32_t hmacID, - SE05x_DigestMode_t digestMode, - const uint8_t *salt, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - uint16_t deriveDataLen, - uint8_t *hkdfOuput, - size_t *phkdfOuputLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_HKDF}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "HKDF []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("hmacID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, hmacID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_DigestMode("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, salt, saltLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("info", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, info, infoLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("2-byte requested length (L)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, deriveDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hkdfOuput, phkdfOuputLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_HKDF_Extended(pSe05xSession_t session_ctx, - uint32_t hmacID, - SE05x_DigestMode_t digestMode, - SE05x_HkdfMode_t hkdfMode, - const uint8_t *salt, - size_t saltLen, - uint32_t saltID, - const uint8_t *info, - size_t infoLen, - uint32_t derivedKeyID, - uint16_t deriveDataLen, - uint8_t *hkdfOuput, - size_t *phkdfOuputLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_HKDF}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - hdr.hdr[3] = (hkdfMode == kSE05x_HkdfMode_ExpandOnly ? kSE05x_P2_HKDF_EXPAND_ONLY : kSE05x_P2_HKDF); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "HKDF []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("hmacID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, hmacID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_DigestMode("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestMode); - if (0 != tlvRet) { - goto cleanup; - } - if ((salt != NULL) && (hkdfMode != kSE05x_HkdfMode_ExpandOnly)) { - tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, salt, saltLen); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_u8bufOptional("info", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, info, infoLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("2-byte requested length (L)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, deriveDataLen); - if (0 != tlvRet) { - goto cleanup; - } - // Warning: TAGS must be in numerical order, so this cannot be the else statement of (salt != null) - if ((salt == NULL) && (hkdfMode != kSE05x_HkdfMode_ExpandOnly)) { - tlvRet = TLVSET_U32("saltID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, saltID); - if (0 != tlvRet) { - goto cleanup; - } - } - if (hkdfOuput == NULL) { - tlvRet = TLVSET_U32("derivedKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, derivedKeyID); - if (0 != tlvRet) { - goto cleanup; - } - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - if (hkdfOuput == NULL) { - retStatus = SM_NOT_OK; - if (2 == rspbufLen) { - retStatus = (rspbuf[0] << 8) | (rspbuf[1]); - } - } - else { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hkdfOuput, phkdfOuputLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_PBKDF2(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *salt, - size_t saltLen, - uint16_t count, - uint16_t requestedLen, - uint8_t *derivedSessionKey, - size_t *pderivedSessionKeyLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_PBKDF}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "PBKDF2 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32( - "4-byte password identifier (object type must be HMACKey)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, salt, saltLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("count", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, count); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("requestedLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, requestedLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = - tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, derivedSessionKey, pderivedSessionKeyLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFDiversifyKey(pSe05xSession_t session_ctx, - uint32_t masterKeyID, - uint32_t diversifiedKeyID, - const uint8_t *divInputData, - size_t divInputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_DIVERSIFY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFDiversifyKey []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("masterKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, masterKeyID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("diversifiedKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, diversifiedKeyID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("divInputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, divInputData, divInputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFAuthenticateFirstPart1(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_FIRST_PART1}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart1 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFAuthenticateNonFirstPart1(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_NONFIRST_PART1}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart1 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFAuthenticateFirstPart2(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_FIRST_PART2}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart2 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFAuthenticateNonFirstPart2( - pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_NONFIRST_PART2}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateNonFirstPart2 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFDumpSessionKeys(pSe05xSession_t session_ctx, uint8_t *sessionData, size_t *psessionDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_DUMP_KEY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFDumpSessionKeys []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, - &rspIndex, - rspbufLen, - kSE05x_TAG_1, - sessionData, - psessionDataLen); /* 38 bytes: KeyID.SesAuthENCKey || KeyID.SesAuthMACKey || TI || Cmd-Ctr */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFChangeKeyPart1(pSe05xSession_t session_ctx, - uint32_t oldObjectID, - uint32_t newObjectID, - uint8_t keySetNr, - uint8_t keyNoDESFire, - uint8_t keyVer, - uint8_t *KeyData, - size_t *pKeyDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_CHANGE_KEY_PART1}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFChangeKeyPart1 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_KeyID("oldObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, oldObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("newObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, newObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("keySetNr", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keySetNr); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("keyNoDESFire", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, keyNoDESFire); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("keyVer", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, keyVer); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, KeyData, pKeyDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFChangeKeyPart2(pSe05xSession_t session_ctx, const uint8_t *MAC, size_t MACLen, uint8_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_CHANGE_KEY_PART2}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFChangeKeyPart2 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("MAC", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, MAC, MACLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFKillAuthentication(pSe05xSession_t session_ctx) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_KILL_AUTH}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFKillAuthentication []"); -#endif /* VERBOSE_APDU_LOGS */ - - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - - return retStatus; -} - -smStatus_t Se05x_API_TLSGenerateRandom(pSe05xSession_t session_ctx, uint8_t *randomValue, size_t *prandomValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_RANDOM}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TLSGenerateRandom []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, randomValue, prandomValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TLSCalculatePreMasterSecret(pSe05xSession_t session_ctx, - uint32_t keyPairId, - uint32_t pskId, - uint32_t hmacKeyId, - const uint8_t *inputData, - size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_TLS_PMS}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TLSCalculatePreMasterSecret []"); -#endif /* VERBOSE_APDU_LOGS */ - if (pskId != 0) { - tlvRet = TLVSET_U32("pskId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pskId); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_U32("keyPairId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, keyPairId); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("hmacKeyId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, hmacKeyId); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TLSPerformPRF(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t digestAlgo, - const uint8_t *label, - size_t labelLen, - const uint8_t *random, - size_t randomLen, - uint16_t reqLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_TLSPerformPRFType_t tlsprf) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, tlsprf}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TLSPerformPRF []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("digestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("Label (1 to 64 bytes)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, label, labelLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("32-byte random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("2-byte requested length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, reqLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_I2CM_ExecuteCommandSet(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t attestationID, - uint8_t attestationAlgo, - uint8_t *response, - size_t *presponseLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *freshness, - size_t *pfreshnessLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen, - uint8_t *randomAttst, - size_t randomAttstLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_I2CM_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_I2CM}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "I2CM_ExecuteCommandSet []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestationID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, attestationID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("attestationAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, attestationAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("freshness random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, randomAttst, randomAttstLen); - if (0 != tlvRet) { - goto cleanup; - } - - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, response, presponseLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, freshness, pfreshnessLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DigestInit(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_INIT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DigestInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DigestUpdate( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *inputData, size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DigestUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DigestFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *cmacValue, - size_t *pcmacValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DigestFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, cmacValue, pcmacValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DigestOneShot(pSe05xSession_t session_ctx, - uint8_t digestMode, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *hashValue, - size_t *phashValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DigestOneShot []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U8("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, digestMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hashValue, phashValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VERSION}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetVersion []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pappletVersion, appletVersionLen); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetTimestamp(pSe05xSession_t session_ctx, SE05x_TimeStamp_t *ptimeStamp) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_TIME}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetTimestamp []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetFreeMemory(pSe05xSession_t session_ctx, SE05x_MemoryType_t memoryType, uint16_t *pfreeMem) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_MEMORY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetFreeMemory []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_MemoryType("memoryType", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, memoryType); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U16(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pfreeMem); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetRandom(pSe05xSession_t session_ctx, uint16_t size, uint8_t *randomData, size_t *prandomDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_RANDOM}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetRandom []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U16("size", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, size); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, randomData, prandomDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DeleteAll(pSe05xSession_t session_ctx) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_DELETE_ALL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DeleteAll []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - return retStatus; -} diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h deleted file mode 100644 index be9e9f1ce..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef __EX_SCP03_PUF_H__ -#define __EX_SCP03_PUF_H__ - -#if defined(SECURE_WORLD) - -/** - * Activation Code to start PUF. - * This is used only for testing purposes, actual - * activation code should be stored in PFR and always - * read from PFR before PUF_Start. - * - * AC is different for all PUFs, this code cannot be used - * on any other board. - */ - -#define ACTIVATION_CODE_TESTING_LOCAL \ - { \ - 0xA2, 0x7D, 0xF7, 0x38, 0x15, 0x8E, 0x1F, 0xE1, 0x8D, 0x9F, 0x45, 0x6F, 0x8A, 0x2C, 0xA5, 0x8D, 0xC2, 0x15, \ - 0xD1, 0x9A, 0x13, 0xFA, 0xD8, 0x5E, 0x36, 0x00, 0x9A, 0xDD, 0x42, 0xB6, 0x4F, 0x6D, 0x08, 0xFB, 0x89, \ - 0x37, 0x3C, 0x1D, 0xAF, 0xD5, 0x63, 0xE1, 0xE8, 0xC8, 0x93, 0x93, 0x5C, 0xD8, 0x49, 0xF3, 0x2D, 0xD1, \ - 0xF9, 0x3D, 0x74, 0x97, 0x37, 0xBD, 0xC5, 0xBE, 0x04, 0x6A, 0x5E, 0xBC, 0xF3, 0x7D, 0xBD, 0xE0, 0xC6, \ - 0x3E, 0x66, 0x5F, 0xC0, 0x5C, 0x57, 0x09, 0x57, 0x8C, 0x45, 0x30, 0x12, 0x6F, 0xFA, 0x3B, 0xDB, 0x40, \ - 0xCE, 0xB8, 0xF2, 0x6E, 0x9B, 0xF1, 0x16, 0x74, 0x2A, 0x34, 0x7A, 0x6F, 0xB6, 0xEF, 0xA3, 0xD3, 0x8C, \ - 0xF0, 0x03, 0xB8, 0xB8, 0x8B, 0x2F, 0x27, 0x16, 0xDD, 0xE0, 0x92, 0xC8, 0xD7, 0x4E, 0x4A, 0x44, 0xBC, \ - 0x4D, 0x7C, 0x7E, 0xA0, 0xE7, 0x8E, 0xA3, 0x5D, 0xFB, 0x53, 0x4D, 0x67, 0x74, 0x4B, 0x65, 0x1E, 0xC1, \ - 0x57, 0x7C, 0x67, 0xB3, 0x58, 0x42, 0x4F, 0x36, 0xF9, 0x0C, 0x77, 0x58, 0x6C, 0x9A, 0x04, 0x15, 0x0D, \ - 0x71, 0x55, 0x3F, 0x8E, 0x69, 0x12, 0x2C, 0xFC, 0xCA, 0x80, 0xD7, 0xC7, 0x27, 0xFE, 0xEA, 0x6E, 0x7D, \ - 0xFC, 0x84, 0x50, 0x0F, 0x00, 0x71, 0x09, 0x8F, 0x2C, 0x91, 0x57, 0xAF, 0xE7, 0xF3, 0x11, 0xA8, 0xA2, \ - 0x76, 0xF2, 0x1D, 0x88, 0xA5, 0x2F, 0x2E, 0x09, 0x02, 0xB3, 0xC4, 0xD5, 0x1D, 0x39, 0x20, 0x3C, 0x36, \ - 0x51, 0x19, 0x9C, 0xFB, 0xC9, 0x33, 0xD6, 0xBE, 0x93, 0xBD, 0x68, 0x6D, 0x51, 0x30, 0xA9, 0x11, 0x98, \ - 0xAD, 0x84, 0xC5, 0x50, 0x9A, 0x7E, 0x11, 0x8E, 0x43, 0x78, 0x79, 0x3A, 0xE2, 0xF0, 0x52, 0xB8, 0xDD, \ - 0x4E, 0xD3, 0xB8, 0xE0, 0xF9, 0xA6, 0x34, 0xF2, 0xE1, 0xA3, 0xEC, 0x92, 0x46, 0xE4, 0xAE, 0x09, 0xFB, \ - 0x2A, 0x1F, 0x6F, 0xD0, 0x23, 0x0F, 0xE8, 0x0D, 0x52, 0x98, 0x88, 0xA3, 0x15, 0xC9, 0x01, 0x94, 0x61, \ - 0x1D, 0xB7, 0x2F, 0x5F, 0xB2, 0x94, 0x5D, 0x01, 0x54, 0x61, 0xB1, 0xF2, 0xB6, 0xF3, 0x79, 0x22, 0x2F, \ - 0x9C, 0x44, 0xAB, 0xD5, 0x0D, 0xC8, 0x42, 0x06, 0x03, 0x33, 0x8E, 0x52, 0xDF, 0xC8, 0xDE, 0x18, 0xF6, \ - 0xD6, 0x73, 0x64, 0x70, 0x94, 0xC5, 0x0F, 0x64, 0x3E, 0x7E, 0x14, 0xE9, 0xF4, 0x4C, 0xF9, 0x5E, 0x5A, \ - 0xC6, 0x39, 0xF7, 0xA9, 0x72, 0xB5, 0x08, 0x51, 0x11, 0x7A, 0xDB, 0x8A, 0x72, 0xF9, 0xF7, 0x23, 0x59, \ - 0xAC, 0x9A, 0x61, 0x2F, 0xA6, 0xDB, 0x84, 0xBD, 0x7C, 0x7E, 0x1A, 0xEA, 0xFB, 0x6B, 0xC8, 0x5E, 0xE3, \ - 0x04, 0xBF, 0x13, 0x05, 0xFA, 0xDA, 0xF7, 0x96, 0x91, 0x6A, 0x40, 0xA8, 0xC7, 0x77, 0xC6, 0xCB, 0xAC, \ - 0x2C, 0xD9, 0xCD, 0x6C, 0x6D, 0xA4, 0x19, 0x50, 0x07, 0x8C, 0x72, 0xEE, 0x0F, 0x33, 0xA2, 0x48, 0x20, \ - 0x24, 0x5E, 0x93, 0xE7, 0xC2, 0x73, 0x02, 0x00, 0x87, 0xFD, 0x11, 0x2A, 0x8F, 0x9F, 0xD9, 0xFB, 0xF7, \ - 0xAC, 0x0D, 0x77, 0xBB, 0x1C, 0xF8, 0x55, 0xE7, 0x10, 0x05, 0x5C, 0x18, 0x23, 0x26, 0xDD, 0x60, 0xDD, \ - 0xFF, 0xAB, 0x8D, 0x68, 0xDE, 0x7E, 0xE8, 0xB3, 0xDE, 0xA2, 0x6D, 0x35, 0x7C, 0x9B, 0x31, 0x11, 0x5E, \ - 0xEC, 0xB5, 0x51, 0x00, 0x1C, 0x5C, 0x65, 0xA3, 0xC7, 0x35, 0xFA, 0x37, 0x1C, 0xDF, 0xD0, 0x26, 0xA0, \ - 0x44, 0x57, 0xD4, 0xC9, 0xCE, 0xE5, 0x2B, 0xB4, 0x06, 0xF6, 0x9B, 0xE9, 0xE5, 0x66, 0x6F, 0x24, 0x30, \ - 0xBF, 0x6D, 0x8E, 0x2E, 0xE7, 0x13, 0x94, 0x0B, 0x6F, 0x1A, 0x7A, 0x77, 0xAB, 0xD9, 0xB4, 0x2D, 0xFF, \ - 0x4F, 0xB4, 0xC7, 0x04, 0x2E, 0xF7, 0x1B, 0xF6, 0x66, 0x2D, 0xA7, 0x59, 0x99, 0x57, 0x5F, 0x2C, 0x1A, \ - 0x75, 0x81, 0xF3, 0xAC, 0x41, 0x7A, 0xFB, 0x47, 0xF3, 0x0E, 0xDC, 0x9E, 0xAB, 0xED, 0x18, 0xA4, 0x43, \ - 0xCC, 0x80, 0xFB, 0x6E, 0x53, 0xD6, 0x91, 0x9F, 0x30, 0x80, 0xEA, 0x04, 0x42, 0x7B, 0x94, 0x62, 0x34, \ - 0x25, 0xEA, 0xA4, 0x9A, 0x72, 0x9B, 0x81, 0x47, 0xA5, 0xA0, 0xE9, 0x07, 0xBB, 0x09, 0xDA, 0x4C, 0x51, \ - 0x61, 0x00, 0xC7, 0x1E, 0x0E, 0x37, 0x7F, 0xF2, 0x2B, 0x82, 0xD0, 0xF6, 0x18, 0xFA, 0x56, 0xC7, 0x2D, \ - 0xEB, 0x22, 0xFC, 0xDC, 0x97, 0xDF, 0x65, 0xBC, 0xB4, 0x2A, 0xB3, 0x10, 0xFF, 0xC5, 0x7A, 0x9F, 0xF8, \ - 0xCD, 0xB9, 0x84, 0x60, 0x9E, 0x92, 0xFD, 0xF9, 0x16, 0x90, 0xB2, 0x81, 0x52, 0x7E, 0x03, 0xBC, 0x91, \ - 0xD8, 0x9A, 0x0C, 0xC1, 0x99, 0x93, 0x42, 0x67, 0x96, 0x3C, 0x01, 0x55, 0x37, 0x86, 0xD2, 0x37, 0xE6, \ - 0x07, 0xC8, 0x74, 0x41, 0xCD, 0x88, 0x93, 0x51, 0xBA, 0x9B, 0xB0, 0x00, 0x6D, 0x14, 0x4F, 0xD8, 0x7F, \ - 0x77, 0x9F, 0x7E, 0x15, 0xE2, 0xA9, 0xA0, 0xC8, 0x7F, 0xD4, 0xFA, 0xCD, 0x60, 0x91, 0xA8, 0x9B, 0xB7, \ - 0x41, 0x6E, 0x07, 0xCB, 0x21, 0xE9, 0x42, 0xC1, 0xB7, 0x6E, 0x63, 0x68, 0x90, 0x0E, 0x29, 0xBB, 0x0D, \ - 0x83, 0x32, 0xD0, 0x71, 0x5A, 0xE1, 0xEC, 0x21, 0x0E, 0x78, 0xC6, 0x60, 0x3D, 0x78, 0xFA, 0x5C, 0xEE, \ - 0xAC, 0x29, 0xC4, 0xE4, 0x0F, 0x92, 0x27, 0xBE, 0xD0, 0xA5, 0x1E, 0xF4, 0xDD, 0xAB, 0xB9, 0x22, 0xA0, \ - 0x7E, 0xFE, 0x47, 0x1D, 0x62, 0x69, 0x9D, 0x8D, 0x01, 0xCF, 0x5D, 0xC1, 0xAD, 0x50, 0x61, 0x77, 0x91, \ - 0x39, 0x0A, 0x97, 0x92, 0x92, 0x66, 0x9F, 0xE5, 0x57, 0x26, 0xD7, 0x01, 0xC3, 0xEF, 0x23, 0xCC, 0x98, \ - 0xB9, 0x39, 0x20, 0x6D, 0xC8, 0x10, 0x2D, 0xB8, 0x18, 0x2E, 0xC2, 0x25, 0x83, 0x88, 0x2A, 0xDF, 0xC7, \ - 0xBF, 0xBC, 0xE8, 0xA9, 0x7B, 0xD4, 0x19, 0x0E, 0xEF, 0x4E, 0xE4, 0xBA, 0x8B, 0x7C, 0xDB, 0x6A, 0x2A, \ - 0xEA, 0xA3, 0xED, 0xDD, 0xCF, 0x00, 0x85, 0x4B, 0xA0, 0xC2, 0xBC, 0x72, 0x39, 0x3D, 0x6A, 0x5C, 0x9D, \ - 0xDA, 0x8C, 0x1C, 0x67, 0x9A, 0xDC, 0x73, 0xF3, 0x9E, 0x2E, 0xA2, 0x0C, 0x42, 0x86, 0xE4, 0xA6, 0x3F, \ - 0x05, 0x57, 0xD0, 0xE4, 0xA7, 0x75, 0x5B, 0xA8, 0xA4, 0xE3, 0x1A, 0x57, 0x02, 0xBD, 0xE7, 0xDA, 0x32, \ - 0xA2, 0x69, 0xAA, 0xEC, 0xEB, 0xAF, 0x42, 0x8C, 0x72, 0xE4, 0xB1, 0x15, 0x26, 0x25, 0x7B, 0x29, 0xF8, \ - 0x97, 0x3F, 0x12, 0x29, 0x4F, 0x0B, 0xA5, 0x2E, 0x74, 0x8F, 0xA9, 0xF4, 0xED, 0x00, 0x42, 0x73, 0x92, \ - 0x59, 0x0B, 0xA8, 0x98, 0xF7, 0x7E, 0xE7, 0x09, 0xEE, 0xA4, 0x91, 0x2F, 0x93, 0xB7, 0x91, 0x1A, 0xBF, \ - 0x94, 0x96, 0xF9, 0xCC, 0xA4, 0x16, 0xDA, 0x01, 0x7C, 0x1A, 0xF9, 0xC3, 0xE5, 0x8A, 0xCC, 0x96, 0x54, \ - 0xC2, 0xDE, 0x1E, 0x04, 0x98, 0xA3, 0x6B, 0x55, 0x61, 0xB8, 0x1C, 0x57, 0x70, 0x9E, 0xAB, 0x48, 0xEA, \ - 0xD7, 0x18, 0x0A, 0xC8, 0x45, 0xB1, 0xC8, 0x6A, 0x5A, 0xAA, 0xB6, 0xDE, 0x76, 0x76, 0x2B, 0x82, 0x45, \ - 0x7E, 0x17, 0x83, 0x51, 0xAA, 0x13, 0xC8, 0xBF, 0x30, 0x62, 0xB9, 0xAE, 0xB7, 0x74, 0x55, 0xC7, 0x24, \ - 0x94, 0x3C, 0x1C, 0xA5, 0x1E, 0x94, 0x70, 0x71, 0xAF, 0x29, 0x5B, 0x79, 0xF1, 0xAF, 0x31, 0x30, 0x82, \ - 0x0F, 0x3C, 0x5A, 0x05, 0x1D, 0x88, 0x7D, 0x63, 0x4C, 0xCE, 0x7D, 0xFD, 0x07, 0x17, 0xB0, 0xC8, 0x13, \ - 0xC4, 0x7B, 0x0F, 0xBD, 0xFC, 0x5E, 0x58, 0x14, 0xD6, 0x17, 0x10, 0x5D, 0xDB, 0x54, 0x60, 0x3C, 0x68, \ - 0x0B, 0x54, 0x84, 0xFA, 0xAB, 0xD0, 0x02, 0xFE, 0x66, 0xB3, 0xEC, 0xDF, 0x06, 0x97, 0xC4, 0x0C, 0xDC, \ - 0xEC, 0x4B, 0x9B, 0x6C, 0x3A, 0x04, 0x72, 0x84, 0xA0, 0x9D, 0xC2, 0x6A, 0xB5, 0x69, 0x81, 0x30, 0x57, \ - 0x5F, 0x40, 0x81, 0x4C, 0x57, 0xA8, 0x0B, 0x41, 0x24, 0x68, 0x36, 0x8E, 0xFD, 0x2A, 0xE0, 0x69, 0xF5, \ - 0x3E, 0x56, 0x52, 0xF4, 0x5A, 0xFF, 0xF6, 0x32, 0xC2, 0xAE, 0xF4, 0xCC, 0x88, 0xA6, 0x5F, 0xFB, 0xFB, \ - 0x6B, 0xD1, 0xFF, 0x65, 0x31, 0xE9, 0x38, 0x1B, 0xCC, 0xA0, 0x47, 0xC0, 0x0D, 0x3C, 0x10, 0x5D, 0xB3, \ - 0x46, 0x63, 0x2A, 0xC4, 0x74, 0xCA, 0xC4, 0x3E, 0x49, 0xEB, 0x0A, 0xE3, 0xD6, 0xF1, 0xE8, 0xF5, 0xC3, \ - 0x9C, 0xD2, 0xE6, 0xEF, 0xCB, 0x29, 0xAF, 0x5D, 0xEA, 0x27, 0x1D, 0x8B, 0x8F, 0xEB, 0x33, 0x9E, 0x57, \ - 0xD4, 0x55, 0xD8, 0xB0, 0x34, 0x43, 0xA4, 0xF6, 0x38, 0x8B, 0x66, 0x1E, 0x30, 0xA1, 0x7D, 0xAF, 0xC2, \ - 0x1E, 0x6B, 0xFD, 0x73, 0x05, 0x39, 0xB5, 0x06, 0xEF, 0x93, 0x1D, 0x7A, 0xF7, 0x15, 0x74, 0x3A, 0x72, \ - 0x06, 0x6F, 0x9F, 0xA8, 0xCF, 0x4D, 0x2A, 0x8C, 0xB4, 0x7F, 0xB9, 0x40, 0xE7, 0x2E, 0x8B, 0xC1, 0xD9, \ - 0x84, 0xFF, 0x5E, 0x78, 0x5D, 0x6C, 0x36, 0xDC, 0xD5, 0x92, 0x94, 0x17, 0x11, 0x0E, 0xE0, 0xE2, 0xFD, \ - 0xC0, \ - } - -#define KEY_CODE_ENC \ - { \ - 0x00, 0x00, 0x00, 0x02, 0xE2, 0x9B, 0x12, 0x4E, 0xF2, 0xDC, 0xA8, 0xE3, 0x2D, 0x7A, 0xB3, 0x98, 0x56, 0x3E, \ - 0x0A, 0x0F, 0x66, 0xCF, 0xB2, 0x37, 0x31, 0xBD, 0xD4, 0xD4, 0x42, 0x27, 0x73, 0x92, 0x23, 0xCC, 0xA7, \ - 0xE7, 0x51, 0xA4, 0x99, 0x91, 0x19, 0x68, 0x74, 0x92, 0xC9, 0x9D, 0xF2, 0x9F, 0x5B, 0x6E, 0x5E, 0x81 \ - } - -#define KEY_CODE_MAC \ - { \ - 0x00, 0x00, 0x00, 0x02, 0x81, 0x54, 0x3E, 0x5D, 0x47, 0xDE, 0x23, 0x7C, 0x00, 0x1B, 0x16, 0xBE, 0x1B, 0x05, \ - 0xED, 0xD2, 0xD5, 0xB2, 0x4D, 0x3C, 0xD3, 0xDD, 0xD5, 0xA9, 0x40, 0x5E, 0x7D, 0x90, 0x73, 0x74, 0xDE, \ - 0x05, 0xAC, 0x76, 0x7D, 0x87, 0xB6, 0x5E, 0x1F, 0x8E, 0xB5, 0x93, 0x53, 0x41, 0x51, 0x27, 0xE9, 0xF9 \ - } - -#define KEY_CODE_DEK \ - { \ - 0x00, 0x00, 0x00, 0x02, 0x88, 0xE0, 0x9A, 0x2B, 0x23, 0x77, 0xC3, 0xF5, 0xEE, 0x28, 0x4F, 0x7C, 0x5B, 0xD8, \ - 0x9C, 0xF5, 0xA8, 0xC9, 0xE4, 0xE3, 0xDC, 0x8D, 0x34, 0x3C, 0x00, 0x39, 0x7E, 0xA3, 0x35, 0x39, 0xFD, \ - 0xD1, 0xE4, 0x8D, 0xA9, 0x8C, 0x41, 0xAF, 0x8C, 0x8D, 0x50, 0xFE, 0x63, 0x96, 0x46, 0x2E, 0x4D, 0xEB \ - } - -#define EX_SSS_AUTH_SE05X_KEY_ENC KEY_CODE_ENC -#define EX_SSS_AUTH_SE05X_KEY_MAC KEY_CODE_MAC -#define EX_SSS_AUTH_SE05X_KEY_DEK KEY_CODE_DEK - -#endif // SECURE_WORLD - -#endif // __EX_SCP03_PUF_H__ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h deleted file mode 100644 index f967247a4..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_EX_INC_EX_SSS_H_ -#define SSS_EX_INC_EX_SSS_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#include - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -#include -#endif -#if SSS_HAVE_MBEDTLS -#include -#endif -#if SSS_HAVE_OPENSSL -#include -#endif - -#if SSS_HAVE_SSCP -#include -#endif - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#ifndef MAKE_TEST_ID -#define MAKE_TEST_ID(ID) (0xEF000000u + ID) -#endif /* MAKE_TEST_ID */ - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -#if 0 -typedef struct -{ - sss_session_t currentSession; - - sss_key_store_t ks; - - sss_sscp_session_t *sscp_session; -#if (SSS_HAVE_A71CH) || (SSS_HAVE_A71CH_SIM) - sss_a71ch_key_store_t *a71ch_keystore; -#endif - - sscp_context_t sscp; - sss_asymmetric_t asymVerifyCtx; - sss_asymmetric_t asymm; - sss_object_t keyPair; - sss_object_t extPubkey; - - sss_object_t Device_Cert; - sss_object_t Pubkey; - sss_object_t interCaCert; - sss_object_t interkeyPair; - sss_object_t clientCert; -#if SSS_HAVE_APPLET_SE05X_IOT - sss_session_t hostSession; - sss_key_store_t hostKs; - sss_object_t hostKey; -#endif - sss_symmetric_t symm; - sss_rng_context_t rng; - sss_mac_t mac; - -} sss_ex_ctx_t; - -#endif - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ -// extern const char *gszA71COMPortDefault; -// extern const char *gszA71SocketPortDefault; - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/* Entry point for each individual SSS API Based example */ - -#endif /* SSS_EX_INC_EX_SSS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h deleted file mode 100644 index ffd5be8b3..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h +++ /dev/null @@ -1,180 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_EX_INC_EX_SSS_AUTH_H_ -#define SSS_EX_INC_EX_SSS_AUTH_H_ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#include "ex_sss_boot.h" -#include "ex_sss_objid.h" -#include "ex_sss_scp03_keys.h" -#if defined(SECURE_WORLD) -#include "ex_scp03_puf.h" -#endif /* SECURE_WORLD */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* clang-format off */ - -/* Used in examples and testing */ -/* doc:start:auth-key-user-id */ -#define EX_SSS_AUTH_SE05X_UserID_AUTH_ID kEX_SSS_ObjID_UserID_Auth - -#define EX_SSS_AUTH_SE05X_UserID_VALUE \ - { \ - 0xC0, 0x01, 0x02, 0x03, 0x04 \ - } /* COOL 234*/ - -#define EX_SSS_AUTH_SE05X_UserID_VALUE2 \ - { \ - 0xC0, 0x01, 0x02, 0x03, 0x04, 0x05 \ - } /* COOL 2345*/ -/* doc:end:auth-key-user-id */ - -#define EX_SSS_AUTH_SE05X_NONE_AUTH_ID 0x00000000 - -/* doc:start:auth-key-applet-scp */ -#define EX_SSS_AUTH_SE05X_APPLETSCP_AUTH_ID kEX_SSS_ObjID_APPLETSCP03_Auth - -#define EX_SSS_AUTH_SE05X_APPLETSCP_VALUE \ - { \ - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, \ - 0x4B, 0x4C, 0x4D, 0x4E, 0x4F \ - } - -#define EX_SSS_AUTH_SE05X_APPLETSCP_VALUE2 \ - { 0xea, 0x62, 0x04, 0x48, 0x0b, 0xf5, 0x19, 0xf6, 0xc2, 0xb7, 0x7f, \ - 0xba, 0x8b, 0x2d, 0x57, 0x30 \ - } -/* doc:end:auth-key-applet-scp */ - -/* Use the Platform SCP03 keys from required OEF - * See https://www.nxp.com/docs/en/application-note/AN12436.pdf - */ - -#if EXTERNAL_CUSTOMER_BUILD_CONFIGURATION - -#if SSS_HAVE_SE05X_VER_06_00 // Applet 6.0 - #ifndef EX_SSS_AUTH_SE05X_KEY_ENC - # define EX_SSS_AUTH_SE05X_KEY_ENC SSS_AUTH_SE051C2_KEY_ENC - #endif - #ifndef EX_SSS_AUTH_SE05X_KEY_MAC - # define EX_SSS_AUTH_SE05X_KEY_MAC SSS_AUTH_SE051C2_KEY_MAC - #endif - #ifndef EX_SSS_AUTH_SE05X_KEY_DEK - # define EX_SSS_AUTH_SE05X_KEY_DEK SSS_AUTH_SE051C2_KEY_DEK - #endif -#else - #ifndef EX_SSS_AUTH_SE05X_KEY_ENC - # define EX_SSS_AUTH_SE05X_KEY_ENC SSS_AUTH_SE050_DEVKIT_KEY_ENC - #endif - #ifndef EX_SSS_AUTH_SE05X_KEY_MAC - # define EX_SSS_AUTH_SE05X_KEY_MAC SSS_AUTH_SE050_DEVKIT_KEY_MAC - #endif - #ifndef EX_SSS_AUTH_SE05X_KEY_DEK - # define EX_SSS_AUTH_SE05X_KEY_DEK SSS_AUTH_SE050_DEVKIT_KEY_DEK - #endif -#endif - -#else -/* Test / dummy keys */ - -#ifndef EX_SSS_AUTH_SE05X_KEY_ENC -# define EX_SSS_AUTH_SE05X_KEY_ENC \ - { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x01 } -#endif - -#ifndef EX_SSS_AUTH_SE05X_KEY_MAC -# define EX_SSS_AUTH_SE05X_KEY_MAC \ - { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x02 } -#endif - -#ifndef EX_SSS_AUTH_SE05X_KEY_DEK -# define EX_SSS_AUTH_SE05X_KEY_DEK \ - { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x03 } -#endif - -#endif - - -#define EX_SSS_AUTH_SE05X_KEY_VERSION_NO 0x0B - -/* doc:start:auth-key-fast-scp-ecdsa */ -#define EX_SSS_AUTH_SE05X_ECKEY_ECDSA_AUTH_ID kEX_SSS_objID_ECKEY_Auth - -#define EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY \ - { \ - 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, \ - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ - 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, \ - 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, \ - 0x01, 0x01, 0x04, 0x20, \ - 0x6D, 0x2F, 0x43, 0x2F, 0x8A, 0x2F, 0x45, 0xEC, \ - 0xD5, 0x82, 0x84, 0x7E, 0xC0, 0x83, 0xBB, 0xEB, \ - 0xC2, 0x3F, 0x1D, 0xF4, 0xF0, 0xDD, 0x2A, 0x6F, \ - 0xB8, 0x1A, 0x24, 0xE7, 0xB6, 0xD5, 0x4C, 0x7F, \ - 0xA1, 0x44, 0x03, 0x42, 0x00, \ - 0x04, 0x3C, 0x9E, 0x47, 0xED, 0xF0, 0x51, 0xA3, \ - 0x58, 0x9F, 0x67, 0x30, 0x2D, 0x22, 0x56, 0x7C, \ - 0x2E, 0x17, 0x22, 0x9E, 0x88, 0x83, 0x33, 0x8E, \ - 0xC3, 0xB7, 0xD5, 0x27, 0xF9, 0xEE, 0x71, 0xD0, \ - 0xA8, 0x1A, 0xAE, 0x7F, 0xE2, 0x1C, 0xAA, 0x66, \ - 0x77, 0x78, 0x3A, 0xA8, 0x8D, 0xA6, 0xD6, 0xA8, \ - 0xAD, 0x5E, 0xC5, 0x3B, 0x10, 0xBC, 0x0B, 0x11, \ - 0x09, 0x44, 0x82, 0xF0, 0x4D, 0x24, 0xB5, 0xBE, \ - 0xC4 \ - } - -#define EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY2 \ - { \ - 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, \ - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ - 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, \ - 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, \ - 0x01, 0x01, 0x04, 0x20, \ - 0x12, 0xe2, 0xd3, 0xc7, 0x31, 0xa6, 0x7c, 0x32, \ - 0xfb, 0xd7, 0x2f, 0xa9, 0xc4, 0xbb, 0xc2, 0xd0, \ - 0x64, 0xad, 0x50, 0x99, 0xd3, 0x3d, 0x01, 0x4b, \ - 0x4f, 0x36, 0x90, 0x9c, 0xba, 0xab, 0xbb, 0xda, \ - 0xA1, 0x44, 0x03, 0x42, 0x00, \ - 0x04, 0x0d, 0x0e, 0x03, 0xdd, 0x40, 0x1e, 0x77, \ - 0xff, 0xab, 0xa8, 0xb5, 0x79, 0xdb, 0x8a, 0xf4, \ - 0x09, 0x7b, 0x59, 0x4e, 0xe8, 0xa0, 0xb8, 0x1c, \ - 0xeb, 0xa8, 0x53, 0x96, 0xc6, 0x13, 0x96, 0x56, \ - 0x13, 0x5e, 0x68, 0x75, 0xb9, 0xe9, 0x79, 0x29, \ - 0x28, 0x8c, 0x7d, 0xa1, 0xf2, 0x78, 0x7b, 0x66, \ - 0x86, 0xcc, 0x9e, 0x6b, 0xf6, 0x03, 0xc2, 0xfe, \ - 0x59, 0x1b, 0xab, 0x4a, 0x40, 0x24, 0x70, 0xe4, \ - 0x8b \ - } - -/* doc:end:auth-key-fast-scp-ecdsa */ - -/* clang-format on */ - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -#endif /* SSS_EX_INC_EX_SSS_AUTH_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h deleted file mode 100644 index 3d6ed1b12..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h +++ /dev/null @@ -1,220 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file - * - * ex_sss_boot.h: *The purpose and scope of this file* - * - * Project: SecureIoTMW-Debug@appboot-top-eclipse_x86 - * - * $Date: Mar 10, 2019 $ - * $Author: ing05193 $ - * $Revision$ - */ - -#ifndef SSS_EX_INC_EX_SSS_BOOT_H_ -#define SSS_EX_INC_EX_SSS_BOOT_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "ex_sss.h" -#include "fsl_sss_api.h" - -#if SSS_HAVE_APPLET_SE05X_IOT -#include "fsl_sss_se05x_types.h" -#endif -#include "ex_sss_ports.h" -#include "nxScp03_Types.h" - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ -#if SSS_HAVE_SE || SSS_HAVE_APPLET_SE05X_IOT - -typedef union ex_auth { - struct - { - NXSCP03_StaticCtx_t ex_static; //!< .static keys data - NXSCP03_DynCtx_t ex_dyn; //!< session keys data - } scp03; - struct - { - NXECKey03_StaticCtx_t ex_static; //!< .static keys data - NXSCP03_DynCtx_t ex_dyn; //!< session keys data - } eckey; - struct - { - sss_object_t ex_id; - } id; -} ex_SE05x_authCtx_t; -#endif - -typedef struct -{ - sss_session_t session; - sss_key_store_t ks; - -#if SSS_HAVE_HOSTCRYPTO_ANY || SSS_HAVE_SSCP - sss_session_t host_session; -#endif - -#if SSS_HAVE_HOSTCRYPTO_ANY - sss_key_store_t host_ks; -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT || SSS_HAVE_APPLET_LOOPBACK - SE_Connect_Ctx_t se05x_open_ctx; - sss_tunnel_t *pTunnel_ctx; - ex_SE05x_authCtx_t ex_se05x_auth; -#endif - -#if SSS_HAVE_SSCP - sscp_context_t sscp_ctx; -#endif - -} ex_sss_boot_ctx_t; - -#if SSS_HAVE_APPLET_SE05X_IOT -typedef struct -{ - sss_session_t platf_session; - SE_Connect_Ctx_t platf_open_ctx; - sss_session_t *phost_session; - sss_key_store_t *phost_ks; -#if 1 //SSS_HAVE_HOSTCRYPTO_ANY - /* Keeping this to be consistant on binary sizes */ - ex_SE05x_authCtx_t ex_se05x_auth; -#endif // SSS_HAVE_HOSTCRYPTO_ANY -} ex_sss_platf_ctx_t; -#endif - -typedef struct -{ - sss_object_t pub_obj; - sss_object_t obj; - sss_object_t dev_cert; - sss_object_t interCaCert; - sss_key_store_t *pHost_ks; - uint32_t client_keyPair_index; - uint32_t client_cert_index; -} ex_sss_cloud_ctx_t; - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ - -#if SSS_HAVE_APPLET_SE05X_IOT - -sss_status_t ex_sss_se05x_prepare_host(sss_session_t *host_session, - sss_key_store_t *host_ks, - SE05x_Connect_Ctx_t *se05x_open_ctx, - ex_SE05x_authCtx_t *ex_se05x_authctx, - SE_AuthType_t auth_type); - -/* Prepare host for multiple user sessions */ -sss_status_t ex_sss_se05x_prepare_host_keys(sss_session_t *pHostSession, - sss_key_store_t *pHostKs, - SE_Connect_Ctx_t *pConnectCtx, - ex_SE05x_authCtx_t *se05x_auth_ctx, - uint32_t offset); -#endif - -#if SSS_HAVE_SE -sss_status_t ex_sss_se_prepare_host(sss_session_t *host_session, - sss_key_store_t *host_ks, - SE_Connect_Ctx_t *se05x_open_ctx, - ex_SE05x_authCtx_t *ex_se05x_authctx, - SE_AuthType_t auth_type); -#endif - -/** The case where we connect to the cyrptogrpahic system directly. - * - * e.g. when running form an embedded sytem, without any choice of Port Numbers, etc. - */ -sss_status_t ex_sss_boot_direct(void); - -/** The case where we connect to the cyrptogrpahic system in-directly. - * - * This function is a similar to @ref ex_sss_boot_direct. - * - * This function expects that the last argument in argv is the - * expected/probable port name. - * - * e.g. when running form PC, where we are connected - * to secure element via a COM Port/Socket Port. In such cases, - * taking the Port number from a Command Line Argument, - * or Environment Variable would make sense and examples - * would become more portable. - * - * @param argc count of parameters, as received by main - * @param argv Array of argv, as received by main - * @param[out] pPortName Possible port name - * @return 0 if successful. - */ -sss_status_t ex_sss_boot_connectstring(int argc, const char *argv[], const char **pPortName); - -/** - * For the case where few activities have to be performed - * after RTOS initialization, this API would be executed - * as an RTOS Task. - * - * @return - */ -sss_status_t ex_sss_boot_rtos(void *); - -/** Is this a serail port */ -bool ex_sss_boot_isSerialPortName(const char *portName); - -/** Is this --help request */ -bool ex_sss_boot_isHelp(const char *argname); - -/** Is this a socket port */ -bool ex_sss_boot_isSocketPortName(const char *portName); - -/** Open an example session */ -sss_status_t ex_sss_boot_open(ex_sss_boot_ctx_t *pCtx, const char *portName); - -/** Open an example cc session */ -sss_status_t ex_sss_boot_open_on_id(ex_sss_boot_ctx_t *pCtx, const char *portName, const int32_t authId); - -/** Open an example session */ -sss_status_t ex_sss_boot_factory_reset(ex_sss_boot_ctx_t *pCtx); - -/** Close an example session */ -void ex_sss_session_close(ex_sss_boot_ctx_t *pCtx); - -/** Entry Point for each example */ -sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx); - -#define ex_sss_kestore_and_object_init ex_sss_key_store_and_object_init - -sss_status_t ex_sss_key_store_and_object_init(ex_sss_boot_ctx_t *pCtx); - -int ex_sss_boot_rtos_init(void); - -#if SSS_HAVE_HOSTCRYPTO_ANY -sss_status_t ex_sss_boot_open_host_session(ex_sss_boot_ctx_t *pCtx); -#endif - -#if defined(__cplusplus) -} -#endif - -#endif /* SSS_EX_INC_EX_SSS_BOOT_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h deleted file mode 100644 index 9ce448dbb..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h +++ /dev/null @@ -1,382 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/* Common, Re-Usable main implementation */ -/* Include this header file only once in the application */ - -/* - * Applications control the boot flow by defining these macros. - * - * - * - EX_SSS_BOOT_PCONTEXT : Pointer to ex_sss_boot_ctx_t - * This allows that boot framework do not blindly rely on - * global variables. - * - * - EX_SSS_BOOT_DO_ERASE : Delete all objects on boot up if 1 - * Few examples expect the IC is *empty*, and few examples - * expect to work with previously provisioned/persisted data. - * This variable allows to over-ride that behaviour. - * - * - EX_SSS_BOOT_EXPOSE_ARGC_ARGV : Expose ARGC & ARGV from Command - * line to Application. - * When running from PC/Linux/OSX, command line arguments allow - * to choose extra command line parameters, e.g. Input/Output - * certificate or signing/verifying data. - * But on embedded platforms, such feature is not possible to - * achieve. - * - * Optional variables: - * - * - EX_SSS_BOOT_RTOS_STACK_SIZE : For RTOS based system, - * this is over-ridden and passed to RTOS based example - * boot up. It sets value needed for new task. - * Please note, FREE RTOS will reserve - * EX_SSS_BOOT_RTOS_STACK_SIZE * sizeof(UBaseType_t) - * bytes. - * - * - EX_SSS_BOOT_OPEN_HOST_SESSION : For examples that do not - * need host side implementation, his allows to skip opening - * the host session. (Host session is needed to either re-verify - * test data at host, or for SCP03). - * By default this is enabled. - * - * - */ - -#if defined(FRDM_KW41Z) || defined(FRDM_K64F) || defined(IMX_RT) || defined(LPC_55x) || defined(QN9090DK6) -#define HAVE_KSDK -#endif - -#ifdef HAVE_KSDK -#include "ex_sss_main_inc_ksdk.h" -#endif - -#if defined(__linux__) && defined(T1oI2C) -#if SSS_HAVE_APPLET_SE05X_IOT -#include "ex_sss_main_inc_linux.h" -#endif -#endif -#include /* memset */ - -#include "PlugAndTrust_Pkg_Ver.h" -#include "string.h" /* memset */ - -#if defined(USE_RTOS) && USE_RTOS == 1 -#ifndef INC_FREERTOS_H /* Header guard of FreeRTOS */ -#include "FreeRTOS.h" -#include "FreeRTOSConfig.h" -#endif /* INC_FREERTOS_H */ -#include "task.h" -#include "iot_logging_task.h" -#define LOGGING_TASK_PRIORITY (tskIDLE_PRIORITY + 1) -#define LOGGING_TASK_STACK_SIZE (200) -#define LOGGING_QUEUE_LENGTH (16) -#endif - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -#include "ex_a71ch_scp03.h" -#endif - -#ifdef EX_SSS_BOOT_PCONTEXT -#define PCONTEXT EX_SSS_BOOT_PCONTEXT -#else -#define PCONTEXT (NULL) -#endif - -#if !defined(EX_SSS_BOOT_DO_ERASE) -#error EX_SSS_BOOT_DO_ERASE must be set to 0 or 1 -#endif - -#if !defined(EX_SSS_BOOT_EXPOSE_ARGC_ARGV) -#error EX_SSS_BOOT_EXPOSE_ARGC_ARGV must be set to 0 or 1 -#endif - -#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV -static int gex_sss_argc; -static const char **gex_sss_argv; -#endif - -#if !defined(EX_SSS_BOOT_OPEN_HOST_SESSION) -#define EX_SSS_BOOT_OPEN_HOST_SESSION 1 -#endif - -#if !defined(EX_SSS_BOOT_RTOS_STACK_SIZE) -#define EX_SSS_BOOT_RTOS_STACK_SIZE 8500 -#endif - -#if defined(USE_RTOS) && USE_RTOS == 1 -static TaskHandle_t gSSSExRtosTaskHandle = NULL; -static void sss_ex_rtos_task(void *ctx); -#if INCLUDE_uxTaskGetStackHighWaterMark -void sss_ex_rtos_stack_size(const char *when); -#endif // INCLUDE_uxTaskGetStackHighWaterMark -#if (!AX_EMBEDDED) -extern void prvMiscInitialisation(void); -#endif -#endif /* RTOS */ - -#if defined(CPU_JN518X) -/* Allocate the memory for the heap. */ -uint8_t __attribute__((section(".bss.$SRAM1"))) ucHeap[configTOTAL_HEAP_SIZE]; -#endif - -int main(int argc, const char *argv[]) -{ - int ret; - sss_status_t status = kStatus_SSS_Fail; - const char *portName; - -#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV - gex_sss_argc = argc; - gex_sss_argv = argv; -#endif // EX_SSS_BOOT_EXPOSE_ARGC_ARGV - -#ifdef HAVE_KSDK - ex_sss_main_ksdk_bm(); -#endif // HAVE_KSDK - -#if defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT - ex_sss_main_linux_conf(); -#endif // defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT - - LOG_I(PLUGANDTRUST_PROD_NAME_VER_FULL); - -#ifdef EX_SSS_BOOT_PCONTEXT - memset((EX_SSS_BOOT_PCONTEXT), 0, sizeof(*(EX_SSS_BOOT_PCONTEXT))); -#endif // EX_SSS_BOOT_PCONTEXT - -#if AX_EMBEDDED - portName = NULL; -#else - status = ex_sss_boot_connectstring(argc, argv, &portName); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_boot_connectstring Failed"); - goto cleanup; - } -#endif // AX_EMBEDDED - -#if defined(USE_RTOS) && USE_RTOS == 1 -#if (!AX_EMBEDDED) && ENABLE_CLOUD_DEMOS - prvMiscInitialisation(); -#endif -#endif - - /* Initialise Logging locks */ - if (nLog_Init() != 0) { - LOG_E("Lock initialisation failed"); - } -#if defined(EX_SSS_BOOT_SKIP_SELECT_APPLET) && (EX_SSS_BOOT_SKIP_SELECT_APPLET == 1) - (PCONTEXT)->se05x_open_ctx.skip_select_applet = 1; -#endif - -#if defined(USE_RTOS) && USE_RTOS == 1 - if (xTaskCreate(&sss_ex_rtos_task, - "sss_ex_rtos_task", - EX_SSS_BOOT_RTOS_STACK_SIZE, - (void *)portName, - (tskIDLE_PRIORITY), - &gSSSExRtosTaskHandle) != pdPASS) { - LOG_E("Task creation failed!.\r\n"); - while (1) - ; - } - - /* Run RTOS */ - vTaskStartScheduler(); - -#else /* No RTOS, No Embedded */ - -#if !AX_EMBEDDED - if (ex_sss_boot_isHelp(portName)) { - memset(PCONTEXT, 0, sizeof(*PCONTEXT)); -#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV - /* so that tool can fetchup last value */ - gex_sss_argc++; -#endif // EX_SSS_BOOT_EXPOSE_ARGC_ARGV - goto before_ex_sss_entry; - } -#endif - - status = ex_sss_boot_open(PCONTEXT, portName); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_session_open Failed"); - goto cleanup; - } - -#if EX_SSS_BOOT_DO_ERASE - status = ex_sss_boot_factory_reset((PCONTEXT)); -#endif - - if (kType_SSS_SubSystem_NONE == ((PCONTEXT)->session.subsystem)) { - /* Nothing to do. Device is not opened - * This is needed for the case when we open a generic communication - * channel, without being specific to SE05X - */ - } - else { - status = ex_sss_key_store_and_object_init((PCONTEXT)); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_key_store_and_object_init Failed"); - goto cleanup; - } - } - -#if EX_SSS_BOOT_OPEN_HOST_SESSION && SSS_HAVE_HOSTCRYPTO_ANY - ex_sss_boot_open_host_session((PCONTEXT)); -#endif - -#if (SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM) && SSS_HAVE_A71CH_AUTH_SCP03 - LOG_I("A71CH SCP03 add-on"); - { - // Variables used by calls to legacy API - U8 sCounter[3]; - U16 sCounterLen = sizeof(sCounter); - U16 sw = 0; - U8 scpKeyEncBase[SCP_KEY_SIZE]; - U8 scpKeyMacBase[SCP_KEY_SIZE]; - U8 scpKeyDekBase[SCP_KEY_SIZE]; - - LOG_I("** Establish SCP03 session: Start **"); - status = ex_a71ch_FetchRandomScp03Keys(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase); - ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); - - status = ex_a71ch_SetSeScp03Keys(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase); - ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); - - LOG_I("Clear host-side SCP03 channel state"); - DEV_ClearChannelState(); - - LOG_I("SCP_Authenticate()"); - sw = SCP_Authenticate(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase, SCP_KEY_SIZE, sCounter, &sCounterLen); - status = (sw == SW_OK) ? kStatus_SSS_Success : kStatus_SSS_Fail; - ENSURE_OR_GO_CLEANUP(sw == SW_OK); - LOG_I("** Establish SCP03 session: End **"); - } -#endif // SSS_HAVE_A71CH && SSS_HAVE_A71CH_AUTH_SCP03 - -#if !AX_EMBEDDED -before_ex_sss_entry: -#endif - - status = ex_sss_entry((PCONTEXT)); - LOG_I("ex_sss Finished"); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_entry Failed"); - goto cleanup; - } -#endif /* No RTOS, No Embedded */ - // Delete locks for pthreads - nLog_DeInit(); - goto cleanup; - -cleanup: -#ifdef EX_SSS_BOOT_PCONTEXT - ex_sss_session_close((EX_SSS_BOOT_PCONTEXT)); -#endif - if (kStatus_SSS_Success == status) { - ret = 0; -#if defined(HAVE_KSDK) && HAVE_KSDK_LED_APIS == 1 - ex_sss_main_ksdk_success(); -#endif -#if defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT - ex_sss_main_linux_unconf(); -#endif // defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT - } - else { - LOG_E("!ERROR! ret != 0."); - ret = 1; -#if defined(HAVE_KSDK) && HAVE_KSDK_LED_APIS == 1 - ex_sss_main_ksdk_failure(); -#endif - } - return ret; -} - -#if defined(USE_RTOS) && USE_RTOS == 1 -static void sss_ex_rtos_task(void *ctx) -{ - sss_status_t status; - -#if INCLUDE_uxTaskGetStackHighWaterMark - sss_ex_rtos_stack_size("Boot"); -#endif // INCLUDE_uxTaskGetStackHighWaterMark - -#if AX_EMBEDDED - ex_sss_main_ksdk_boot_rtos_task(); -#endif - status = ex_sss_boot_open(PCONTEXT, (const char *)ctx); - - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_session_open Failed."); - goto exit; - } - - status = ex_sss_key_store_and_object_init((PCONTEXT)); - - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_key_store_and_object_init Failed"); - goto exit; - } - -#if INCLUDE_uxTaskGetStackHighWaterMark - sss_ex_rtos_stack_size("Before:ex_sss_entry"); -#endif // INCLUDE_uxTaskGetStackHighWaterMark - -#if EX_SSS_BOOT_DO_ERASE - status = ex_sss_boot_factory_reset((PCONTEXT)); - if (kStatus_SSS_Success != status) { - LOG_W("ex_sss_boot_factory_reset Failed"); - } -#if INCLUDE_uxTaskGetStackHighWaterMark - sss_ex_rtos_stack_size("after:erase"); -#endif // INCLUDE_uxTaskGetStackHighWaterMark -#endif - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -#if EX_SSS_BOOT_OPEN_HOST_SESSION - ex_sss_boot_open_host_session((PCONTEXT)); -#endif -#endif - - xLoggingTaskInitialize(LOGGING_TASK_STACK_SIZE, LOGGING_TASK_PRIORITY, LOGGING_QUEUE_LENGTH); - status = ex_sss_entry((PCONTEXT)); - - LOG_I("ex_sss Finished"); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_entry Failed"); - } - - ex_sss_session_close(PCONTEXT); - /* Delete locks for FreeRtos*/ - nLog_DeInit(); -#if INCLUDE_uxTaskGetStackHighWaterMark - sss_ex_rtos_stack_size("After:ex_sss_entry"); -#endif // INCLUDE_uxTaskGetStackHighWaterMark -exit: -#if defined(_MSC_VER) || defined(__linux__) || defined(__MINGW32__) || defined(__MINGW64__) - if (kStatus_SSS_Success == status) { - exit(0); - } - else { - exit(1); - } -#else - vTaskDelete(NULL); -#endif -} - -#if INCLUDE_uxTaskGetStackHighWaterMark -void sss_ex_rtos_stack_size(const char *when) -{ -#if LOG_INFO_ENABLED - UBaseType_t stackused; - stackused = EX_SSS_BOOT_RTOS_STACK_SIZE - uxTaskGetStackHighWaterMark(gSSSExRtosTaskHandle); - LOG_I("STACK USED [%s] %d", when, sizeof(UBaseType_t) * stackused); -#endif -} -#endif /* INCLUDE_uxTaskGetStackHighWaterMark */ - -#endif /* No RTOS, No Embedded */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h deleted file mode 100644 index cd8b4002d..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#include "ax_reset.h" - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -void ex_sss_main_linux_conf() -{ - axReset_HostConfigure(); - axReset_PowerUp(); -} - -void ex_sss_main_linux_unconf() -{ - axReset_PowerDown(); - axReset_HostUnconfigure(); -} diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h deleted file mode 100644 index 5e5beb1b4..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file - * - * ex_sss_objid.h: Reserved Object Identifiers - * - * Project: SecureIoTMW-Debug@simw-top-eclipse_x86 - * - * $Date: Mar 27, 2019 $ - * $Author: ing05193 $ - * $Revision$ - */ - -#ifndef SSS_EX_INC_EX_SSS_OBJID_H_ -#define SSS_EX_INC_EX_SSS_OBJID_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -/* clang-format off */ -#define EX_SSS_OBJID_CUST_START 0x00000001u -#define SE05X_OBJID_TP_MASK(X) (0xFFFFFFFC & (X)) -#define EX_SSS_OBJID_CUST_END 0x7BFFFFFFu - -#define EX_SSS_OBJID_AKM_START 0x7C000000u -#define EX_SSS_OBJID_AKM_END 0x7CFFFFFFu - -#define EX_SSS_OBJID_DEMO_START 0x7D000000u -#define EX_SSS_OBJID_DEMO_SA_START 0x7D500000u -#define EX_SSS_OBJID_DEMO_WIFI_START 0x7D51F000u -/* doc:start:mif-kdf-start-keyid */ -#define EX_SSS_OBJID_DEMO_MFDF_START 0x7D5DF000u -/* doc:end:mif-kdf-start-keyid */ -/////// EX_SSS_OBJID_DEMO_SA_END 0x7D5FFFFFu -#define EX_SSS_OBJID_DEMO_AUTH_START 0x7DA00000u -#define EX_SSS_OBJID_DEMO_AUTH_MASK(X) (0xFFFF0000u & (X)) -/////// EX_SSS_OBJID_DEMO_AUTH_END 0x7DA0FFFFu -#define EX_SSS_OBJID_DEMO_CLOUD_START 0x7DC00000u -#define EX_SSS_OBJID_DEMO_CLOUD_IBM_START 0x7DC1B000u -#define EX_SSS_OBJID_DEMO_CLOUD_GCP_START 0x7DC6C000u -#define EX_SSS_OBJID_DEMO_CLOUD_AWS_START 0x7DCA5000u -#define EX_SSS_OBJID_DEMO_CLOUD_AZURE_START 0x7DCAC000u -/////// EX_SSS_OBJID_DEMO_CLOUD_END 0x7DCFFFFFu -#define EX_SSS_OBJID_DEMO_END 0x7DFFFFFFu -#define SE05X_OBJID_SE05X_APPLET_RES_START 0x7FFF0000u -#define SE05X_OBJID_SE05X_APPLET_RES_MASK(X) \ - (0xFFFF0000u & (X)) -#define SE05X_OBJID_SE05X_APPLET_RES_END 0x7FFFFFFFu - -/* IoT Hub Managed */ -#define SE05X_OBJID_IOT_HUB_M_START 0x80000000u -#define SE05X_OBJID_IOT_HUB_M_END 0xEEFFFFFFu -#define EX_SSS_OBJID_TEST_START 0xEF000000u -#define EX_SSS_OBJID_TEST_END 0xEFFFFFFFu - -/* IoT Hub Access */ -#define EX_SSS_OBJID_IOT_HUB_A_START 0xF0000000u -#define EX_SSS_OBJID_IOT_HUB_A_MASK(X) (0xF0000000u & (X)) - -//Device Key and Certificate - ECC-256 -#define EX_SSS_OBJID_TP_KEY_EC_D 0xF0000100 -#define EX_SSS_OBJID_TP_CERT_EC_D 0xF0000101 -//Gateway Key and Certificate - ECC-256 -#define EX_SSS_OBJID_TP_KEY_EC_G 0xF0000102 -#define EX_SSS_OBJID_TP_CERT_EC_G 0xF0000103 - -//Device Key and Certificate - RSA-2K -#define EX_SSS_OBJID_TP_KEY_RSA2K_D 0xF0000110 -#define EX_SSS_OBJID_TP_CERT_RSA2K_D 0xF0000111 -//Gateway Key and Certificate - RSA-2K -#define EX_SSS_OBJID_TP_KEY_RSA2K_G 0xF0000112 -#define EX_SSS_OBJID_TP_CERT_RSA2K_G 0xF0000113 -//Device Key and Certificate - RSA-4K -#define EX_SSS_OBJID_TP_KEY_RSA4K_D 0xF0000120 -#define EX_SSS_OBJID_TP_CERT_RSA4K_D 0xF0000121 -//Gateway Key and Certificate - RSA-4K -#define EX_SSS_OBJID_TP_KEY_RSA4K_G 0xF0000122 -#define EX_SSS_OBJID_TP_CERT_RSA4K_G 0xF0000123 - -#define EX_SSS_OBJID_IOT_HUB_A_END 0xFFFFFFFFu - -/* clang-format on */ - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ - -enum -{ - kEX_SSS_ObjID_UserID_Auth = EX_SSS_OBJID_DEMO_AUTH_START + 1, - kEX_SSS_ObjID_APPLETSCP03_Auth, - kEX_SSS_objID_ECKEY_Auth, -}; - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ - -#endif /* SSS_EX_INC_EX_SSS_OBJID_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h deleted file mode 100644 index ed238e7ef..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file - * - * ex_sss_ports.h: Default ports being used in Examples and test cases - * - * $Date: Mar 10, 2019 $ - * $Author: ing05193 $ - * $Revision$ - */ - -#ifndef SSS_EX_INC_EX_SSS_PORTS_H_ -#define SSS_EX_INC_EX_SSS_PORTS_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -#define EX_SSS_BOOT_SSS_PORT "EX_SSS_BOOT_SSS_PORT" -#ifdef __linux__ -#define EX_SSS_BOOT_SSS_COMPORT_DEFAULT "/dev/ttyACM0" -#else -#define EX_SSS_BOOT_SSS_COMPORT_DEFAULT "\\\\.\\COM7" -#endif -#define EX_SSS_BOOT_SSS_SOCKET_HOSTNAME_DEFAULT "127.0.0.1" -#define EX_SSS_BOOT_SSS_SOCKET_PORTNUMBER_DEFAULT 8050 -#define EX_SSS_BOOT_SSS_SOCKET_PORTSZ_DEFAULT "8050" -#define EX_SSS_BOOT_SSS_PCSC_READER_DEFAULT "NXP SE050C v03.01.00 0" -#define EX_SSS_BOOT_SSS_SOCKETPORT_DEFAULT \ - EX_SSS_BOOT_SSS_SOCKET_HOSTNAME_DEFAULT \ - ":" EX_SSS_BOOT_SSS_SOCKET_PORTSZ_DEFAULT - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ - -#endif /* SSS_EX_INC_EX_SSS_PORTS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h deleted file mode 100644 index 9e894babd..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ -#define SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ - -#include "ex_sss_tp_scp03_keys.h" - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#define EX_SSS_BOOT_SCP03_PATH_ENV "EX_SSS_BOOT_SCP03_PATH" - -/* Modify based on platform */ -#if defined(ANDROID) -/* Could be set to /data/vendor/secure_iot/ if sepolicies are in effect */ -/* doc:start:android-scp03-path */ -#define EX_SSS_SCP03_FILE_DIR "/data/vendor/SE05x/" -#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" -/* doc:end:android-scp03-path */ -#elif defined(__linux__) -/* doc:start:linux-scp03-path */ -#define EX_SSS_SCP03_FILE_DIR "/tmp/SE05X/" -#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" -/* doc:end:linux-scp03-path */ -#elif defined(_MSC_VER) -/* doc:start:windows-scp03-path */ -#define EX_SSS_SCP03_FILE_DIR "C:\\nxp\\SE05X\\" -#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" -/* doc:end:windows-scp03-path */ -#else -/* Not defined / avialable */ -#endif - -#ifdef EX_SSS_SCP03_FILE_PATH -sss_status_t scp03_keys_from_path( - uint8_t *penc, size_t enc_len, uint8_t *pmac, size_t mac_len, uint8_t *pdek, size_t dek_len); -#endif - -#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_ENC \ - { \ - 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x01 \ - } - -#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_MAC \ - { \ - 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x02 \ - } - -#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_DEK \ - { \ - 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x03 \ - } - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -#endif /* SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h deleted file mode 100644 index 24421b7cd..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_AUTH_SE050_OEF_20191211_1809_ -#define SSS_AUTH_SE050_OEF_20191211_1809_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* clang-format off */ - - - -/* See https://www.nxp.com/docs/en/application-note/AN12436.pdf */ - -// Variant ==> OEF ID -// SE050A1 ==> A204 -// SE050A2 ==> A205 -// SE050B1 ==> A202 -// SE050B2 ==> A203 -// SE050C1 ==> A200 -// SE050C2 ==> A201 -// Development Board ==> A1F4 (DEVKIT) - -// SE050A1 -#define SSS_AUTH_SE050A1_KEY_ENC \ - {0x34, 0xae, 0x09, 0x67, 0xe3, 0x29, 0xe9, 0x51, 0x8e, 0x72, 0x65, 0xd5, 0xad, 0xcc, 0x01, 0xc2 } -#define SSS_AUTH_SE050A1_KEY_MAC \ - {0x52, 0xb2, 0x53, 0xca, 0xdf, 0x47, 0x2b, 0xdb, 0x3d, 0x0f, 0xb3, 0x8e, 0x09, 0x77, 0x00, 0x99 } -#define SSS_AUTH_SE050A1_KEY_DEK \ - {0xac, 0xc9, 0x14, 0x31, 0xfe, 0x26, 0x81, 0x1b, 0x5e, 0xcb, 0xc8, 0x45, 0x62, 0x0d, 0x83, 0x44 } - -// SE050A2 -#define SSS_AUTH_SE050A2_KEY_ENC \ - {0x46, 0xa9, 0xc4, 0x8c, 0x34, 0xef, 0xe3, 0x44, 0xa5, 0x22, 0xe6, 0x67, 0x44, 0xf8, 0x99, 0x6a } -#define SSS_AUTH_SE050A2_KEY_MAC \ - {0x12, 0x03, 0xff, 0x61, 0xdf, 0xbc, 0x9c, 0x86, 0x19, 0x6a, 0x22, 0x74, 0xae, 0xf4, 0xed, 0x28 } -#define SSS_AUTH_SE050A2_KEY_DEK \ - {0xf7, 0x56, 0x1c, 0x6f, 0x48, 0x33, 0x61, 0x19, 0xee, 0x39, 0x43, 0x9a, 0xab, 0x34, 0x09, 0x8e } - -// SE050B1 -#define SSS_AUTH_SE050B1_KEY_ENC \ - {0xd4, 0x99, 0xbc, 0x90, 0xde, 0xa5, 0x42, 0xcf, 0x78, 0xd2, 0x5e, 0x13, 0xd6, 0x4c, 0xbb, 0x1f } -#define SSS_AUTH_SE050B1_KEY_MAC \ - {0x08, 0x15, 0x55, 0x96, 0x43, 0xfb, 0x79, 0xeb, 0x85, 0x01, 0xa0, 0xdc, 0x83, 0x3d, 0x90, 0x1f } -#define SSS_AUTH_SE050B1_KEY_DEK \ - {0xbe, 0x7d, 0xdf, 0xb4, 0x06, 0xe8, 0x1a, 0xe4, 0xe9, 0x66, 0x5a, 0x9f, 0xed, 0x64, 0x26, 0x7c } - -// SE050B2 -#define SSS_AUTH_SE050B2_KEY_ENC \ - {0x5f, 0xa4, 0x3d, 0x82, 0x02, 0xd2, 0x5e, 0x9a, 0x85, 0xb1, 0xfe, 0x7e, 0x2d, 0x26, 0x47, 0x8d } -#define SSS_AUTH_SE050B2_KEY_MAC \ - {0x10, 0x5c, 0xea, 0x22, 0x19, 0xf5, 0x2b, 0xd1, 0x67, 0xa0, 0x74, 0x63, 0xc6, 0x93, 0x79, 0xc3 } -#define SSS_AUTH_SE050B2_KEY_DEK \ - {0xd7, 0x02, 0x81, 0x57, 0xf2, 0xad, 0x37, 0x2c, 0x74, 0xbe, 0x96, 0x9b, 0xcc, 0x39, 0x06, 0x27 } - -// SE050C1 -#define SSS_AUTH_SE050C1_KEY_ENC \ - {0x85, 0x2b, 0x59, 0x62, 0xe9, 0xcc, 0xe5, 0xd0, 0xbe, 0x74, 0x6b, 0x83, 0x3b, 0xcc, 0x62, 0x87 } -#define SSS_AUTH_SE050C1_KEY_MAC \ - {0xdb, 0x0a, 0xa3, 0x19, 0xa4, 0x08, 0x69, 0x6c, 0x8e, 0x10, 0x7a, 0xb4, 0xe3, 0xc2, 0x6b, 0x47 } -#define SSS_AUTH_SE050C1_KEY_DEK \ - {0x4c, 0x2f, 0x75, 0xc6, 0xa2, 0x78, 0xa4, 0xae, 0xe5, 0xc9, 0xaf, 0x7c, 0x50, 0xee, 0xa8, 0x0c } - -// SE050C2 -#define SSS_AUTH_SE050C2_KEY_ENC \ - {0xbd, 0x1d, 0xe2, 0x0a, 0x81, 0xea, 0xb2, 0xbf, 0x3b, 0x70, 0x9a, 0x9d, 0x69, 0xa3, 0x12, 0x54 } -#define SSS_AUTH_SE050C2_KEY_MAC \ - {0x9a, 0x76, 0x1b, 0x8d, 0xba, 0x6b, 0xed, 0xf2, 0x27, 0x41, 0xe4, 0x5d, 0x8d, 0x42, 0x36, 0xf5 } -#define SSS_AUTH_SE050C2_KEY_DEK \ - {0x9b, 0x99, 0x3b, 0x60, 0x0f, 0x1c, 0x64, 0xf5, 0xad, 0xc0, 0x63, 0x19, 0x2a, 0x96, 0xc9, 0x47 } - -// SE050_DEVKIT -#define SSS_AUTH_SE050_DEVKIT_KEY_ENC \ - {0x35, 0xc2, 0x56, 0x45, 0x89, 0x58, 0xa3, 0x4f, 0x61, 0x36, 0x15, 0x5f, 0x82, 0x09, 0xd6, 0xcd } -#define SSS_AUTH_SE050_DEVKIT_KEY_MAC \ - {0xaf, 0x17, 0x7d, 0x5d, 0xbd, 0xf7, 0xc0, 0xd5, 0xc1, 0x0a, 0x05, 0xb9, 0xf1, 0x60, 0x7f, 0x78 } -#define SSS_AUTH_SE050_DEVKIT_KEY_DEK \ - {0xa1, 0xbc, 0x84, 0x38, 0xbf, 0x77, 0x93, 0x5b, 0x36, 0x1a, 0x44, 0x25, 0xfe, 0x79, 0xfa, 0x29 } - -// SE051A2 -#define SSS_AUTH_SE051A2_KEY_ENC \ - { 0x84, 0x0a, 0x5d, 0x51, 0x79, 0x55, 0x11, 0xc9, 0xce, 0xf0, 0xc9, 0x6f, 0xd2, 0xcb, 0xf0, 0x41 } -#define SSS_AUTH_SE051A2_KEY_MAC \ - { 0x64, 0x6b, 0xc2, 0xb8, 0xc3, 0xa4, 0xd9, 0xc1, 0xfa, 0x8d, 0x71, 0x16, 0xbe, 0x04, 0xfd, 0xfe } -#define SSS_AUTH_SE051A2_KEY_DEK \ - { 0x03, 0xe6, 0x69, 0x9a, 0xca, 0x94, 0x26, 0xd9, 0xc3, 0x89, 0x22, 0xf8, 0x91, 0x4c, 0xe5, 0xf7 } - -// SE051C2 -#define SSS_AUTH_SE051C2_KEY_ENC \ - { 0x88, 0xdb, 0xcd, 0x65, 0x82, 0x0d, 0x2a, 0xa0, 0x6f, 0xfa, 0xb9, 0x2a, 0xa8, 0xe7, 0x93, 0x64 } -#define SSS_AUTH_SE051C2_KEY_MAC \ - { 0xa8, 0x64, 0x4e, 0x2a, 0x04, 0xd9, 0xe9, 0xc8, 0xc0, 0xea, 0x60, 0x86, 0x68, 0x29, 0x99, 0xe5 } -#define SSS_AUTH_SE051C2_KEY_DEK \ - { 0x8a, 0x38, 0x72, 0x38, 0x99, 0x88, 0x18, 0x44, 0xe2, 0xc1, 0x51, 0x3d, 0xac, 0xd9, 0xf8, 0x0d } - -/* clang-format on */ - -/* ************************************************************************** */ -/* Structures and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -#endif /* SSS_AUTH_SE050_OEF_20191211_1809_ */ \ No newline at end of file diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h deleted file mode 100644 index f060e1244..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file - * - * ex_sss_boot_int.h: *The purpose and scope of this file* - * - * Project: SecureIoTMW-Debug@appboot-top-eclipse_x86 - * - * $Date: Mar 10, 2019 $ - * $Author: ing05193 $ - * $Revision$ - */ - -#ifndef SSS_EX_SRC_EX_SSS_BOOT_INT_H_ -#define SSS_EX_SRC_EX_SSS_BOOT_INT_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ -#include - -#include "fsl_sss_se05x_apis.h" - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ -#if SSS_HAVE_SE -sss_status_t ex_sss_boot_se_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -/** Entry Point for SE050 based build */ - -#if SSS_HAVE_APPLET_SE05X_IOT -sss_status_t ex_sss_boot_se05x_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -sss_status_t ex_sss_boot_se05x_open_on_Id(ex_sss_boot_ctx_t *pCtx, const char *portName, const int32_t authID); -#endif - -#if SSS_HAVE_MBEDTLS -sss_status_t ex_sss_boot_mbedtls_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -#if SSS_HAVE_OPENSSL -sss_status_t ex_sss_boot_openssl_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -sss_status_t ex_sss_boot_a71ch_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -#if SSS_HAVE_A71CL || SSS_HAVE_SE050_L -sss_status_t ex_sss_boot_a71cl_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -#endif /* SSS_EX_SRC_EX_SSS_BOOT_INT_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h deleted file mode 100644 index bb4f10f61..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h +++ /dev/null @@ -1,428 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ -#ifndef _FSL_SSCP_H_ -#define _FSL_SSCP_H_ - -#include -#include -#include - -#include "fsl_sscp_commands.h" - -/*! -@defgroup sscp Security Subsystem Communication Protocol (SSCP) - - # SSCP protocol description - - SSCP is very simple remote procedure call protocol. - Function parameters are described by one or multiple SSCP operation descriptor(s). - One parameter descriptor describes up to 7 function parameters as contexts, buffers, values or aggregates. - Multiple parameter descriptors can be linked by the aggregate parameter type (kSSCP_ParamType_Aggregate). - - Function arguments are described as a buffer (address and size), a value (a tuple of two words), - a context (pointer and type id) or an aggregate. - If the parameter is the aggregate (kSSCP_ParamType_Aggregate type), then it will contain a pointer to another - sscp_operation_t. This allows to link additional sscp_operation_t. - - The protocol allows for remote calling by a copy of all arguments (including buffer contents), - that is, to remote call to a sub-system having no physical access to Host CPU memory. - If a sub-system has access to Host CPU memory, the SSCP transport implementation can decide to transfer - only the buffer descriptor (pointer and size) without physically transmitting the buffer content, - as the buffer content can be accessed by the sub-system when the remote function executes. - The same holds for the context descriptor (pointer and type id). The actual SSCP implementation - can transfer only pointer to a sub-system, if the sub-system has the memory, where the context data - structure is located, and if it has an application level knowledge of the context data structure - layout (either based on the command id or the context type id). - - Byte length (for void* and uintptr_t) and endianess is inherited from the host CPU. - - # SSCP operation descriptors - - A remote function is invoked by transmitting a command id (unique identifier to specify a remote function), - followed by SSCP operation descriptors ::sscp_operation_t. There is always one descriptor and optionally - it can link another descriptor, if the number of ::sscp_operation_t params is not sufficient - to described all function parameters. In the example below, the last params[n-1] on the left side is an aggregate - that links secondary descriptor. - - @code - command - paramTypes - params[0] - ... - params[n-1] ------------- paramTypes - params[0] - ... - params[n-1] - @endcode - - where n = 1, 2, ..., 7. - - These operation descriptors serve as an input to ::sscp_invoke_command() function. - The serialization to the communication system is implementation specific. - For example, implementations may decide to transfer only pointers and values (without payloads), - because security sub-system has access to memory, so it can read and write payloads on its own during function - execution. Other implementations may need to serialize everything to a communication bus. - - This implementation specific data transfer is implemented by an invoke() function. - During implementation specific initialization of the SSCP transfer, sscp__init() function, - a pointer to implementation specific invoke() function is stored in the sscp__context_t. - - @code - sscp_mu_init(ctx, invoke = sscp_mu_invoke_command) - ... - ctx->invoke() - ... - ctx->invoke() - ... - sscp_deinit(ctx) - @endcode - - # Example for SSCP protocol implementation with S3MU - - The ::sscp_invoke_command() implementation for the S3MU (Sentinel), ::sscp_mu_invoke_command(), - builds up the serial message as follows: - - word 0 | word 1 | word 2 | word 3 | ... | word (n*2 + 1) - -------|-----------|-------------|-------------|-----|--------------- - CMD |paramTypes | params[0].a | params[0].b | ... | params[n-1].b - - where the n value is CMD specific and it is present in the CMD word. - Passing this message through S3MU to the Sentinel sub-system is done by simply moving the 16 words into S3MU Tx A - registers. - - # Example with the SSS API - - @code - sss_status_t sss_aead_one_go(sss_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t tagLen); - - uint32_t cmd = kSSCP_CMD_SSS_AeadOneGo(n=6); - - sscp_operation_t op = (0); - sscp_status_t status = kStatus_SSCP_Fail; - uint32_t ret = 0; - - if (context->mode == Encrypt) - { - op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefOutput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefOutput, - kSSCP_ParamType_None); - } - else - { - op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefOutput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_None); - } - - ... context is an aggregate data type ... - ... implementation specific sscp_operation_t to serialize the context data ... - op.params[0].context.ptr = context; - op.params[0].context.type = kSSCP_ParamContextType_SSS_Aead; - - ... function parameters ... - op.params[1].memref.buffer = srcData; - op.params[1].memref.size = size; - - op.params[2].memref.buffer = destData; - op.params[2].memref.size = size; - - op.params[3].memref.buffer = nonce; - op.params[3].memref.size = nonceLen; - - op.params[4].memref.buffer = aad; - op.params[4].memref.size = aadLen; - - op.params[5].memref.buffer = tag; - op.params[5].memref.size = tagLen; - - ... Serialize to the link ... - status = context->session->sscp->invoke(context->sscpSession, cmd, &op, &ret); - if (status != kStatus_SSCP_Success) - { - return kStatus_SSS_Fail; - } - - return (sss_status_t)ret; - - @endcode - - # Example with the SSCP Client API - - @code - SSCP_Result SSCP_InvokeCommand(SSCP_Session *sessionSSCP, - uint32_t commandID, - SSCP_Operation *operation, - uint32_t *returnOrigin); - - - uint32_t cmd = kSSCP_CMD_SSCP_InvokeCommand; - - sscp_operation_t op = {0}; - sscp_status_t status = kStatus_SSCP_Fail; - uint32_t ret = 0; - - op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, - kSSCP_ParamType_ValueInput, - kSSCP_ParamType_ContextReference, - kSSCP_ParamType_MemrefOutput, - kSSCP_ParamType_None, - kSSCP_ParamType_None, - kSSCP_ParamType_None); - - op.params[0].context.ptr = sessionSSCP; - op.params[0].context.type = kSSCP_ParamContextType_SSCP_Session; - - op.params[1].value.a = commandID; - op.params[1].value.b = 0; - - op.params[2].context.ptr = operation; - op.params[2].context.type = kSSCP_ParamContextType_SSCP_Operation; - - op.params[3].memref.buffer = returnOrigin; - op.params[3].memref.size = sizeof(*returnOrigin); - - @endcode - */ - -/*! - * @addtogroup sscp - * @{ - */ - -/*! @brief Maximum number of parameters to be supported in one sscp_operation_t */ -#define SSCP_OPERATION_PARAM_COUNT (7) - -/*! @brief Default SSCP context is a pointer to memory. */ -#ifndef SSCP_MAX_CONTEXT_SIZE -#define SSCP_MAX_CONTEXT_SIZE (sizeof(void *)) -#endif - -/*! @brief Set parameter types for the SSCP operation. Each param type is encoded into 4-bits bit field. */ -#define SSCP_OP_SET_PARAM(p0, p1, p2, p3, p4, p5, p6) \ - (((uint32_t)p0 & 0xFu)) | (((uint32_t)p1 & 0xFu) << 4u) | (((uint32_t)p2 & 0xFu) << 8u) | \ - (((uint32_t)p3 & 0xFu) << 12u) | (((uint32_t)p4 & 0xFu) << 16u) | (((uint32_t)p5 & 0xFu) << 20u) | \ - (((uint32_t)p6 & 0xFu) << 24u); - -/*! @brief Decode i-th parameter as 4-bit unsigned integer. */ -#define SSCP_OP_GET_PARAM(i, paramTypes) ((uint32_t)((((uint32_t)paramTypes) >> i * 4) & 0xFu)) - -/*! @brief Data type for SSCP function return values */ -typedef uint32_t sscp_status_t; - -typedef struct _sscp_context sscp_context_t; - -/** - * @brief SSCP operation descriptor - * - */ -typedef struct _sscp_operation sscp_operation_t; - -/*! @brief Typedef for a function that sends a command and associated parameters to security sub-system - * - * The commandID and operation content is serialized and sent over to the selected security sub-system. - * This is implementation specific function. - * The function can invoke both blocking and non-blocking secure functions in the selected security sub-system. - * - * @param context Initialized SSCP context - * @param commandID Command - an id of a remote secure function to be invoked - * @param op Description of function arguments as a sequence of buffers, values, context references and aggregates - * @param ret Return code of the remote secure function (application layer return value) - * - * @returns Status of the operation - * @retval kStatus_SSCP_Success A blocking command has completed or a non-blocking command has been accepted. - * @retval kStatus_SSCP_Fail Operation failure, for example hardware fail. - * @retval kStatus_SSCP_InvalidArgument One of the arguments is invalid for the function to execute. - */ -typedef sscp_status_t (*fn_sscp_invoke_command_t)( - sscp_context_t *context, uint32_t commandID, sscp_operation_t *op, uint32_t *ret); - -/** - * struct _sscp_context - SSCP context struct - * - * This data type is used to keep context of the SSCP link. - * It has one mandatory member - pointer to invoke() function. - * Otherwise it is completely implementation specific. - * - * @param invoke Pointer to implementation specific invoke() function - * @param context Container for the implementation specific data. - */ -struct _sscp_context -{ - fn_sscp_invoke_command_t invoke; - // sscp_status_t (*sscp_invoke_command)(sscp_context_t *context, uint32_t commandID, sscp_operation_t *op); - - /*! Implementation specific part */ - struct - { - uint8_t data[SSCP_MAX_CONTEXT_SIZE]; - } context; -}; - -/** - * struct _sscp_memref - Buffer - * - * This data type is used to describe a function argument as a buffer. - * - * @param buffer Memory address - * @param size Length of the buffer in bytes - */ -typedef struct _sscp_memref -{ - void *buffer; - size_t size; -} sscp_memref_t; - -/** - * struct _sscp_value - Small raw data - * - * This data type is used to describe a function argument as a tuple of two 32-bit values. - * - * @param a First 32-bit data value. - * @param b Second 32-bit data value. - */ -typedef struct _sscp_value -{ - uint32_t a; - uint32_t b; -} sscp_value_t; - -/** - * @brief SSCP descriptor for an aggregate - * - * This data type is used to link additional SSCP operation. - * - * @param op Pointer to sscp_operation_t. - */ -typedef struct _sscp_aggregate_operation -{ - sscp_operation_t *op; -} sscp_aggregate_operation_t; - -/** - * @brief SSCP descriptor for a context struct - * - * This data type is used pass context struct to SSCP by reference - * - * @param ptr Pointer to a data structure - * @param type 32-bit identifier specifying context struct type - */ -typedef struct _sscp_context_operation -{ - void *ptr; - uint32_t type; -} sscp_context_reference_t; - -/** - * @brief Data structure representing a function argument. - * - * Either the client uses a shared memory reference, or a small raw - * data container. - * - * @param value Small raw data container - * @param memref Memory reference - * @param aggregate Reference to another SSCP descriptor - * @param context Pointer to a data struct to be passed to SSCP by reference - */ -typedef union _sscp_parameter { - sscp_value_t value; - sscp_memref_t memref; - sscp_aggregate_operation_t aggregate; - sscp_context_reference_t context; -} sscp_parameter_t; - -/** - * @brief Data structure describing function arguments. - * Function argument are described as a sequence of buffers, values, context references and aggregates. - * It serves as an input to ::sscp_invoke_command(), an implementation specific serialization function. - * - * @param paramTypes Type of data passed. - * @param params Array of parameters of type sscp_parameter_t. - * - */ -struct _sscp_operation -{ - uint32_t paramTypes; - sscp_parameter_t params[SSCP_OPERATION_PARAM_COUNT]; -}; - -/** - * @brief Enum with SSCP operation parameters. - */ -typedef enum _sscp_param_types -{ - kSSCP_ParamType_None = 0, /*! Parameter not in use */ - kSSCP_ParamType_Aggregate = 0x1u, /*! Link to another ::sscp_operation_t */ - kSSCP_ParamType_ContextReference, /*! Reference to a context structure - pointer and type */ - kSSCP_ParamType_MemrefInput, /*! Reference to a memory buffer - input to remote function or service */ - kSSCP_ParamType_MemrefOutput, /*! Reference to a memory buffer - output by remote function or service. - Implementations shall update the size member of the ::sscp_memref_t - with the actual number of bytes written. */ - kSSCP_ParamType_MemrefInOut, /*! Reference to a memory buffer - input to and ouput from remote function or service - */ - kSSCP_ParamType_ValueInput, /*! Tuple of two 32-bit integers - input to remote function or service */ - kSSCP_ParamType_ValueOutput, /*! Tuple of two 32-bit integers - output by remote function or service */ -} sscp_param_types_t; - -/** - * @brief Enum with return values from SSCP functions - */ -enum _sscp_return_values -{ - kStatus_SSCP_Success = 0x10203040u, - kStatus_SSCP_Fail = 0x40302010u, -}; - -/******************************************************************************* - * API - ******************************************************************************/ -#if defined(__cplusplus) -extern "C" { -#endif - -/*! @brief Sends a command and associated parameters to security sub-system - * - * The commandID and operation content is serialized and sent over to the selected security sub-system. - * This is implementation specific function. - * The function can invoke both blocking and non-blocking secure functions in the selected security sub-system. - * - * @param context Initialized SSCP context - * @param commandID Command - an id of a remote secure function to be invoked - * @param op Description of function arguments as a sequence of buffers and values - * @param ret Return code of the remote secure function (application layer return value) - * - * @returns Status of the operation - * @retval kStatus_SSCP_Success A blocking command has completed or a non-blocking command has been accepted. - * @retval kStatus_SSCP_Fail Operation failure, for example hardware fail. - * @retval kStatus_SSCP_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sscp_status_t sscp_invoke_command(sscp_context_t *context, uint32_t commandID, sscp_operation_t *op, uint32_t *ret); - -#if defined(__cplusplus) -} -#endif - -/*! - *@} - */ /* end of sscp */ - -#endif /* _FSL_SSCP_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h deleted file mode 100644 index f1b71c086..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h +++ /dev/null @@ -1,1892 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ -/** @file */ -#ifndef _FSL_SSS_H_ -#define _FSL_SSS_H_ - -#if !defined(SSS_CONFIG_FILE) -#include "fsl_sss_config.h" -#else -#include SSS_CONFIG_FILE -#endif - -#include - -#include "fsl_sss_types.h" - -/** Version of the SSS API */ -#define SSS_API_VERSION (0x00000001u) - -/** Size of an AES Block, in bytes */ -#define SSS_AES_BLOCK_SIZE (16u) -/** Size of a DES Block, in bytes */ -#define SSS_DES_BLOCK_SIZE (8u) -/** Size of a DES Key, in bytes */ -#define SSS_DES_KEY_SIZE (8u) -/** Size of a DES IV, in bytes */ -#define SSS_DES_IV_SIZE (8u) - -/** Status of the SSS APIs */ -typedef enum -{ - /** Operation was successful */ - kStatus_SSS_Success = 0x5a5a5a5au, - /** Operation failed */ - kStatus_SSS_Fail = 0x3c3c0000u, - /** Operation not performed because some of the passed parameters - * were found inappropriate */ - kStatus_SSS_InvalidArgument = 0x3c3c0001u, - /** Where the underlying sub-system *supports* multi-threading, - * Internal status to handle simultaneous access. - * - * This status is not expected to be returned to higher layers. - * */ - kStatus_SSS_ResourceBusy = 0x3c3c0002u, -} sss_status_t; - -/** Helper macro to set enum value */ - -#define SSS_ENUM(GROUP, INDEX) ((GROUP) | (INDEX)) - -/** Cryptographic sub system */ -typedef enum -{ - kType_SSS_SubSystem_NONE, - /** Software based */ - kType_SSS_Software = SSS_ENUM(0x01 << 8, 0x00), - kType_SSS_mbedTLS = SSS_ENUM(kType_SSS_Software, 0x01), - kType_SSS_OpenSSL = SSS_ENUM(kType_SSS_Software, 0x02), - /** HOST HW Based */ - kType_SSS_HW = SSS_ENUM(0x02 << 8, 0x00), - kType_SSS_SECO = SSS_ENUM(kType_SSS_HW, 0x01), - /** Isolated HW */ - kType_SSS_Isolated_HW = SSS_ENUM(0x04 << 8, 0x00), - kType_SSS_Sentinel = SSS_ENUM(kType_SSS_Isolated_HW, 0x01), - kType_SSS_Sentinel200 = SSS_ENUM(kType_SSS_Isolated_HW, 0x02), - kType_SSS_Sentinel300 = SSS_ENUM(kType_SSS_Isolated_HW, 0x03), - kType_SSS_Sentinel400 = SSS_ENUM(kType_SSS_Isolated_HW, 0x04), - kType_SSS_Sentinel500 = SSS_ENUM(kType_SSS_Isolated_HW, 0x05), - /** Secure Element */ - kType_SSS_SecureElement = SSS_ENUM(0x08 << 8, 0x00), - /** To connect to https://www.nxp.com/products/:A71CH */ - kType_SSS_SE_A71CH = SSS_ENUM(kType_SSS_SecureElement, 0x01), - kType_SSS_SE_A71CL = SSS_ENUM(kType_SSS_SecureElement, 0x02), - /** To connect to https://www.nxp.com/products/:SE050 */ - kType_SSS_SE_SE05x = SSS_ENUM(kType_SSS_SecureElement, 0x03), - kType_SSS_SubSystem_LAST -} sss_type_t; - -/** Destintion connection type */ -typedef enum -{ - /* Plain => Lowest level of security requested. - * => Probably a system with no mechanism to *identify* who - * has opened the session from host - * => Probably a system with Easy for man in the middle attack. - * - */ - kSSS_ConnectionType_Plain, - /* Password: - * => Some level of user authentication/identification requested - * => Probably a system with "static" authentication/identification. - * => Probably same Password us always. - * => "Password" mostly gets sent in plain over the communication layer - * => Probably a system with replay attack possible - */ - kSSS_ConnectionType_Password, - /* Encrypted: - * Communication is guaranteed to be Encrypted. - * For SE => This would mean highest level of authentication - * For other system => channel would be encrypted - * - * In general, almost a level of security that is definitely higher than - * Plain/Password/PIN. - * - * Using *Dynamic* Sessions Keys for authenticated communication. - */ - kSSS_ConnectionType_Encrypted -} sss_connection_type_t; - -#ifndef __DOXYGEN__ - -#define SSS_ALGORITHM_START_AES (0x00) -#define SSS_ALGORITHM_START_CHACHA (0x01) -#define SSS_ALGORITHM_START_DES (0x02) -#define SSS_ALGORITHM_START_SHA (0x03) -#define SSS_ALGORITHM_START_MAC (0x04) -#define SSS_ALGORITHM_START_DH (0x05) -#define SSS_ALGORITHM_START_DSA (0x06) -#define SSS_ALGORITHM_START_RSASSA_PKCS1_V1_5 (0x07) -#define SSS_ALGORITHM_START_RSASSA_PKCS1_PSS_MGF1 (0x08) -#define SSS_ALGORITHM_START_RSAES_PKCS1_OAEP (0x09) -#define SSS_ALGORITHM_START_RSAES_PKCS1_V1_5 (0x0A) -#define SSS_ALGORITHM_START_RSASSA_NO_PADDING (0x0B) -#define SSS_ALGORITHM_START_ECDSA (0x0C) -#define SSS_ALGORITHM_START_ECDAA (0x0D) - -/* Not available outside this file */ -#define SSS_ENUM_ALGORITHM(GROUP, INDEX) (((SSS_ALGORITHM_START_##GROUP) << 8) | (INDEX)) - -#endif - -/** Cryptographic algorithm to be applied */ -typedef enum /* _sss_algorithm */ -{ - kAlgorithm_None, - /* AES */ - kAlgorithm_SSS_AES_ECB = SSS_ENUM_ALGORITHM(AES, 0x01), - kAlgorithm_SSS_AES_CBC = SSS_ENUM_ALGORITHM(AES, 0x02), - kAlgorithm_SSS_AES_CTR = SSS_ENUM_ALGORITHM(AES, 0x03), - kAlgorithm_SSS_AES_GCM = SSS_ENUM_ALGORITHM(AES, 0x04), - kAlgorithm_SSS_AES_CCM = SSS_ENUM_ALGORITHM(AES, 0x05), - kAlgorithm_SSS_AES_GCM_INT_IV = SSS_ENUM_ALGORITHM(AES, 0x06), - /* CHACHA_POLY */ - kAlgorithm_SSS_CHACHA_POLY = SSS_ENUM_ALGORITHM(CHACHA, 0x01), - /* DES */ - kAlgorithm_SSS_DES_ECB = SSS_ENUM_ALGORITHM(DES, 0x01), - kAlgorithm_SSS_DES_CBC = SSS_ENUM_ALGORITHM(DES, 0x02), - /* DES3 */ - kAlgorithm_SSS_DES3_ECB = SSS_ENUM_ALGORITHM(DES, 0x03), - kAlgorithm_SSS_DES3_CBC = SSS_ENUM_ALGORITHM(DES, 0x04), - /* digest */ - /* doc:start hash_algo */ - kAlgorithm_SSS_SHA1 = SSS_ENUM_ALGORITHM(SHA, 0x01), - kAlgorithm_SSS_SHA224 = SSS_ENUM_ALGORITHM(SHA, 0x02), - kAlgorithm_SSS_SHA256 = SSS_ENUM_ALGORITHM(SHA, 0x03), - kAlgorithm_SSS_SHA384 = SSS_ENUM_ALGORITHM(SHA, 0x04), - kAlgorithm_SSS_SHA512 = SSS_ENUM_ALGORITHM(SHA, 0x05), - /* doc:end hash_algo */ - /* MAC */ - kAlgorithm_SSS_CMAC_AES = SSS_ENUM_ALGORITHM(MAC, 0x01), - kAlgorithm_SSS_HMAC_SHA1 = SSS_ENUM_ALGORITHM(MAC, 0x02), - kAlgorithm_SSS_HMAC_SHA224 = SSS_ENUM_ALGORITHM(MAC, 0x03), - kAlgorithm_SSS_HMAC_SHA256 = SSS_ENUM_ALGORITHM(MAC, 0x04), - kAlgorithm_SSS_HMAC_SHA384 = SSS_ENUM_ALGORITHM(MAC, 0x05), - kAlgorithm_SSS_HMAC_SHA512 = SSS_ENUM_ALGORITHM(MAC, 0x06), - /* See above: - * kAlgorithm_SSS_HMAC_SHA224 = SSS_ENUM_ALGORITHM(CHACHA, 0x01) */ - - /* Diffie-Helmann */ - kAlgorithm_SSS_DH = SSS_ENUM_ALGORITHM(DH, 0x01), - kAlgorithm_SSS_ECDH = SSS_ENUM_ALGORITHM(DH, 0x02), - /* DSA */ - kAlgorithm_SSS_DSA_SHA1 = SSS_ENUM_ALGORITHM(DSA, 0x01), - kAlgorithm_SSS_DSA_SHA224 = SSS_ENUM_ALGORITHM(DSA, 0x02), - kAlgorithm_SSS_DSA_SHA256 = SSS_ENUM_ALGORITHM(DSA, 0x03), - - /* RSA */ - /* doc:start rsa_sign_algo */ - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x01), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x02), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x03), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x04), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x05), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x06), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x01), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x02), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x03), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x04), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x05), - /* doc:end rsa_sign_algo */ - - /* doc:start rsa_enc_algo */ - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x01), - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x02), - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x03), - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x04), - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x05), - kAlgorithm_SSS_RSAES_PKCS1_V1_5 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_V1_5, 0x01), - /* doc:end rsa_enc_algo */ - - /* doc:start rsa_sign_algo_no_padding */ - kAlgorithm_SSS_RSASSA_NO_PADDING = SSS_ENUM_ALGORITHM(RSASSA_NO_PADDING, 0x01), - /* doc:end rsa_sign_algo_no_padding */ - - /* ECDSA */ - /* doc:start ecc_sign_algo */ - kAlgorithm_SSS_ECDSA_SHA1 = SSS_ENUM_ALGORITHM(ECDSA, 0x01), - kAlgorithm_SSS_ECDSA_SHA224 = SSS_ENUM_ALGORITHM(ECDSA, 0x02), - kAlgorithm_SSS_ECDSA_SHA256 = SSS_ENUM_ALGORITHM(ECDSA, 0x03), - kAlgorithm_SSS_ECDSA_SHA384 = SSS_ENUM_ALGORITHM(ECDSA, 0x04), - kAlgorithm_SSS_ECDSA_SHA512 = SSS_ENUM_ALGORITHM(ECDSA, 0x05), - /* doc:end ecc_sign_algo */ - - /* ECDAA */ - /* doc:start ecc_bn_sign_algo */ - kAlgorithm_SSS_ECDAA = SSS_ENUM_ALGORITHM(ECDAA, 0x01), - /* doc:end ecc_bn_sign_algo */ -} sss_algorithm_t; - -#undef SSS_ENUM_ALGORITHM - -#ifndef __DOXYGEN__ - -// Deprecated names for RSAES_PKCS1_OAEP algorithms -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA1 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1 -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA224 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224 -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA256 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256 -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA384 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384 -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA512 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512 - -// Deprecated names for RSAES_PKCS1_V1_5 algorithms -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA1 kAlgorithm_SSS_RSAES_PKCS1_V1_5 -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA224 kAlgorithm_SSS_RSAES_PKCS1_V1_5 -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA256 kAlgorithm_SSS_RSAES_PKCS1_V1_5 -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA384 kAlgorithm_SSS_RSAES_PKCS1_V1_5 -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA512 kAlgorithm_SSS_RSAES_PKCS1_V1_5 - -#endif /* __DOXYGEN__ */ - -/** High level algorihtmic operations. - * - * Augmented by @ref sss_algorithm_t - */ -typedef enum -{ - kMode_SSS_Encrypt = 1, //!< Encrypt - kMode_SSS_Decrypt = 2, //!< Decrypt - kMode_SSS_Sign = 3, //!< Sign - kMode_SSS_Verify = 4, //!< Verify - /* Compute Shared Secret. e.g. Diffie-Hellman */ - kMode_SSS_ComputeSharedSecret = 5, - kMode_SSS_Digest = 6, //!< Message Digest - kMode_SSS_Mac = 7, //!< Message Authentication Code - - // For now, use kMode_SSS_ComputeSharedSecret for HKDF Extract and Expand - // kMode_SSS_HKDF = 8, //!< HKDF Extract and Expand (RFC 5869) - kMode_SSS_HKDF_ExpandOnly = 9 //!< HKDF Expand Only (RFC 5869) -} sss_mode_t; - -/** - * Permissions of an object - */ -typedef enum -{ - /** Can read (applicable) contents of the key. - * - * @note This is not same as @ref kAccessPermission_SSS_Use. - * - * Without reading, the object, the key can be used. - */ - kAccessPermission_SSS_Read = (1u << 0), - /** Can change the value of an object */ - kAccessPermission_SSS_Write = (1u << 1), - /** Can use an object */ - kAccessPermission_SSS_Use = (1u << 2), - /** Can delete an object */ - kAccessPermission_SSS_Delete = (1u << 3), - /** Can change permissions applicable to an object */ - kAccessPermission_SSS_ChangeAttributes = (1u << 4), - /** Bitwise OR of all sss_access_permission. */ - kAccessPermission_SSS_All_Permission = 0x1F, -} sss_access_permission_t; - -/** - * Persistent / Non persistent mode of a key - */ -typedef enum -{ - kKeyObject_Mode_None = 0, //!< kKeyObject_Mode_None - /** Key object will be persisted in memory - * and will retain it's value after a closed session - */ - kKeyObject_Mode_Persistent = 1, - /** Key Object will be stored in RAM. - * It will lose it's contents after a session is closed - */ - kKeyObject_Mode_Transient = 2, -} sss_key_object_mode_t; - -/** Part of a key */ -typedef enum -{ - kSSS_KeyPart_NONE, - /** Applicable where we have UserID, Binary Files, - * Certificates, Symmetric Keys, PCR, HMAC-key, counter */ - kSSS_KeyPart_Default = 1, - /** Public part of asymmetric key */ - kSSS_KeyPart_Public = 2, - /** Private only part of asymmetric key */ - kSSS_KeyPart_Private = 3, - /** Both, public and private part of asymmetric key */ - kSSS_KeyPart_Pair = 4, -} sss_key_part_t; - -/** For all cipher types, key bit length is provides at the time key is inserted/generated */ -typedef enum -{ - kSSS_CipherType_NONE, - kSSS_CipherType_AES = 10, - kSSS_CipherType_DES = 12, - - kSSS_CipherType_CMAC = 20, - kSSS_CipherType_HMAC = 21, - - kSSS_CipherType_MAC = 30, - kSSS_CipherType_RSA = 31, /*! RSA RAW format */ - kSSS_CipherType_RSA_CRT = 32, /*! RSA CRT format */ - - /* The following keys can be identified - * solely by the *Family* and bit length - */ - kSSS_CipherType_EC_NIST_P = 40, /*! Keys Part of NIST-P Family */ - kSSS_CipherType_EC_NIST_K = 41, /*! Keys Part of NIST-K Family */ - - /* The following keys need their full curve parameters (p,a,b,x,y,n,h) - */ - /** Montgomery Key, */ - kSSS_CipherType_EC_MONTGOMERY = 50, - /** twisted Edwards form elliptic curve public key */ - kSSS_CipherType_EC_TWISTED_ED = 51, - /** Brainpool form elliptic curve public key */ - kSSS_CipherType_EC_BRAINPOOL = 52, - /** Barreto Naehrig curve */ - kSSS_CipherType_EC_BARRETO_NAEHRIG = 53, - - kSSS_CipherType_UserID = 70, - - /** Use kSSS_CipherType_Binary to store Certificate */ - kSSS_CipherType_Certificate = 71, - kSSS_CipherType_Binary = 72, - - kSSS_CipherType_Count = 73, - kSSS_CipherType_PCR = 74, - kSSS_CipherType_ReservedPin = 75, -} sss_cipher_type_t; - -/** XY Co-ordinates for ECC Curves */ -typedef struct -{ - /** X Point */ - uint8_t *X; - /** Y Point */ - uint8_t *Y; -} sss_ecc_point_t; - -/** ECC Curve Parameter */ -typedef struct -{ - uint8_t *p; /**< ECC parameter P */ - uint8_t *a; /**< ECC parameter a */ - uint8_t *b; /**< ECC parameter b */ - sss_ecc_point_t *G; /**< ECC parameter G */ - uint8_t *n; /**< ECC parameter n */ - uint8_t *h; /**< ECC parameter h */ -} sss_eccgfp_group_t; - -/** - * @addtogroup sss_session - * @{ - */ - -/** Properties of session that are U32 - * - * From 0 to kSSS_SessionProp_Optional_Prop_Start, - * around 2^24 = 16777215 Properties are - * possible. - * - * From 0 to kSSS_SessionProp_Optional_Prop_Start, - * around 2^24 = 16777215 Properties are - * possible. - * - */ -typedef enum -{ - /** Invalid */ - kSSS_SessionProp_u32_NA = 0, - /** Major version */ - kSSS_SessionProp_VerMaj, - /** Minor Version */ - kSSS_SessionProp_VerMin, - /** Development Version */ - kSSS_SessionProp_VerDev, - - /* Lenght of UID */ - kSSS_SessionProp_UIDLen, - - /** Optional Properties Start */ - kSSS_SessionProp_u32_Optional_Start = 0x00FFFFFFu, - - /** How much persistent memory is free */ - kSSS_KeyStoreProp_FreeMem_Persistant, - - /** How much transient memory is free */ - kSSS_KeyStoreProp_FreeMem_Transient, - - /** Proprietary Properties Start */ - kSSS_SessionProp_u32_Proprietary_Start = 0x01FFFFFFu, - -} sss_session_prop_u32_t; - -/** Properties of session that are S32 - * - * From 0 to kSSS_SessionProp_Optional_Prop_Start, - * around 2^24 = 16777215 Properties are - * possible. - * - * From 0 to kSSS_SessionProp_Optional_Prop_Start, - * around 2^24 = 16777215 Properties are - * possible. - * - */ -typedef enum -{ - /** Invalid */ - kSSS_SessionProp_au8_NA = 0, - /** Name of the product, string */ - kSSS_SessionProp_szName, - /** Unique Identifier */ - kSSS_SessionProp_UID, - - /** Optional Properties Start */ - kSSS_SessionProp_au8_Optional_Start = 0x00FFFFFFu, - - /** Proprietary Properties Start */ - kSSS_SessionProp_au8_Proprietary_Start = 0x01FFFFFFu, - -} sss_session_prop_au8_t; - -/** @} */ - -/** - * @addtogroup sss_session - * @{ - */ - -/** @brief Root session - * - * This is a *singleton* for each connection (physical/logical) - * to individual cryptographic system. - */ -typedef struct -{ - /** Indicates which security subsystem is selected. - * - * This is set when @ref sss_session_open is successful */ - sss_type_t subsystem; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_SESSION_MAX_CONTEXT_SIZE]; - } extension; -} sss_session_t; -/** @} */ - -/** - * @addtogroup sss_key_store - * @{ - */ - -/** @brief Store for secure and non secure key objects within a cryptographic system. - * - * - A cryptographic system may have more than partitions to store such keys. - * - */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_KEY_STORE_MAX_CONTEXT_SIZE]; - } extension; -} sss_key_store_t; - -/** properties of a Key Store that return array */ -typedef enum -{ - /** Optional Properties Start */ - kSSS_KeyStoreProp_au8_Optional_Start = 0x00FFFFFFu, - -} sss_key_store_prop_au8_t; - -/** Entity on the other side of the tunnel */ -typedef enum -{ - /** Default value */ - kSSS_TunnelDest_None = 0, - - /** SE05X IoT Applet */ - kSSS_TunnelType_Se05x_Iot_applet, -} sss_tunnel_dest_t; - -/** @} */ - -/** - * @addtogroup sss_key_object - * @{ - */ - -/** @brief An object (secure / non-secure) within a Key Store. - * - */ -typedef struct -{ - /** key store holding the data and other properties */ - sss_key_store_t *keyStore; - /** The type/part of object is referneced from @ref sss_key_part_t */ - uint32_t objectType; - /** cipherType type from @ref sss_cipher_type_t */ - uint32_t cipherType; - /** Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_KEY_OBJECT_MAX_CONTEXT_SIZE]; - } extension; -} sss_object_t; - -/** @} */ - -/** - * @addtogroup sss_crypto_symmetric - * @{ - */ - -/** @brief Typedef for the symmetric crypto context */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - /** Key to be used for the symmetric operation */ - sss_object_t *keyObject; - /** Algorithm to be applied, e.g AES_ECB / CBC */ - sss_algorithm_t algorithm; - /** Mode of operation, e.g Encryption/Decryption */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_SYMMETRIC_MAX_CONTEXT_SIZE]; - } extension; -} sss_symmetric_t; -/** @} */ - -/** @brief Authenticated Encryption with Additional Data - * - */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - /** Key to be used for asymmetric */ - sss_object_t *keyObject; - /** Algorithm to be used */ - sss_algorithm_t algorithm; - /** High level operation (encrypt/decrypt) */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_AEAD_MAX_CONTEXT_SIZE]; - } extension; -} sss_aead_t; - -/** Message Digest operations */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - /** Algorithm to be applied, e.g SHA1, SHA256 */ - sss_algorithm_t algorithm; - /** Mode of operation, e.g Sign/Verify */ - sss_mode_t mode; - /** Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_DIGEST_MAX_CONTEXT_SIZE]; - } extension; -} sss_digest_t; - -/** @brief Message Authentication Code - * - */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - /** Key to be used for ... */ - sss_object_t *keyObject; - /** Algorithm to be applied, e.g. MAC/CMAC */ - sss_algorithm_t algorithm; - /** Mode of operation for MAC (kMode_SSS_Mac) */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_MAC_MAX_CONTEXT_SIZE]; - } extension; -} sss_mac_t; - -/** @brief Asymmetric Cryptographic operations - * - * e.g. RSA/ECC. - */ - -typedef struct -{ - /** Pointer to root session */ - sss_session_t *session; - /** KeyObject used for Asymmetric operation */ - sss_object_t *keyObject; - /** Algorithm to be applied, e.g. ECDSA */ - sss_algorithm_t algorithm; - /** Mode of operation for the Asymmetric operation. - * e.g. Sign/Verify/Encrypt/Decrypt */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_ASYMMETRIC_MAX_CONTEXT_SIZE]; - } extension; -} sss_asymmetric_t; - -/** Header for a IS716 APDU */ - -typedef struct -{ - /** ISO 7816 APDU Header */ - uint8_t hdr[0 /* For Indentation */ - + 1 /* CLA */ - + 1 /* INS */ - + 1 /* P1 */ - + 1 /* P2 */ - ]; -} tlvHeader_t; - -/** Tunneling - * - * Used for communication via another system. - */ -typedef struct -{ - /** Pointer to the session */ - sss_session_t *session; - /** Tunnel to which Applet (Currently unused) */ - uint32_t tunnelType; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_TUNNEL_MAX_CONTEXT_SIZE]; - } extension; -} sss_tunnel_t; - -/** - * @addtogroup sss_crypto_derive_key - * @{ - */ - -/** Key derivation */ -typedef struct -{ - /** Pointer to the session */ - sss_session_t *session; - /** KeyObject used to derive key s*/ - sss_object_t *keyObject; - /** Algorithm to be applied, e.g. ... */ - sss_algorithm_t algorithm; - /** Mode of operation for .... e.g. ... */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_DERIVE_KEY_MAX_CONTEXT_SIZE]; - } extension; -} sss_derive_key_t; -/** @} */ - -/** Random number generator context */ -typedef struct -{ - /** Pointer to the session */ - sss_session_t *session; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_RNG_MAX_CONTEXT_SIZE]; - } context; - -} sss_rng_context_t; - -/******************************************************************************* - * API - ******************************************************************************/ -#if defined(__cplusplus) -extern "C" { -#endif - -/** - * @addtogroup sss_session - * @{ - */ - -/** - * Same as @ref sss_session_open but to support sub systems - * that explictily need a create before opening. - * - * For the sake of portabilty across various sub systems, - * the applicaiton has to call @ref sss_session_create - * before calling @ref sss_session_open. - * - * - * @param[in,out] session Pointer to session context - * @param[in] subsystem See @ref sss_session_open - * @param[in] application_id See @ref sss_session_open - * @param[in] connection_type See @ref sss_session_open - * @param[in] connectionData See @ref sss_session_open - */ -sss_status_t sss_session_create(sss_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** - * @brief Open session between application and a security subsystem. - * - * Open virtual session between application (user context) and a - * security subsystem and function thereof. Pointer to session - * shall be supplied to all SSS APIs as argument. Low level SSS - * functions can provide implementation specific behaviour based - * on the session argument. - * Note: sss_session_open() must not be called concurrently from - * multiple threads. The application must ensure this. - * - * @param[in,out] session Session context. - * @param[in] subsystem Indicates which security subsystem is - * selected to be used. - * @param[in] application_id ObjectId/AuthenticationID Connecting to: - * - ``application_id`` == 0 => Super use / Plaform user - * - Anything else => Authenticated user - * @param[in] connection_type How are we connecting to the system. - * @param[in,out] connectionData subsystem specific connection parameters. - * - * @return status - */ -sss_status_t sss_session_open(sss_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** - * @brief Get an underlying property of the crypto sub system - * - * This API is used to get values that are - * numeric in nature. - * - * Property can be either fixed value that is - * calculated at compile time and returned - * directly, or it may involve some access to the - * underlying system. - * - * For applicable properties see @ref sss_session_prop_u32_t - * - * @param[in] session Session context - * @param[in] property Value that is part of @ref sss_session_prop_u32_t - * @param[out] pValue - * - * @return - */ -sss_status_t sss_session_prop_get_u32(sss_session_t *session, uint32_t property, uint32_t *pValue); - -/** - * @brief Get an underlying property of the crypto sub system - * - * This API is used to get values that are - * numeric in nature. - * - * Property can be either fixed value that is - * calculated at compile time and returned - * directly, or it may involve some access to the - * underlying system. - * - * @param[in] session Session context - * @param[in] property Value that is part of @ref sss_session_prop_au8_t - * @param[out] pValue Output buffer array - * @param[in,out] pValueLen Count of values thare are/must br read - * @return - */ -sss_status_t sss_session_prop_get_au8(sss_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** - * @brief Close session between application and security subsystem. - * - * This function closes a session which has been opened with a security subsystem. - * All commands within the session must have completed before this function can be called. - * The implementation must do nothing if the input ``session`` parameter is NULL. - * - * - * @param session Session context. - */ -void sss_session_close(sss_session_t *session); - -/** Counterpart to @ref sss_session_create - * - * Similar to contraint on @ref sss_session_create, application - * may call @ref sss_session_delete to explicitly release all - * underlying/used session specific resoures of that implementation. - */ -void sss_session_delete(sss_session_t *session); - -/** - *@} - */ /* end of sss_session */ - -/** - * @addtogroup sss_key_store - * @{ - */ - -/** @brief Constructor for the key store context data structure. - * - * @param[out] keyStore Pointer to key store context. Key store context is updated on function return. - * @param session Session context. - */ -sss_status_t sss_key_store_context_init(sss_key_store_t *keyStore, sss_session_t *session); - -/** @brief Get handle to key store. - * If the key store already exists, nothing is allocated. - * If the key store does not exists, new empty key store is created and initialized. - * Key store context structure is updated with actual information. - * - * @param[out] keyStore Pointer to key store context. Key store context is updated on function return. - * @param keyStoreId Implementation specific ID, can be used in case security subsystem manages multiple different - * key stores. - */ -sss_status_t sss_key_store_allocate(sss_key_store_t *keyStore, uint32_t keyStoreId); - -/** @brief Save all cached persistent objects to persistent memory. - */ -sss_status_t sss_key_store_save(sss_key_store_t *keyStore); - -/** @brief Load from persistent memory to cached objects. - */ -sss_status_t sss_key_store_load(sss_key_store_t *keyStore); - -/** @brief This function moves data[] from memory to the destination key store. - * - * @param keyStore Key store context - * @param keyObject Reference to a key and it's properties - * @param data Data to be stored in Key. When setting ecc private key only, do not include key header. - * @param dataLen Length of the data - * @param keyBitLen Crypto algorithm key bit length - * @param options Pointer to implementation specific options - * @param optionsLen Length of the options in bytes - * - * @return - */ -sss_status_t sss_key_store_set_key(sss_key_store_t *keyStore, - sss_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @brief This function generates key[] in the destination key store. */ -sss_status_t sss_key_store_generate_key( - sss_key_store_t *keyStore, sss_object_t *keyObject, size_t keyBitLen, void *options); - -/** @brief This function exports plain key[] from key store (if constraints and user id allows reading) */ -sss_status_t sss_key_store_get_key( - sss_key_store_t *keyStore, sss_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); - -/** - * @brief Access key store using one more level of encryption - * - * e.g. Access keys / encryption key during storage - * - * @param keyStore The key store - * @param keyObject The key object that is to be used as a KEK (Key Encryption Key) - * - * @return The sss status. - */ -sss_status_t sss_key_store_open_key(sss_key_store_t *keyStore, sss_object_t *keyObject); - -/** - * @brief The referenced key cannot be updated any more. - * - * @param keyStore The key store - * @param keyObject The key object to be locked / frozen. - * - * @return The sss status. - */ -sss_status_t sss_key_store_freeze_key(sss_key_store_t *keyStore, sss_object_t *keyObject); - -/** - * @brief Delete / destroy allocated keyObect . - * - * @param keyStore The key store - * @param keyObject The key object to be deleted - * - * @return The sss status. - */ -sss_status_t sss_key_store_erase_key(sss_key_store_t *keyStore, sss_object_t *keyObject); - -// sss_status_t sss_key_store_clear_all(sss_key_store_t *keyStore); - -/** @brief Destructor for the key store context. */ -void sss_key_store_context_free(sss_key_store_t *keyStore); - -/** - *@} - */ /* end of sss_key_store */ - -/** - * @addtogroup sss_key_object - * @{ - */ - -/** @brief Constructor for a key object data structure - * The function initializes keyObject data structure and associates it with a key store - * in which the plain key and other attributes are stored. - * - * @param keyObject - * @param keyStore - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_key_object_init(sss_object_t *keyObject, sss_key_store_t *keyStore); - -/** - * @brief Allocate / pre-provision memory for new key - * - * This API allows underlying cryptographic subsystems to perform - * preconditions of before creating any cryptographic key object. - * - * @param[in,out] keyObject The object If required, update implementation - * defined values inside the keyObject - * @param keyId External Key ID. Later on this may be used by - * @ref sss_key_object_get_handle - * @param keyPart See @ref sss_key_part_t - * @param cipherType See @ref sss_cipher_type_t - * @param keyByteLenMax Maximum storage this type of key may need. For - * systems that have their own internal allocation - * table this would help - * @param options 0 = Persistant Key (Default) or Transient Key. - * See sss_key_object_mode_t - * - * @return Status of object allocation. - */ -sss_status_t sss_key_object_allocate_handle(sss_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); /* Check if this can be made sss_key_object_mode_t */ - -/** - * @brief Get handle to an existing allocated/provisioned/created Object - * - * See @ref sss_key_object_allocate_handle. - * - * After calling this API, Ideally keyObject should become equivlant - * to as set after the calling of @ref - * sss_key_object_allocate_handle api. - * - * @param keyObject The key object - * @param[in] keyId The key identifier - * - * @return The sss status. - */ -sss_status_t sss_key_object_get_handle(sss_object_t *keyObject, uint32_t keyId); - -/** @brief Assign user to a key object. - * - * @param keyObject the object where permission restrictions are applied - * - * @param user Assign User id for a key object. The user is kept in the key - * store along with the key data and other properties. - * @param options Transient or persistent update. Allows for transient update - * of persistent attributes. - */ -sss_status_t sss_key_object_set_user(sss_object_t *keyObject, uint32_t user, uint32_t options); - -/** @brief Assign purpose to a key object. - * - * @param keyObject the object where permission restrictions are applied - * @param purpose Usage of the key. - * @param options Transient or persistent update. Allows for transient update of persistent attributes. - */ -sss_status_t sss_key_object_set_purpose(sss_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @brief Assign access permissions to a key object. - * - * @param keyObject the object where permission restrictions are applied - * @param access Logical OR of read, write, delete, use, change attributes defined by enum _sss_access_permission. - * @param options Transient or persistent update. Allows for transient update of persistent attributes. - */ -sss_status_t sss_key_object_set_access(sss_object_t *keyObject, uint32_t access, uint32_t options); - -/** @brief Set elliptic curve domain parameters over Fp for a key object - * - * When the key object is a reference to one of ECC Private, ECC Public or ECC Pair key types, - * this function shall be used to specify the exact domain parameters prior to using the key object - * for ECDSA or ECDH algorithms. - * - * @param keyObject The destination key object - * @param group Pointer to elliptic curve domain parameters over Fp (sextuple p,a,b,G,n,h) - */ -sss_status_t sss_key_object_set_eccgfp_group(sss_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @brief get attributes */ -sss_status_t sss_key_object_get_user(sss_object_t *keyObject, uint32_t *user); - -/** Check what is purpose restrictions on an object - * - * @param keyObject Object to be checked - * @param purpose Know what is permitted. - * @return - */ -sss_status_t sss_key_object_get_purpose(sss_object_t *keyObject, sss_mode_t *purpose); - -/** Check what are access restrictions on an object - * - * @param keyObject Object - * @param access What is permitted - * @return - */ -sss_status_t sss_key_object_get_access(sss_object_t *keyObject, uint32_t *access); - -/** @brief Destructor for the key object. - * The function frees key object context. - * - * @param keyObject Pointer to key object context. - */ -void sss_key_object_free(sss_object_t *keyObject); - -/** - *@} - */ /* end of sss_key_object */ - -/** - * @addtogroup sss_crypto_symmetric - * @{ - */ - -/** @brief Symmetric context init. - * The function initializes symmetric context with initial values. - * - * @param context Pointer to symmetric crypto context. - * @param session Associate SSS session with symmetric context. - * @param keyObject Associate SSS key object with symmetric context. - * @param algorithm One of the symmetric algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_symmetric_context_init(sss_symmetric_t *context, - sss_session_t *session, - sss_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @brief Symmetric cipher in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to symmetric crypto context. - * @param iv Buffer containing the symmetric operation Initialization Vector. - * @param ivLen Length of the Initialization Vector in bytes. - * @param srcData Buffer containing the input data (block aligned). - * @param destData Buffer containing the output data. - * @param dataLen Size of input and output data buffer in bytes. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_cipher_one_go( - sss_symmetric_t *context, uint8_t *iv, size_t ivLen, const uint8_t *srcData, uint8_t *destData, size_t dataLen); - -/** @brief Symmetric cipher init. - * The function starts the symmetric cipher operation. - * - * @param context Pointer to symmetric crypto context. - * @param iv Buffer containing the symmetric operation Initialization Vector. - * @param ivLen Length of the Initialization Vector in bytes. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_cipher_init(sss_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @brief Symmetric cipher update. - * Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. - * Unless one or more calls of this function have supplied sufficient input data, no output is generated. - * The cipher operation is finalized with a call to @ref sss_cipher_finish(). - * - * @param context Pointer to symmetric crypto context. - * @param srcData Buffer containing the input data. - * @param srcLen Length of the input data in bytes. - * @param destData Buffer containing the output data. - * @param[in,out] destLen Length of the output data in bytes. Buffer length on entry, reflects actual output size on - * return. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_cipher_update( - sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Symmetric cipher finalize. - * - * @param context Pointer to symmetric crypto context. - * @param srcData Buffer containing final chunk of input data. - * @param srcLen Length of final chunk of input data in bytes. - * @param destData Buffer containing output data. - * @param[in,out] destLen Length of output data in bytes. Buffer length on entry, reflects actual output size on - * return. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_cipher_finish( - sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Symmetric AES in Counter mode in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to symmetric crypto context. - * @param srcData Buffer containing the input data. - * @param destData Buffer containing the output data. - * @param size Size of source and destination data buffers in bytes. - * @param[in,out] initialCounter Input counter (updates on return) - * @param[out] lastEncryptedCounter Output cipher of last counter, for chained CTR calls. NULL can be passed if - * chained calls are not used. - * @param[out] szLeft Output number of bytes in left unused in lastEncryptedCounter block. NULL can be passed if - * chained calls are not used. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_cipher_crypt_ctr(sss_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @brief Symmetric context release. - * The function frees symmetric context. - * - * @param context Pointer to symmetric crypto context. - */ -void sss_symmetric_context_free(sss_symmetric_t *context); -/** - *@} - */ /* end of sss_crypto_symmetric */ - -/** - * @addtogroup sss_crypto_aead - * @{ - */ - -/** @brief AEAD context init. - * The function initializes aead context with initial values. - * - * @param context Pointer to aead crypto context. - * @param session Associate SSS session with aead context. - * @param keyObject Associate SSS key object with aead context. - * @param algorithm One of the aead algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_aead_context_init( - sss_aead_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @brief AEAD in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to aead crypto context. - * @param srcData Buffer containing the input data. - * @param destData Buffer containing the output data. - * @param size Size of input and output data buffer in bytes. - * @param nonce The operation nonce or IV. - * @param nonceLen The length of nonce in bytes. For AES-GCM it must be >= 1. For AES-CCM it must be 7, 8, 9, 10, - * 11, 12, or 13. - * @param aad Input additional authentication data AAD - * @param aadLen Input size in bytes of AAD - * @param tag Encryption: Output buffer filled with computed tag - * Decryption: Input buffer filled with received tag - * @param tagLen Length of the tag in bytes. - * For AES-GCM it must be 4,8,12,13,14,15 or 16. - * For AES-CCM it must be 4,6,8,10,12,14 or 16. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_aead_one_go(sss_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @brief AEAD init. - * The function starts the aead operation. - * - * @param context Pointer to aead crypto context. - * @param nonce The operation nonce or IV. - * @param nonceLen The length of nonce in bytes. For AES-GCM it must be >= 1. For AES-CCM it must be 7, 8, 9, 10, - * 11, 12, or 13. - * @param tagLen Length of the computed or received tag in bytes. - * For AES-GCM it must be 4,8,12,13,14,15 or 16. - * For AES-CCM it must be 4,6,8,10,12,14 or 16. - * @param aadLen Input size in bytes of AAD. Used only for AES-CCM. Ignored for AES-GCM. - * @param payloadLen Length in bytes of the payload. Used only for AES-CCM. Ignored for AES-GCM. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_aead_init( - sss_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @brief Feeds a new chunk of the AAD. - * Subsequent calls of this function are possible. - * - * @param context Pointer to aead crypto context - * @param aadData Input buffer containing the chunk of AAD - * @param aadDataLen Length of the AAD data in bytes. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_aead_update_aad(sss_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @brief AEAD data update. - * Feeds a new chunk of the data payload. - * Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. - * Unless one or more calls of this function have supplied sufficient input data, no output is generated. - * The integration check is done by @ref sss_aead_finish(). Until then it is not sure if the decrypt data is - * authentic. - * - * @param context Pointer to aead crypto context. - * @param srcData Buffer containing the input data. - * @param srcLen Length of the input data in bytes. - * @param destData Buffer containing the output data. - * @param[in,out] destLen Length of the output data in bytes. Buffer length on entry, reflects actual output size on - * return. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_aead_update( - sss_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Finalize AEAD. - * The functions processes data that has not been processed by previous calls to sss_aead_update() as well as - * srcData. It finalizes the AEAD operations and computes the tag (encryption) or compares the computed tag with the - * tag supplied in the parameter (decryption). - * - * @param context Pointer to aead crypto context. - * @param srcData Buffer containing final chunk of input data. - * @param srcLen Length of final chunk of input data in bytes. - * @param destData Buffer containing output data. - * @param[in,out] destLen Length of output data in bytes. Buffer length on entry, reflects actual output size on - * return. - * @param tag Encryption: Output buffer filled with computed tag - * Decryption: Input buffer filled with received tag - * @param tagLen Length of the computed or received tag in bytes. - * For AES-GCM it must be 4,8,12,13,14,15 or 16. - * For AES-CCM it must be 4,6,8,10,12,14 or 16. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_aead_finish(sss_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @brief AEAD context release. - * The function frees aead context. - * - * @param context Pointer to aead context. - */ -void sss_aead_context_free(sss_aead_t *context); -/** - *@} - */ /* end of sss_crypto_aead */ - -/** - * @addtogroup sss_crypto_digest - * @{ - */ - -/** @brief Digest context init. - * The function initializes digest context with initial values. - * - * @param context Pointer to digest context. - * @param session Associate SSS session with digest context. - * @param algorithm One of the digest algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_digest_context_init( - sss_digest_t *context, sss_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @brief Message digest in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to digest context. - * @param message Input message - * @param messageLen Length of the input message in bytes - * @param digest Output message digest - * @param digestLen Message digest byte length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_digest_one_go( - sss_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @brief Init digest for a message. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to digest context. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_digest_init(sss_digest_t *context); - -/** @brief Update digest for a message. - * - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to digest context. - * @param message Buffer with a message chunk. - * @param messageLen Length of the input buffer in bytes. - * @returns Status of the operation - * - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_digest_update(sss_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @brief Finish digest for a message. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to digest context. - * @param digest Output message digest - * @param digestLen Message digest byte length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_digest_finish(sss_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @brief Digest context release. - * The function frees digest context. - * - * @param context Pointer to digest context. - */ -void sss_digest_context_free(sss_digest_t *context); - -/** - *@} - */ /* end of sss_crypto_digest */ - -/** - * @addtogroup sss_crypto_mac - * @{ - */ - -/** @brief MAC context init. - * The function initializes mac context with initial values. - * - * @param context Pointer to mac context. - * @param session Associate SSS session with mac context. - * @param keyObject Associate SSS key object with mac context. - * @param algorithm One of the mac algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_mac_context_init( - sss_mac_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @brief Message MAC in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to mac context. - * @param message Input message - * @param messageLen Length of the input message in bytes - * @param mac Output message MAC - * @param macLen Computed MAC byte length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_mac_one_go( - sss_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @brief Init mac for a message. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to mac context. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_mac_init(sss_mac_t *context); - -/** @brief Update mac for a message. - * - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to mac context. - * @param message Buffer with a message chunk. - * @param messageLen Length of the input buffer in bytes. - * @returns Status of the operation - * - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_mac_update(sss_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @brief Finish mac for a message. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to mac context. - * @param mac Output message MAC - * @param macLen Computed MAC byte length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_mac_finish(sss_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @brief MAC context release. - * The function frees mac context. - * - * @param context Pointer to mac context. - */ -void sss_mac_context_free(sss_mac_t *context); -/** - *@} - */ /* end of sss_crypto_mac */ - -/** - * @addtogroup sss_crypto_asymmetric - * @{ - */ - -/** @brief Asymmetric context init. - * The function initializes asymmetric context with initial values. - * - * @param context Pointer to asymmetric crypto context. - * @param session Associate SSS session with asymmetric context. - * @param keyObject Associate SSS key object with asymmetric context. - * @param algorithm One of the asymmetric algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_context_init(sss_asymmetric_t *context, - sss_session_t *session, - sss_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @brief Asymmetric encryption - * The function uses asymmetric algorithm to encrypt data. Public key portion of a key pair is used for encryption. - * - * @param context Pointer to asymmetric context. - * @param srcData Input buffer - * @param srcLen Length of the input in bytes - * @param destData Output buffer - * @param destLen Length of the output in bytes - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_encrypt( - sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Asymmetric decryption - * The function uses asymmetric algorithm to decrypt data. Private key portion of a key pair is used for - * decryption. - * - * @param context Pointer to asymmetric context. - * @param srcData Input buffer - * @param srcLen Length of the input in bytes - * @param destData Output buffer - * @param destLen Length of the output in bytes - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_decrypt( - sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Asymmetric signature of a message digest - * The function signs a message digest. - * - * @param context Pointer to asymmetric context. - * @param digest Input buffer containing the input message digest - * @param digestLen Length of the digest in bytes - * @param signature Output buffer written with the signature of the digest - * @param signatureLen Length of the signature in bytes - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_sign_digest( - sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @brief Asymmetric verify of a message digest - * The function verifies a message digest. - * - * @param context Pointer to asymmetric context. - * @param digest Input buffer containing the input message digest - * @param digestLen Length of the digest in bytes - * @param signature Input buffer containing the signature to verify - * @param signatureLen Length of the signature in bytes - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_verify_digest( - sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @brief Asymmetric context release. - * The function frees asymmetric context. - * - * @param context Pointer to asymmetric context. - */ -void sss_asymmetric_context_free(sss_asymmetric_t *context); -/** - *@} - */ /* end of sss_crypto_asymmetric */ - -/** - * @addtogroup sss_crypto_derive_key - * @{ - */ - -/** @brief Derive key context init. - * The function initializes derive key context with initial values. - * - * @param context Pointer to derive key context. - * @param session Associate SSS session with the derive key context. - * @param keyObject Associate SSS key object with the derive key context. - * @param algorithm One of the derive key algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_context_init(sss_derive_key_t *context, - sss_session_t *session, - sss_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @brief Symmetric key derivation - * The function cryptographically derives a key from another key. - * For example MIFARE key derivation, PRF, HKDF-Extract. - * - * @deprecated Please use ::sss_derive_key_one_go instead - * - * @param context Pointer to derive key context. - * @param saltData Input data buffer, typically with some random data. - * @param saltLen Length of saltData buffer in bytes. - * @param info Input data buffer, typically with some fixed info. - * @param infoLen Length of info buffer in bytes. - * @param[in,out] derivedKeyObject Reference to a derived key - * @param deriveDataLen Requested length of output - * @param hkdfOutput Output buffer containing key derivation output - * @param hkdfOutputLen Output containing length of hkdfOutput - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_go(sss_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @brief Symmetric key derivation (replaces the deprecated function ::sss_derive_key_go) - * The function cryptographically derives a key from another key. - * For example MIFARE key derivation, PRF, HKDF-Extract-Expand, HKDF-Expand. - * Refer to ::sss_derive_key_sobj_one_go in case the Salt is available as a key object. - * - * @param context Pointer to derive key context. - * @param saltData Input data buffer, typically with some random data. - * @param saltLen Length of saltData buffer in bytes. - * @param info Input data buffer, typically with some fixed info. - * @param infoLen Length of info buffer in bytes. - * @param[in,out] derivedKeyObject Reference to a derived key - * @param[in] deriveDataLen Expected length of derived key. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_one_go(sss_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** - * @brief Symmetric key derivation (salt in key object) - * Refer to ::sss_derive_key_one_go in case the salt is not available as a key object. - * - * @param context Pointer to derive key context - * @param saltKeyObject Reference to salt. The salt key object must reside in the same keystore as the derive key context. - * @param[in] info Input data buffer, typically with some fixed info. - * @param[in] infoLen Length of info buffer in bytes. - * @param derivedKeyObject Reference to a derived key - * @param[in] deriveDataLen The derive data length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_sobj_one_go(sss_derive_key_t *context, - sss_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @brief Asymmetric key derivation Diffie-Helmann - * The function cryptographically derives a key from another key. - * For example Diffie-Helmann. - * - * @param context Pointer to derive key context. - * @param otherPartyKeyObject Public key of the other party in the Diffie-Helmann algorithm - * @param[in,out] derivedKeyObject Reference to a derived key - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_dh( - sss_derive_key_t *context, sss_object_t *otherPartyKeyObject, sss_object_t *derivedKeyObject); - -/** @brief Derive key context release. - * The function frees derive key context. - * - * @param context Pointer to derive key context. - */ -void sss_derive_key_context_free(sss_derive_key_t *context); -/** - *@} - */ /* end of sss_crypto_derive_key */ - -/** - * @addtogroup sss_rng - * @{ - */ - -/** - * @brief Initialise random generator context between application and a security subsystem. - * - * - * @warning API Changed - * - * Earlier: - * sss_status_t sss_rng_context_init( - * sss_session_t *session, sss_rng_context_t *context); - * - * Now: Parameters are swapped - * sss_status_t sss_rng_context_init( - * sss_rng_context_t *context, sss_session_t *session); - * - * @param session Session context. - * @param context random generator context. - * @return status - */ -sss_status_t sss_rng_context_init(sss_rng_context_t *context, sss_session_t *session); - -/** - * @brief Generate random number. - * - * @param context random generator context. - * @param random_data buffer to hold random data. - * @param dataLen required random number length - * @return status - */ -sss_status_t sss_rng_get_random(sss_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** - * @brief free random genertor context. - * - * @param context generator context. - * @return status - */ -sss_status_t sss_rng_context_free(sss_rng_context_t *context); - -/** - *@} - */ /* end of sss_rng */ - -/** - * @addtogroup sss_crypto_tunnel - * @{ - */ - -/** @brief Constructor for the tunnelling service context. - * - * Earlier: - * sss_status_t sss_tunnel_context_init( - * sss_session_t *session, sss_tunnel_t *context); - * - * Now: Parameters are swapped - * sss_status_t sss_tunnel_context_init( - * sss_tunnel_t *context, sss_session_t *session); - * - * @param[out] context Pointer to tunnel context. Tunnel context is updated on function return. - * @param session Pointer to session this tunnelling service belongs to. - */ -sss_status_t sss_tunnel_context_init(sss_tunnel_t *context, sss_session_t *session); - -/** @brief Tunnelling service. - * - * @param[in,out] context Pointer to tunnel context. - * @param data Pointer to data to be send to subsystem. - * @param dataLen Length of the data in bytes. - * @param keyObjects Objects references used by the service. - * @param keyObjectCount Number of key references at ``keyObjects``. - * @param tunnelType Implementation specific id of the service. - */ -sss_status_t sss_tunnel(sss_tunnel_t *context, - uint8_t *data, - size_t dataLen, - sss_object_t *keyObjects, - uint32_t keyObjectCount, - uint32_t tunnelType); - -/** @brief Destructor for the tunnelling service context. - * - * @param[out] context Pointer to tunnel context. */ -void sss_tunnel_context_free(sss_tunnel_t *context); - -/** - *@} - */ /* end of sss_crypto_channel */ - -/** - * @addtogroup sss_str_log - * @{ - */ - -/** - * @brief Returns string error code for @ref sss_status_t - * - * @param[in] status See @ref sss_status_t - * - * @return String conversion of ``status`` to String. - */ - -const char *sss_status_sz(sss_status_t status); - -/** -* @brief Returns string error code for @ref sss_cipher_type_t -* -* @param[in] status See @ref sss_cipher_type_t -* -* @return String conversion of ``cipher_type`` to String. -*/ - -const char *sss_cipher_type_sz(sss_cipher_type_t cipher_type); - -/** - *@} - */ /* end of sss_str_log */ - -#if defined(__cplusplus) -} -#endif - -#endif /* _FSL_SSS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h deleted file mode 100644 index cdc223d1c..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Copyright 2019-2021 NXP - * - * SPDX-License-Identifier: Apache-2.0 - * - * - */ - -#ifndef SSS_APIS_VERSION_INFO_H_INCLUDED -#define SSS_APIS_VERSION_INFO_H_INCLUDED - - -/* clang-format off */ -#define SSS_APIS_PROD_NAME "SSS_APIs" -#define SSS_APIS_VER_STRING_NUM "v03.06.00_20210528" -#define SSS_APIS_PROD_NAME_VER_FULL "SSS_APIs_v03.06.00_20210528" -#define SSS_APIS_VER_MAJOR (3u) -#define SSS_APIS_VER_MINOR (6u) -#define SSS_APIS_VER_DEV (0u) - -/* v03.06 = 30006u */ -#define SSS_APIS_VER_MAJOR_MINOR ( 0 \ - | (SSS_APIS_VER_MAJOR * 10000u) \ - | (SSS_APIS_VER_MINOR)) - -/* v03.06.00 = 300060000ULL */ -#define SSS_APIS_VER_MAJOR_MINOR_DEV ( 0 \ - | (SSS_APIS_VER_MAJOR * 10000*10000u) \ - | (SSS_APIS_VER_MINOR * 10000u) \ - | (SSS_APIS_VER_DEV)) - -/* clang-format on */ - - -/* Version Information: - * Generated by: - * scripts\version_info.py (v2019.01.17_00) - * - * Do not edit this file. Update: - * sss/version_info.txt instead. - * - * prod_name = "SSS_APIs" - * - * prod_desc = "SSS APIs" - * - * lang_c_prefix = prod_name.upper() - * - * lang_namespace = "" - * - * v_major = "03" - * - * v_minor = "06" - * - * v_dev = "00" - * - * v_meta = "" - * - * maturity = "B" - * - * # - * # 03.00.00 : Changed Enums - * # - */ - -#endif /* SSS_APIS_VERSION_INFO_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h deleted file mode 100644 index 6d2b9c363..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _FSL_SSS_CONFIG_H_ -#define _FSL_SSS_CONFIG_H_ - -/* clang-format off */ -#define SSS_SESSION_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (1 * sizeof(void *)) \ - + (8 * sizeof(void *)) \ - + 16) -#define SSS_KEY_STORE_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (4 * sizeof(void *)) \ - + 16) -#define SSS_KEY_OBJECT_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (4 * sizeof(void *)) \ - + 16) -#define SSS_SYMMETRIC_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16 /* Buffer in case of unaligned block cipher operations */ \ - + 4 /* Buffer length in case of unaligned block cipher operations */ \ - + 16) -#define SSS_AEAD_MAX_CONTEXT_SIZE ( 0 \ - + (5 * sizeof(void *)) \ - + (6 * sizeof(int)) \ - + (5 * sizeof(void *)) \ - + 16) -#define SSS_DIGEST_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (3 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_MAC_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 32) -#define SSS_ASYMMETRIC_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + (3 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_TUNNEL_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_CHANNEL_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_DERIVE_KEY_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_RNG_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (2 * sizeof(void *)) \ - + 16) - -#define SSS_CONNECT_MAX_CONTEXT_SIZE ( 0 \ - + (4 * sizeof(void *)) \ - + 8 \ - ) - -#define SSS_AUTH_MAX_CONTEXT_SIZE ( 0 \ - + (3 * sizeof(void *)) \ - + 8 \ - ) - -#define SSS_POLICY_COUNT_MAX (10) - -/* clang-format on */ - -#endif /* _FSL_SSS_CONFIG_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h deleted file mode 100644 index 0113d794b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h +++ /dev/null @@ -1,673 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_FTR_H_ -#define SSS_APIS_INC_FSL_SSS_FTR_H_ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* clang-format off */ - - -/* # CMake Features : Start */ - - -/** Applet : The Secure Element Applet - * - * You can compile host library for different Applets listed below. - * Please note, some of these Applets may be for NXP Internal use only. - */ - -/** Compiling without any Applet Support */ -#define SSS_HAVE_APPLET_NONE 0 - -/** A71CH (ECC) */ -#define SSS_HAVE_APPLET_A71CH 0 - -/** A71CL (RSA) */ -#define SSS_HAVE_APPLET_A71CL 0 - -/** Similar to A71CH */ -#define SSS_HAVE_APPLET_A71CH_SIM 0 - -/** SE050 Type A (ECC) */ -#define SSS_HAVE_APPLET_SE05X_A 0 - -/** SE050 Type B (RSA) */ -#define SSS_HAVE_APPLET_SE05X_B 0 - -/** SE050 (Super set of A + B) */ -#define SSS_HAVE_APPLET_SE05X_C 1 - -/** SE050 (Similar to A71CL) */ -#define SSS_HAVE_APPLET_SE05X_L 0 - -/** NXP Internal testing Applet */ -#define SSS_HAVE_APPLET_LOOPBACK 0 - -#if (( 0 \ - + SSS_HAVE_APPLET_NONE \ - + SSS_HAVE_APPLET_A71CH \ - + SSS_HAVE_APPLET_A71CL \ - + SSS_HAVE_APPLET_A71CH_SIM \ - + SSS_HAVE_APPLET_SE05X_A \ - + SSS_HAVE_APPLET_SE05X_B \ - + SSS_HAVE_APPLET_SE05X_C \ - + SSS_HAVE_APPLET_SE05X_L \ - + SSS_HAVE_APPLET_LOOPBACK \ - ) > 1) -# error "Enable only one of 'Applet'" -#endif - - -#if (( 0 \ - + SSS_HAVE_APPLET_NONE \ - + SSS_HAVE_APPLET_A71CH \ - + SSS_HAVE_APPLET_A71CL \ - + SSS_HAVE_APPLET_A71CH_SIM \ - + SSS_HAVE_APPLET_SE05X_A \ - + SSS_HAVE_APPLET_SE05X_B \ - + SSS_HAVE_APPLET_SE05X_C \ - + SSS_HAVE_APPLET_SE05X_L \ - + SSS_HAVE_APPLET_LOOPBACK \ - ) == 0) -# error "Enable at-least one of 'Applet'" -#endif - - - -/** SE05X_Ver : SE05X Applet version. - * - * Selection of Applet version 03_XX enables SE050 features. - * Selection of Applet version 06_00 enables SE051 features. - * - */ - -/** SE050 */ -#define SSS_HAVE_SE05X_VER_03_XX 1 - -/** SE051 */ -#define SSS_HAVE_SE05X_VER_06_00 0 - -#if (( 0 \ - + SSS_HAVE_SE05X_VER_03_XX \ - + SSS_HAVE_SE05X_VER_06_00 \ - ) > 1) -# error "Enable only one of 'SE05X_Ver'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SE05X_VER_03_XX \ - + SSS_HAVE_SE05X_VER_06_00 \ - ) == 0) -# error "Enable at-least one of 'SE05X_Ver'" -#endif - - - -/** HostCrypto : Counterpart Crypto on Host - * - * What is being used as a cryptographic library on the host. - * As of now only OpenSSL / mbedTLS is supported - */ - -/** Use mbedTLS as host crypto */ -#define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 - -/** Use mbed-crypto as host crypto - * Required for ARM-PSA / TF-M */ -#define SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO 0 - -/** Use OpenSSL as host crypto */ -#define SSS_HAVE_HOSTCRYPTO_OPENSSL 0 - -/** User Implementation of Host Crypto - * e.g. Files at ``sss/src/user/crypto`` have low level AES/CMAC primitives. - * The files at ``sss/src/user`` use those primitives. - * This becomes an example for users with their own AES Implementation - * This then becomes integration without mbedTLS/OpenSSL for SCP03 / AESKey. - * - * .. note:: ECKey abstraction is not implemented/available yet. */ -#define SSS_HAVE_HOSTCRYPTO_USER 0 - -/** NO Host Crypto - * Note, this is unsecure and only provided for experimentation - * on platforms that do not have an mbedTLS PORT - * Many :ref:`sssftr-control` have to be disabled to have a valid build. */ -#define SSS_HAVE_HOSTCRYPTO_NONE 0 - -#if (( 0 \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_USER \ - + SSS_HAVE_HOSTCRYPTO_NONE \ - ) > 1) -# error "Enable only one of 'HostCrypto'" -#endif - - -#if (( 0 \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_USER \ - + SSS_HAVE_HOSTCRYPTO_NONE \ - ) == 0) -# error "Enable at-least one of 'HostCrypto'" -#endif - - - -/** mbedTLS_ALT : ALT Engine implementation for mbedTLS - * - * When set to None, mbedTLS would not use ALT Implementation to connect to / use Secure Element. - * This needs to be set to SSS for Cloud Demos over SSS APIs - */ - -/** Use SSS Layer ALT implementation */ -#define SSS_HAVE_MBEDTLS_ALT_SSS 1 - -/** Legacy implementation */ -#define SSS_HAVE_MBEDTLS_ALT_A71CH 0 - -/** Not using any mbedTLS_ALT - * - * When this is selected, cloud demos can not work with mbedTLS */ -#define SSS_HAVE_MBEDTLS_ALT_NONE 0 - -#if (( 0 \ - + SSS_HAVE_MBEDTLS_ALT_SSS \ - + SSS_HAVE_MBEDTLS_ALT_A71CH \ - + SSS_HAVE_MBEDTLS_ALT_NONE \ - ) > 1) -# error "Enable only one of 'mbedTLS_ALT'" -#endif - - -#if (( 0 \ - + SSS_HAVE_MBEDTLS_ALT_SSS \ - + SSS_HAVE_MBEDTLS_ALT_A71CH \ - + SSS_HAVE_MBEDTLS_ALT_NONE \ - ) == 0) -# error "Enable at-least one of 'mbedTLS_ALT'" -#endif - - - -/** SCP : Secure Channel Protocol - * - * In case we enable secure channel to Secure Element, which interface to be used. - */ - -/** */ -#define SSS_HAVE_SCP_NONE 0 - -/** Use SSS Layer for SCP. Used for SE050 family. */ -#define SSS_HAVE_SCP_SCP03_SSS 1 - -/** Use Host Crypto Layer for SCP03. Legacy implementation. Used for older demos of A71CH Family. */ -#define SSS_HAVE_SCP_SCP03_HOSTCRYPTO 0 - -#if (( 0 \ - + SSS_HAVE_SCP_NONE \ - + SSS_HAVE_SCP_SCP03_SSS \ - + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ - ) > 1) -# error "Enable only one of 'SCP'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SCP_NONE \ - + SSS_HAVE_SCP_SCP03_SSS \ - + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ - ) == 0) -# error "Enable at-least one of 'SCP'" -#endif - - - -/** FIPS : Enable or disable FIPS - * - * This selection mostly impacts tests, and generally not the actual Middleware - */ - -/** NO FIPS */ -#define SSS_HAVE_FIPS_NONE 1 - -/** SE050 IC FIPS */ -#define SSS_HAVE_FIPS_SE050 0 - -/** FIPS 140-2 */ -#define SSS_HAVE_FIPS_140_2 0 - -/** FIPS 140-3 */ -#define SSS_HAVE_FIPS_140_3 0 - -#if (( 0 \ - + SSS_HAVE_FIPS_NONE \ - + SSS_HAVE_FIPS_SE050 \ - + SSS_HAVE_FIPS_140_2 \ - + SSS_HAVE_FIPS_140_3 \ - ) > 1) -# error "Enable only one of 'FIPS'" -#endif - - -#if (( 0 \ - + SSS_HAVE_FIPS_NONE \ - + SSS_HAVE_FIPS_SE050 \ - + SSS_HAVE_FIPS_140_2 \ - + SSS_HAVE_FIPS_140_3 \ - ) == 0) -# error "Enable at-least one of 'FIPS'" -#endif - - - -/** SBL : Enable/Disable SBL Bootable support - * - * This option is to enable/disable boot from SBL by switching linker address - */ - -/** Not SBL bootable */ -#define SSS_HAVE_SBL_NONE 1 - -/** SE050 based LPC55S SBL bootable */ -#define SSS_HAVE_SBL_SBL_LPC55S 0 - -#if (( 0 \ - + SSS_HAVE_SBL_NONE \ - + SSS_HAVE_SBL_SBL_LPC55S \ - ) > 1) -# error "Enable only one of 'SBL'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SBL_NONE \ - + SSS_HAVE_SBL_SBL_LPC55S \ - ) == 0) -# error "Enable at-least one of 'SBL'" -#endif - - - -/** SE05X_Auth : SE050 Authentication - * - * This settings is used by examples to connect using various options - * to authenticate with the Applet. - * The SE05X_Auth options can be changed for KSDK Demos and Examples. - * To change SE05X_Auth option follow below steps. - * Set flag ``SSS_HAVE_SCP_SCP03_SSS`` to 1 and Reset flag ``SSS_HAVE_SCP_NONE`` to 0. - * To change SE05X_Auth option other than ``None`` and ``PlatfSCP03``, - * execute se05x_Delete_and_test_provision.exe in order to provision the Authentication Key. - * To change SE05X_Auth option to ``ECKey`` or ``ECKey_PlatfSCP03``, - * Set additional flag ``SSS_HAVE_HOSTCRYPTO_ANY`` to 1. - */ - -/** Use the default session (i.e. session less) login */ -#define SSS_HAVE_SE05X_AUTH_NONE 1 - -/** Do User Authentication with UserID */ -#define SSS_HAVE_SE05X_AUTH_USERID 0 - -/** Use Platform SCP for connection to SE */ -#define SSS_HAVE_SE05X_AUTH_PLATFSCP03 0 - -/** Do User Authentication with AES Key - * Earlier this was called AppletSCP03 */ -#define SSS_HAVE_SE05X_AUTH_AESKEY 0 - -/** Do User Authentication with EC Key - * Earlier this was called FastSCP */ -#define SSS_HAVE_SE05X_AUTH_ECKEY 0 - -/** UserID and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 0 - -/** AESKey and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 0 - -/** ECKey and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 0 - -#if (( 0 \ - + SSS_HAVE_SE05X_AUTH_NONE \ - + SSS_HAVE_SE05X_AUTH_USERID \ - + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY \ - + SSS_HAVE_SE05X_AUTH_ECKEY \ - + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ - ) > 1) -# error "Enable only one of 'SE05X_Auth'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SE05X_AUTH_NONE \ - + SSS_HAVE_SE05X_AUTH_USERID \ - + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY \ - + SSS_HAVE_SE05X_AUTH_ECKEY \ - + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ - ) == 0) -# error "Enable at-least one of 'SE05X_Auth'" -#endif - - - -/** A71CH_AUTH : A71CH Authentication - * - * This settings is used by SSS-API based examples to connect using either plain or authenticated to the A71CH. - */ - -/** Plain communication, not authenticated or encrypted */ -#define SSS_HAVE_A71CH_AUTH_NONE 1 - -/** SCP03 enabled */ -#define SSS_HAVE_A71CH_AUTH_SCP03 0 - -#if (( 0 \ - + SSS_HAVE_A71CH_AUTH_NONE \ - + SSS_HAVE_A71CH_AUTH_SCP03 \ - ) > 1) -# error "Enable only one of 'A71CH_AUTH'" -#endif - - -#if (( 0 \ - + SSS_HAVE_A71CH_AUTH_NONE \ - + SSS_HAVE_A71CH_AUTH_SCP03 \ - ) == 0) -# error "Enable at-least one of 'A71CH_AUTH'" -#endif - - -/* ====================================================================== * - * == Feature selection/values ========================================== * - * ====================================================================== */ - - -/** SE05X Secure Element : Symmetric AES */ -#define SSSFTR_SE05X_AES 1 - -/** SE05X Secure Element : Elliptic Curve Cryptography */ -#define SSSFTR_SE05X_ECC 1 - -/** SE05X Secure Element : RSA */ -#define SSSFTR_SE05X_RSA 1 - -/** SE05X Secure Element : KEY operations : SET Key */ -#define SSSFTR_SE05X_KEY_SET 1 - -/** SE05X Secure Element : KEY operations : GET Key */ -#define SSSFTR_SE05X_KEY_GET 1 - -/** SE05X Secure Element : Authenticate via ECKey */ -#define SSSFTR_SE05X_AuthECKey 1 - -/** SE05X Secure Element : Allow creation of user/authenticated session. - * - * If the intended deployment only uses Platform SCP - * Or it is a pure session less integration, this can - * save some code size. */ -#define SSSFTR_SE05X_AuthSession 1 - -/** SE05X Secure Element : Allow creation/deletion of Crypto Objects - * - * If disabled, new Crytpo Objects are neither created and - * old/existing Crypto Objects are not deleted. - * It is assumed that during provisioning phase, the required - * Crypto Objects are pre-created or they are never going to - * be needed. */ -#define SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ 1 - -/** Software : Symmetric AES */ -#define SSSFTR_SW_AES 1 - -/** Software : Elliptic Curve Cryptography */ -#define SSSFTR_SW_ECC 1 - -/** Software : RSA */ -#define SSSFTR_SW_RSA 1 - -/** Software : KEY operations : SET Key */ -#define SSSFTR_SW_KEY_SET 1 - -/** Software : KEY operations : GET Key */ -#define SSSFTR_SW_KEY_GET 1 - -/** Software : Used as a test counterpart - * - * e.g. Major part of the mebdTLS SSS layer is purely used for - * testing of Secure Element implementation, and can be avoided - * fully during many production scenarios. */ -#define SSSFTR_SW_TESTCOUNTERPART 1 - -/* ====================================================================== * - * == Computed Options ================================================== * - * ====================================================================== */ - -/** Symmetric AES */ -#define SSSFTR_AES (SSSFTR_SE05X_AES + SSSFTR_SW_AES) -/** Elliptic Curve Cryptography */ -#define SSSFTR_ECC (SSSFTR_SE05X_ECC + SSSFTR_SW_ECC) -/** RSA */ -#define SSSFTR_RSA (SSSFTR_SE05X_RSA + SSSFTR_SW_RSA) -/** KEY operations : SET Key */ -#define SSSFTR_KEY_SET (SSSFTR_SE05X_KEY_SET + SSSFTR_SW_KEY_SET) -/** KEY operations : GET Key */ -#define SSSFTR_KEY_GET (SSSFTR_SE05X_KEY_GET + SSSFTR_SW_KEY_GET) -/** KEY operations */ -#define SSSFTR_KEY (SSSFTR_KEY_SET + SSSFTR_KEY_GET) -/** KEY operations */ -#define SSSFTR_SE05X_KEY (SSSFTR_SE05X_KEY_SET + SSSFTR_SE05X_KEY_GET) -/** KEY operations */ -#define SSSFTR_SW_KEY (SSSFTR_SW_KEY_SET + SSSFTR_SW_KEY_GET) - - -#define SSS_HAVE_APPLET \ - (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CL | SSS_HAVE_APPLET_A71CH_SIM | SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C | SSS_HAVE_APPLET_SE05X_L | SSS_HAVE_APPLET_LOOPBACK) - -#define SSS_HAVE_APPLET_SE05X_IOT \ - (SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C) - -#define SSS_HAVE_MBEDTLS_ALT \ - (SSS_HAVE_MBEDTLS_ALT_SSS | SSS_HAVE_MBEDTLS_ALT_A71CH) - -#define SSS_HAVE_HOSTCRYPTO_ANY \ - (SSS_HAVE_HOSTCRYPTO_MBEDTLS | SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO | SSS_HAVE_HOSTCRYPTO_OPENSSL | SSS_HAVE_HOSTCRYPTO_USER) - -#define SSS_HAVE_FIPS \ - (SSS_HAVE_FIPS_SE050 | SSS_HAVE_FIPS_140_2 | SSS_HAVE_FIPS_140_3) - - -/* Version checks GTE - Greater Than Or Equal To */ -#if SSS_HAVE_APPLET_SE05X_IOT -# if SSS_HAVE_SE05X_VER_06_00 -# define SSS_HAVE_SE05X_VER_GTE_06_00 1 -# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 -# endif /* SSS_HAVE_SE05X_VER_06_00 */ -# if SSS_HAVE_SE05X_VER_03_XX -# define SSS_HAVE_SE05X_VER_GTE_06_00 0 -# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 -# endif /* SSS_HAVE_SE05X_VER_03_XX */ -#else //SSS_HAVE_APPLET_SE05X_IOT -# define SSS_HAVE_SE05X_VER_GTE_03_XX 0 -# define SSS_HAVE_SE05X_VER_GTE_06_00 0 -#endif // SSS_HAVE_APPLET_SE05X_IOT -/** Deprecated items. Used here for backwards compatibility. */ - -#define WithApplet_SE05X (SSS_HAVE_APPLET_SE05X_IOT) -#define WithApplet_SE050_A (SSS_HAVE_APPLET_SE05X_A) -#define WithApplet_SE050_B (SSS_HAVE_APPLET_SE05X_B) -#define WithApplet_SE050_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE050_A (SSS_HAVE_APPLET_SE05X_A) -#define SSS_HAVE_SE050_B (SSS_HAVE_APPLET_SE05X_B) -#define SSS_HAVE_SE050_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE05X (SSS_HAVE_APPLET_SE05X_IOT) -#define SSS_HAVE_SE (SSS_HAVE_APPLET) -#define SSS_HAVE_LOOPBACK (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_ALT (SSS_HAVE_MBEDTLS_ALT) -#define WithApplet_None (SSS_HAVE_APPLET_NONE) -#define SSS_HAVE_None (SSS_HAVE_APPLET_NONE) -#define WithApplet_A71CH (SSS_HAVE_APPLET_A71CH) -#define SSS_HAVE_A71CH (SSS_HAVE_APPLET_A71CH) -#define WithApplet_A71CL (SSS_HAVE_APPLET_A71CL) -#define SSS_HAVE_A71CL (SSS_HAVE_APPLET_A71CL) -#define WithApplet_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) -#define SSS_HAVE_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) -#define WithApplet_SE05X_A (SSS_HAVE_APPLET_SE05X_A) -#define SSS_HAVE_SE05X_A (SSS_HAVE_APPLET_SE05X_A) -#define WithApplet_SE05X_B (SSS_HAVE_APPLET_SE05X_B) -#define SSS_HAVE_SE05X_B (SSS_HAVE_APPLET_SE05X_B) -#define WithApplet_SE05X_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE05X_C (SSS_HAVE_APPLET_SE05X_C) -#define WithApplet_SE05X_L (SSS_HAVE_APPLET_SE05X_L) -#define SSS_HAVE_SE05X_L (SSS_HAVE_APPLET_SE05X_L) -#define WithApplet_LoopBack (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_LoopBack (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_MBEDTLS (SSS_HAVE_HOSTCRYPTO_MBEDTLS) -#define SSS_HAVE_MBEDCRYPTO (SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO) -#define SSS_HAVE_OPENSSL (SSS_HAVE_HOSTCRYPTO_OPENSSL) -#define SSS_HAVE_USER (SSS_HAVE_HOSTCRYPTO_USER) -#define SSS_HAVE_NONE (SSS_HAVE_HOSTCRYPTO_NONE) -#define SSS_HAVE_ALT_SSS (SSS_HAVE_MBEDTLS_ALT_SSS) -#define SSS_HAVE_ALT_A71CH (SSS_HAVE_MBEDTLS_ALT_A71CH) -#define SSS_HAVE_ALT_NONE (SSS_HAVE_MBEDTLS_ALT_NONE) -#define SSS_HAVE_SE05X_Auth_None (SSS_HAVE_SE05X_AUTH_NONE) -#define SSS_HAVE_SE05X_Auth_UserID (SSS_HAVE_SE05X_AUTH_USERID) -#define SSS_HAVE_SE05X_Auth_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_AESKey (SSS_HAVE_SE05X_AUTH_AESKEY) -#define SSS_HAVE_SE05X_Auth_ECKey (SSS_HAVE_SE05X_AUTH_ECKEY) -#define SSS_HAVE_SE05X_Auth_UserID_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_AESKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_ECKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) - -/* # CMake Features : END */ - -/* ========= Miscellaneous values : START =================== */ - -/* ECC Mode is available */ -#define SSS_HAVE_ECC 1 - -/* RSA is available */ -#define SSS_HAVE_RSA 1 - -/* TPM BARRETO_NAEHRIG Curve is enabled */ -#define SSS_HAVE_TPM_BN 1 - -/* Edwards Curve is enabled */ -#define SSS_HAVE_EC_ED 1 - -/* Montgomery Curve is enabled */ -#define SSS_HAVE_EC_MONT 1 - -/* MIFARE DESFire is enabled */ -#define SSS_HAVE_MIFARE_DESFIRE 1 - -/* PBKDF2 is enabled */ -#define SSS_HAVE_PBKDF2 1 - -/* TLS handshake support on SE is enabled */ -#define SSS_HAVE_TLS_HANDSHAKE 1 - -/* Import Export Key is enabled */ -#define SSS_HAVE_IMPORT 1 - -/* With NXP NFC Reader Library */ -#define SSS_HAVE_NXPNFCRDLIB 0 - -#define SSS_HAVE_A71XX \ - (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CH_SIM) - -#define SSS_HAVE_SSCP (SSS_HAVE_A71XX) - -/* For backwards compatibility */ -#define SSS_HAVE_TESTCOUNTERPART (SSSFTR_SW_TESTCOUNTERPART) - -/* ========= Miscellaneous values : END ===================== */ - -/* ========= Calculated values : START ====================== */ - -/* Should we expose, SSS APIs */ -#define SSS_HAVE_SSS ( 0 \ - + SSS_HAVE_SSCP \ - + SSS_HAVE_APPLET_SE05X_IOT \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_USER \ - ) - -/* MBEDCRYPTO is superset of MBEDTLS and exposing that way */ -#if SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO -# undef SSS_HAVE_MBEDTLS -# undef SSS_HAVE_HOSTCRYPTO_MBEDTLS - -# define SSS_HAVE_MBEDTLS 1 -# define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 -#endif // SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO - -#if SSS_HAVE_HOSTCRYPTO_NONE -# undef SSSFTR_SE05X_AuthSession -# define SSSFTR_SE05X_AuthSession 0 -#endif - -/* Montgomery curves is not supported in SE05X_A*/ -#if SSS_HAVE_APPLET_SE05X_A -# undef SSS_HAVE_EC_MONT -# define SSS_HAVE_EC_MONT 0 -/* ED is not supported in SE050_A */ -#if SSS_HAVE_SE05X_VER_03_XX -# undef SSS_HAVE_EC_ED -# define SSS_HAVE_EC_ED 0 -#endif -#endif - -#if SSS_HAVE_RSA -# define SSS_HAVE_RSA_4K 1 -#endif - -#if SSS_HAVE_ECC -# define SSS_HAVE_EC_NIST_192 1 -# define SSS_HAVE_EC_NIST_224 1 -# define SSS_HAVE_EC_NIST_256 1 -# define SSS_HAVE_EC_NIST_384 1 -# define SSS_HAVE_EC_NIST_521 1 -# define SSS_HAVE_EC_BP 1 -# define SSS_HAVE_EC_NIST_K 1 -# define SSS_HAVE_ECDAA 1 -# define SSS_HAVE_EDDSA 1 -#if SSS_HAVE_APPLET_SE05X_A -# undef SSS_HAVE_ECDAA -# undef SSS_HAVE_EDDSA -# define SSS_HAVE_ECDAA 0 -# define SSS_HAVE_EDDSA 0 -#endif -#endif - -#if SSS_HAVE_APPLET -#define SSS_HAVE_HASH_1 1 -#define SSS_HAVE_HASH_224 1 -#define SSS_HAVE_HASH_512 1 -#endif - - -/* ========= Calculated values : END ======================== */ - -/* clang-format on */ - -#endif /* SSS_APIS_INC_FSL_SSS_FTR_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h deleted file mode 100644 index 2b9b58a1c..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/* Mapping between key id and physical key store */ - -#ifndef SSS_INC_KEYID_MAP_H_ -#define SSS_INC_KEYID_MAP_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* Physical index */ -/* clang-format off */ -#define K_INDEX_MASK (0xFFFFu << 0u) -#define K_TYPE_MASK (0xFFu << 24u) -#define K_TYPE_ECC_KP (0x01u << 24u) -#define K_TYPE_ECC_PUB (0x02u << 24u) -#define K_TYPE_AES (0x03u << 24u) -#define K_TYPE_CERT (0x04u << 24u) - -/* Key store N Count */ -#define KS_N_ECC_KEY_PAIRS 4 -#define KS_N_ECC_PUB_KEYS 3 -#define KS_N_AES_KEYS 8 -#define KS_N_CERTIFCATES 4 -#define KS_N_RSA_KEY_PAIRS 1 -#define KS_N_SYM_KEYS 1 - -/* clang-format on */ - -#define KS_N_ENTIRES_CL (0 + KS_N_RSA_KEY_PAIRS + KS_N_SYM_KEYS) - -#define KS_N_ENTIRES (0 + KS_N_ECC_KEY_PAIRS + KS_N_ECC_PUB_KEYS + KS_N_AES_KEYS + KS_N_CERTIFCATES) - -#define KEYSTORE_MAGIC (0xA71C401L) -#define KEYSTORE_VERSION (0x0004) -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* Generic entry of a Key ID Mapping inside the secure element */ -typedef struct -{ - /** External index */ - uint32_t extKeyId; - - /* Of type sss_key_part_t - * - * B0,B1,B2,B3 -> Key part and B4,B5,B6,B7 -> (No of slots taken - 1) */ - uint8_t keyPart; - uint8_t accessPermission; - uint8_t cipherType; /* Of type sss_cipher_type_t */ - /** Internal index */ - uint8_t keyIntIndex; -} keyIdAndTypeIndexLookup_t; - -typedef struct _keyStoreTable_t -{ - /** Fixed - Unique 32bit magic number. - * - * In case some one over-writes we can know. */ - uint32_t magic; - /** Fixed - constant based on version number */ - uint16_t version; - /** - * maxEntries Fixed - constant in the Layout. Should be equal to - * KS_N_ENTIRES This will help in porting between A71CH with less memory and - * SE050 with more memory - */ - uint16_t maxEntries; - /** Dynamic entries */ - keyIdAndTypeIndexLookup_t *entries; -} keyStoreTable_t; - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** - * Initialize the File allocation table entry - * - * @param keystore_shadow Shadow structure (to be persisted later to EEPROM or - * File System) - * @param lookup_entires Mapping table - * @param max_entries Maximum entries that the Key Store can have - */ -void ks_common_init_fat( - keyStoreTable_t *keystore_shadow, keyIdAndTypeIndexLookup_t *lookup_entires, size_t max_entries); - -/** - * Update the File Allocation Table for the key. - * - * @param[out] keystore_shadow - * @param[in] sss_key The key object. - * @param[in] intIndex internal index. - * @param extId External 32bit id of the key - * @param object_type Type of the object - * @param intIndex Internal index of the key. - * @param accessPermission Access (Read/write/etc.) - * - * @note accessPermission is not used for A71CH - * - * @return Fail if not able to add the entry. - - */ -sss_status_t ks_common_update_fat(keyStoreTable_t *keystore_shadow, - uint32_t extId, - sss_key_part_t object_part, - sss_cipher_type_t cipher_type, - uint8_t intIndex, - uint32_t accessPermission, - uint16_t keyLen); - -/** - * check if the internal slot is availble for the key type. - * - * @param[in] keystore_shadow - * @param[in] object_type type of key Object - * @param[out] next_free_index avialable internal index for a particular key - * type - * - * @return Fail if internal index is not available. - */ -sss_status_t ks_common_check_available_int_index(keyStoreTable_t *keystore_shadow, - uint8_t object_type, - uint8_t cipher_type, - uint16_t *next_free_index, - uint16_t keyLen); - -sss_status_t ks_common_extId_to_int_index(keyStoreTable_t *keystore_shadow, uint32_t extId, uint16_t *intIndex); -/** - * check if the key store is valid. - * - * @param[in] keystore_shadow The shadow of keystore - * @param[out] status - * - * @return Fail if key store is not valid - */ -sss_status_t isValidKeyStoreShadow(keyStoreTable_t *keystore_shadow); -/** -* check if the internal slot is availble for the key type. -* -* @param[in] keystore_shadow -* @param[in] keyId key id for getting key object -* @param[out] keyType type of keyobject retrieved from keyId* type -* -* @return Fail if keyId not found -*/ -sss_status_t ks_common_get_keyType_from_keyid( - keyStoreTable_t *keystore_shadow, uint32_t keyId, uint32_t *keyType, uint32_t *cipherType); -/** - * remove entry from shadow keystore. - * - * @param[in] keystore_shadow - * @param[in] extId key id for getting key object - * - * @return Fail if keyId not found - */ -sss_status_t ks_common_remove_fat(keyStoreTable_t *keystore_shadow, uint32_t extId); - -void ks_sw_fat_remove(const char *szRootPath); -void ks_sw_fat_free(keyStoreTable_t *keystore_shadow); -void ks_sw_fat_allocate(keyStoreTable_t **keystore_shadow); -void ks_sw_getKeyFileName( - char *const file_name, const size_t size, const sss_object_t *sss_key, const char *root_folder); -sss_status_t ks_sw_fat_load(const char *szRootPath, keyStoreTable_t *pKeystore_shadow); - -#endif /* SSS_INC_KEYID_MAP_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h deleted file mode 100644 index d9e1a05f4..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef __FSL_SSS_LPC55S_APIS_H__ -#define __FSL_SSS_LPC55S_APIS_H__ - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if defined(SECURE_WORLD) -#if SSS_HAVE_HOSTCRYPTO_MBEDTLS -#include -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_lpc55s_impl_session_open(sss_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_close - * - */ -void sss_lpc55s_impl_session_close(sss_session_t *session); - -/** - * @addtogroup sss_lpc55s_impl_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_lpc55s_impl_mac_context_init( - sss_mac_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_lpc55s_impl_mac_one_go( - sss_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_lpc55s_impl_mac_context_free(sss_mac_t *context); - -/** Re-define sss_host_session_open to be redirected - * from HashCrypt session open - */ -#ifdef sss_host_session_open -#undef sss_host_session_open -#define sss_host_session_open(session, subsystem, application_id, connection_type, connectionData) \ - sss_lpc55s_impl_session_open((session), (subsystem), (application_id), (connection_type), (connectionData)) -#endif - -/** Re-define sss_host_session_close to be redirected - * from HashCrypt session open - */ -#ifdef sss_host_session_close -#undef sss_host_session_close -#define sss_host_session_close(session) sss_lpc55s_impl_session_close((session)) -#endif - -/** Re-define sss_host_mac_context_init to be redirected - * from HashCrypt MAC operations - */ -#ifdef sss_host_mac_context_init -#undef sss_host_mac_context_init -#define sss_host_mac_context_init(context, session, keyObject, algorithm, mode) \ - sss_lpc55s_impl_mac_context_init((context), (session), (keyObject), (algorithm), (mode)) -#endif - -/** Re-define sss_host_mac_one_go to be redirected - * from HashCrypt MAC operations - */ -#ifdef sss_host_mac_one_go -#undef sss_host_mac_one_go -#define sss_host_mac_one_go(context, message, messageLen, mac, macLen) \ - sss_lpc55s_impl_mac_one_go((context), (message), (messageLen), (mac), (macLen)) -#endif - -/** Re-define sss_host_mac_context_free to be redirected - * from HashCrypt MAC operations - */ -#ifdef sss_host_mac_context_free -#undef sss_host_mac_context_free -#define sss_host_mac_context_free(context) sss_lpc55s_impl_mac_context_free((context)) -#endif - -/* clang-format on */ -#endif /* SSS_HAVE_HOSTCRYPTO_MBEDTLS */ -#endif /* SECURE_WORLD */ - -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* __FSL_SSS_LPC55S_APIS_H__ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h deleted file mode 100644 index d077f6308..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h +++ /dev/null @@ -1,837 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_MBEDTLS_APIS_H -#define FSL_SSS_MBEDTLS_APIS_H - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_MBEDTLS -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_mbedtls_session - * @{ - */ -/** @copydoc sss_session_create - * - */ -sss_status_t sss_mbedtls_session_create(sss_mbedtls_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_mbedtls_session_open(sss_mbedtls_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_mbedtls_session_prop_get_u32(sss_mbedtls_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_mbedtls_session_prop_get_au8( - sss_mbedtls_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_mbedtls_session_close(sss_mbedtls_session_t *session); - -/** @copydoc sss_session_delete - * - */ -void sss_mbedtls_session_delete(sss_mbedtls_session_t *session); - -/*! @} */ /* end of : sss_mbedtls_session */ - -/** - * @addtogroup sss_mbedtls_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_mbedtls_key_object_init(sss_mbedtls_object_t *keyObject, sss_mbedtls_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - */ -sss_status_t sss_mbedtls_key_object_allocate_handle(sss_mbedtls_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - */ -sss_status_t sss_mbedtls_key_object_get_handle(sss_mbedtls_object_t *keyObject, uint32_t keyId); - -/** @copydoc sss_key_object_set_user - * - */ -sss_status_t sss_mbedtls_key_object_set_user(sss_mbedtls_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_mbedtls_key_object_set_purpose(sss_mbedtls_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @copydoc sss_key_object_set_access - * - */ -sss_status_t sss_mbedtls_key_object_set_access(sss_mbedtls_object_t *keyObject, uint32_t access, uint32_t options); - -/** @copydoc sss_key_object_set_eccgfp_group - * - */ -sss_status_t sss_mbedtls_key_object_set_eccgfp_group(sss_mbedtls_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @copydoc sss_key_object_get_user - * - */ -sss_status_t sss_mbedtls_key_object_get_user(sss_mbedtls_object_t *keyObject, uint32_t *user); - -/** @copydoc sss_key_object_get_purpose - * - */ -sss_status_t sss_mbedtls_key_object_get_purpose(sss_mbedtls_object_t *keyObject, sss_mode_t *purpose); - -/** @copydoc sss_key_object_get_access - * - */ -sss_status_t sss_mbedtls_key_object_get_access(sss_mbedtls_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - */ -void sss_mbedtls_key_object_free(sss_mbedtls_object_t *keyObject); - -/*! @} */ /* end of : sss_mbedtls_keyobj */ - -/** - * @addtogroup sss_mbedtls_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_mbedtls_derive_key_context_init(sss_mbedtls_derive_key_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_mbedtls_derive_key_go(sss_mbedtls_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_mbedtls_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_one_go -* -*/ -sss_status_t sss_mbedtls_derive_key_one_go(sss_mbedtls_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_mbedtls_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_sobj_one_go -* -*/ -sss_status_t sss_mbedtls_derive_key_sobj_one_go(sss_mbedtls_derive_key_t *context, - sss_mbedtls_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_mbedtls_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_mbedtls_derive_key_dh(sss_mbedtls_derive_key_t *context, - sss_mbedtls_object_t *otherPartyKeyObject, - sss_mbedtls_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_mbedtls_derive_key_context_free(sss_mbedtls_derive_key_t *context); - -/*! @} */ /* end of : sss_mbedtls_keyderive */ - -/** - * @addtogroup sss_mbedtls_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_mbedtls_key_store_context_init(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_session_t *session); - -/** @copydoc sss_key_store_allocate - * - */ -sss_status_t sss_mbedtls_key_store_allocate(sss_mbedtls_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - */ -sss_status_t sss_mbedtls_key_store_save(sss_mbedtls_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - */ -sss_status_t sss_mbedtls_key_store_load(sss_mbedtls_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_mbedtls_key_store_set_key(sss_mbedtls_key_store_t *keyStore, - sss_mbedtls_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_mbedtls_key_store_generate_key( - sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_mbedtls_key_store_get_key(sss_mbedtls_key_store_t *keyStore, - sss_mbedtls_object_t *keyObject, - uint8_t *data, - size_t *dataLen, - size_t *pKeyBitLen); - -/** @copydoc sss_key_store_open_key - * - */ -sss_status_t sss_mbedtls_key_store_open_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); - -/** @copydoc sss_key_store_freeze_key - * - */ -sss_status_t sss_mbedtls_key_store_freeze_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_mbedtls_key_store_erase_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_mbedtls_key_store_context_free(sss_mbedtls_key_store_t *keyStore); - -/*! @} */ /* end of : sss_mbedtls_keystore */ - -/** - * @addtogroup sss_mbedtls_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_mbedtls_asymmetric_context_init(sss_mbedtls_asymmetric_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_mbedtls_asymmetric_encrypt( - sss_mbedtls_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_mbedtls_asymmetric_decrypt( - sss_mbedtls_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_mbedtls_asymmetric_sign_digest( - sss_mbedtls_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_mbedtls_asymmetric_verify_digest( - sss_mbedtls_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_mbedtls_asymmetric_context_free(sss_mbedtls_asymmetric_t *context); - -/*! @} */ /* end of : sss_mbedtls_asym */ - -/** - * @addtogroup sss_mbedtls_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_mbedtls_symmetric_context_init(sss_mbedtls_symmetric_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_mbedtls_cipher_one_go(sss_mbedtls_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_mbedtls_cipher_init(sss_mbedtls_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_mbedtls_cipher_update( - sss_mbedtls_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_mbedtls_cipher_finish( - sss_mbedtls_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_mbedtls_cipher_crypt_ctr(sss_mbedtls_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_mbedtls_symmetric_context_free(sss_mbedtls_symmetric_t *context); - -/*! @} */ /* end of : sss_mbedtls_symm */ - -/** - * @addtogroup sss_mbedtls_aead - * @{ - */ -/** @copydoc sss_aead_context_init - * - */ -sss_status_t sss_mbedtls_aead_context_init(sss_mbedtls_aead_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_aead_one_go - * - */ -sss_status_t sss_mbedtls_aead_one_go(sss_mbedtls_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_init - * - */ -sss_status_t sss_mbedtls_aead_init( - sss_mbedtls_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @copydoc sss_aead_update_aad - * - */ -sss_status_t sss_mbedtls_aead_update_aad(sss_mbedtls_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @copydoc sss_aead_update - * - */ -sss_status_t sss_mbedtls_aead_update( - sss_mbedtls_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_aead_finish - * - */ -sss_status_t sss_mbedtls_aead_finish(sss_mbedtls_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_context_free - * - */ -void sss_mbedtls_aead_context_free(sss_mbedtls_aead_t *context); - -/*! @} */ /* end of : sss_mbedtls_aead */ - -/** - * @addtogroup sss_mbedtls_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_mbedtls_mac_context_init(sss_mbedtls_mac_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_mbedtls_mac_one_go( - sss_mbedtls_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_mbedtls_mac_init(sss_mbedtls_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_mbedtls_mac_update(sss_mbedtls_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_mbedtls_mac_finish(sss_mbedtls_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_mbedtls_mac_context_free(sss_mbedtls_mac_t *context); - -/*! @} */ /* end of : sss_mbedtls_mac */ - -/** - * @addtogroup sss_mbedtls_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_mbedtls_digest_context_init( - sss_mbedtls_digest_t *context, sss_mbedtls_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_mbedtls_digest_one_go( - sss_mbedtls_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_mbedtls_digest_init(sss_mbedtls_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_mbedtls_digest_update(sss_mbedtls_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_mbedtls_digest_finish(sss_mbedtls_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_mbedtls_digest_context_free(sss_mbedtls_digest_t *context); - -/*! @} */ /* end of : sss_mbedtls_md */ - -/** - * @addtogroup sss_mbedtls_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_mbedtls_rng_context_init(sss_mbedtls_rng_context_t *context, sss_mbedtls_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_mbedtls_rng_get_random(sss_mbedtls_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_mbedtls_rng_context_free(sss_mbedtls_rng_context_t *context); - -/*! @} */ /* end of : sss_mbedtls_rng */ - -/* clang-format off */ -# if (SSS_HAVE_SSS == 1) - /* Direct Call : session */ -# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_mbedtls_session_create(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_mbedtls_session_open(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_prop_get_u32(session,property,pValue) \ - sss_mbedtls_session_prop_get_u32(((sss_mbedtls_session_t * ) session),(property),(pValue)) -# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_mbedtls_session_prop_get_au8(((sss_mbedtls_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_session_close(session) \ - sss_mbedtls_session_close(((sss_mbedtls_session_t * ) session)) -# define sss_session_delete(session) \ - sss_mbedtls_session_delete(((sss_mbedtls_session_t * ) session)) - /* Direct Call : keyobj */ -# define sss_key_object_init(keyObject,keyStore) \ - sss_mbedtls_key_object_init(((sss_mbedtls_object_t * ) keyObject),((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_mbedtls_key_object_allocate_handle(((sss_mbedtls_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_key_object_get_handle(keyObject,keyId) \ - sss_mbedtls_key_object_get_handle(((sss_mbedtls_object_t * ) keyObject),(keyId)) -# define sss_key_object_set_user(keyObject,user,options) \ - sss_mbedtls_key_object_set_user(((sss_mbedtls_object_t * ) keyObject),(user),(options)) -# define sss_key_object_set_purpose(keyObject,purpose,options) \ - sss_mbedtls_key_object_set_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose),(options)) -# define sss_key_object_set_access(keyObject,access,options) \ - sss_mbedtls_key_object_set_access(((sss_mbedtls_object_t * ) keyObject),(access),(options)) -# define sss_key_object_set_eccgfp_group(keyObject,group) \ - sss_mbedtls_key_object_set_eccgfp_group(((sss_mbedtls_object_t * ) keyObject),(group)) -# define sss_key_object_get_user(keyObject,user) \ - sss_mbedtls_key_object_get_user(((sss_mbedtls_object_t * ) keyObject),(user)) -# define sss_key_object_get_purpose(keyObject,purpose) \ - sss_mbedtls_key_object_get_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose)) -# define sss_key_object_get_access(keyObject,access) \ - sss_mbedtls_key_object_get_access(((sss_mbedtls_object_t * ) keyObject),(access)) -# define sss_key_object_free(keyObject) \ - sss_mbedtls_key_object_free(((sss_mbedtls_object_t * ) keyObject)) - /* Direct Call : keyderive */ -# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_derive_key_context_init(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_mbedtls_derive_key_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_derive_key_one_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_mbedtls_derive_key_one_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_derive_key_sobj_one_go(context,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_mbedtls_derive_key_sobj_one_go(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * )saltKeyObject),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_mbedtls_derive_key_dh(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * ) otherPartyKeyObject),((sss_mbedtls_object_t * ) derivedKeyObject)) -# define sss_derive_key_context_free(context) \ - sss_mbedtls_derive_key_context_free(((sss_mbedtls_derive_key_t * ) context)) - /* Direct Call : keystore */ -# define sss_key_store_context_init(keyStore,session) \ - sss_mbedtls_key_store_context_init(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_session_t * ) session)) -# define sss_key_store_allocate(keyStore,keyStoreId) \ - sss_mbedtls_key_store_allocate(((sss_mbedtls_key_store_t * ) keyStore),(keyStoreId)) -# define sss_key_store_save(keyStore) \ - sss_mbedtls_key_store_save(((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_key_store_load(keyStore) \ - sss_mbedtls_key_store_load(((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_mbedtls_key_store_set_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_mbedtls_key_store_generate_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_mbedtls_key_store_get_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_key_store_open_key(keyStore,keyObject) \ - sss_mbedtls_key_store_open_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_key_store_freeze_key(keyStore,keyObject) \ - sss_mbedtls_key_store_freeze_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_key_store_erase_key(keyStore,keyObject) \ - sss_mbedtls_key_store_erase_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_key_store_context_free(keyStore) \ - sss_mbedtls_key_store_context_free(((sss_mbedtls_key_store_t * ) keyStore)) - /* Direct Call : asym */ -# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_asymmetric_context_init(((sss_mbedtls_asymmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_asymmetric_encrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_asymmetric_decrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_mbedtls_asymmetric_sign_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_mbedtls_asymmetric_verify_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_context_free(context) \ - sss_mbedtls_asymmetric_context_free(((sss_mbedtls_asymmetric_t * ) context)) - /* Direct Call : symm */ -# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_symmetric_context_init(((sss_mbedtls_symmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_mbedtls_cipher_one_go(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_cipher_init(context,iv,ivLen) \ - sss_mbedtls_cipher_init(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen)) -# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_cipher_update(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_cipher_finish(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_mbedtls_cipher_crypt_ctr(((sss_mbedtls_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_symmetric_context_free(context) \ - sss_mbedtls_symmetric_context_free(((sss_mbedtls_symmetric_t * ) context)) - /* Direct Call : aead */ -# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_aead_context_init(((sss_mbedtls_aead_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_mbedtls_aead_one_go(((sss_mbedtls_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_mbedtls_aead_init(((sss_mbedtls_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_aead_update_aad(context,aadData,aadDataLen) \ - sss_mbedtls_aead_update_aad(((sss_mbedtls_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_aead_update(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_mbedtls_aead_finish(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_aead_context_free(context) \ - sss_mbedtls_aead_context_free(((sss_mbedtls_aead_t * ) context)) - /* Direct Call : mac */ -# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_mac_context_init(((sss_mbedtls_mac_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_mbedtls_mac_one_go(((sss_mbedtls_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_mac_init(context) \ - sss_mbedtls_mac_init(((sss_mbedtls_mac_t * ) context)) -# define sss_mac_update(context,message,messageLen) \ - sss_mbedtls_mac_update(((sss_mbedtls_mac_t * ) context),(message),(messageLen)) -# define sss_mac_finish(context,mac,macLen) \ - sss_mbedtls_mac_finish(((sss_mbedtls_mac_t * ) context),(mac),(macLen)) -# define sss_mac_context_free(context) \ - sss_mbedtls_mac_context_free(((sss_mbedtls_mac_t * ) context)) - /* Direct Call : md */ -# define sss_digest_context_init(context,session,algorithm,mode) \ - sss_mbedtls_digest_context_init(((sss_mbedtls_digest_t * ) context),((sss_mbedtls_session_t * ) session),(algorithm),(mode)) -# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_mbedtls_digest_one_go(((sss_mbedtls_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_digest_init(context) \ - sss_mbedtls_digest_init(((sss_mbedtls_digest_t * ) context)) -# define sss_digest_update(context,message,messageLen) \ - sss_mbedtls_digest_update(((sss_mbedtls_digest_t * ) context),(message),(messageLen)) -# define sss_digest_finish(context,digest,digestLen) \ - sss_mbedtls_digest_finish(((sss_mbedtls_digest_t * ) context),(digest),(digestLen)) -# define sss_digest_context_free(context) \ - sss_mbedtls_digest_context_free(((sss_mbedtls_digest_t * ) context)) - /* Direct Call : rng */ -# define sss_rng_context_init(context,session) \ - sss_mbedtls_rng_context_init(((sss_mbedtls_rng_context_t * ) context),((sss_mbedtls_session_t * ) session)) -# define sss_rng_get_random(context,random_data,dataLen) \ - sss_mbedtls_rng_get_random(((sss_mbedtls_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_rng_context_free(context) \ - sss_mbedtls_rng_context_free(((sss_mbedtls_rng_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -# if (SSS_HAVE_OPENSSL == 0) - /* Host Call : session */ -# define sss_host_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_mbedtls_session_create(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_host_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_mbedtls_session_open(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_host_session_prop_get_u32(session,property,pValue) \ - sss_mbedtls_session_prop_get_u32(((sss_mbedtls_session_t * ) session),(property),(pValue)) -# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_mbedtls_session_prop_get_au8(((sss_mbedtls_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_host_session_close(session) \ - sss_mbedtls_session_close(((sss_mbedtls_session_t * ) session)) -# define sss_host_session_delete(session) \ - sss_mbedtls_session_delete(((sss_mbedtls_session_t * ) session)) - /* Host Call : keyobj */ -# define sss_host_key_object_init(keyObject,keyStore) \ - sss_mbedtls_key_object_init(((sss_mbedtls_object_t * ) keyObject),((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_mbedtls_key_object_allocate_handle(((sss_mbedtls_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_host_key_object_get_handle(keyObject,keyId) \ - sss_mbedtls_key_object_get_handle(((sss_mbedtls_object_t * ) keyObject),(keyId)) -# define sss_host_key_object_set_user(keyObject,user,options) \ - sss_mbedtls_key_object_set_user(((sss_mbedtls_object_t * ) keyObject),(user),(options)) -# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ - sss_mbedtls_key_object_set_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose),(options)) -# define sss_host_key_object_set_access(keyObject,access,options) \ - sss_mbedtls_key_object_set_access(((sss_mbedtls_object_t * ) keyObject),(access),(options)) -# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ - sss_mbedtls_key_object_set_eccgfp_group(((sss_mbedtls_object_t * ) keyObject),(group)) -# define sss_host_key_object_get_user(keyObject,user) \ - sss_mbedtls_key_object_get_user(((sss_mbedtls_object_t * ) keyObject),(user)) -# define sss_host_key_object_get_purpose(keyObject,purpose) \ - sss_mbedtls_key_object_get_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose)) -# define sss_host_key_object_get_access(keyObject,access) \ - sss_mbedtls_key_object_get_access(((sss_mbedtls_object_t * ) keyObject),(access)) -# define sss_host_key_object_free(keyObject) \ - sss_mbedtls_key_object_free(((sss_mbedtls_object_t * ) keyObject)) - /* Host Call : keyderive */ -# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_derive_key_context_init(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_mbedtls_derive_key_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_mbedtls_derive_key_dh(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * ) otherPartyKeyObject),((sss_mbedtls_object_t * ) derivedKeyObject)) -# define sss_host_derive_key_context_free(context) \ - sss_mbedtls_derive_key_context_free(((sss_mbedtls_derive_key_t * ) context)) - /* Host Call : keystore */ -# define sss_host_key_store_context_init(keyStore,session) \ - sss_mbedtls_key_store_context_init(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_session_t * ) session)) -# define sss_host_key_store_allocate(keyStore,keyStoreId) \ - sss_mbedtls_key_store_allocate(((sss_mbedtls_key_store_t * ) keyStore),(keyStoreId)) -# define sss_host_key_store_save(keyStore) \ - sss_mbedtls_key_store_save(((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_host_key_store_load(keyStore) \ - sss_mbedtls_key_store_load(((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_mbedtls_key_store_set_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_mbedtls_key_store_generate_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_mbedtls_key_store_get_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_host_key_store_open_key(keyStore,keyObject) \ - sss_mbedtls_key_store_open_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_host_key_store_freeze_key(keyStore,keyObject) \ - sss_mbedtls_key_store_freeze_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_host_key_store_erase_key(keyStore,keyObject) \ - sss_mbedtls_key_store_erase_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_host_key_store_context_free(keyStore) \ - sss_mbedtls_key_store_context_free(((sss_mbedtls_key_store_t * ) keyStore)) - /* Host Call : asym */ -# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_asymmetric_context_init(((sss_mbedtls_asymmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_asymmetric_encrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_asymmetric_decrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_mbedtls_asymmetric_sign_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_mbedtls_asymmetric_verify_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_context_free(context) \ - sss_mbedtls_asymmetric_context_free(((sss_mbedtls_asymmetric_t * ) context)) - /* Host Call : symm */ -# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_symmetric_context_init(((sss_mbedtls_symmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_mbedtls_cipher_one_go(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_host_cipher_init(context,iv,ivLen) \ - sss_mbedtls_cipher_init(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen)) -# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_cipher_update(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_cipher_finish(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_mbedtls_cipher_crypt_ctr(((sss_mbedtls_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_host_symmetric_context_free(context) \ - sss_mbedtls_symmetric_context_free(((sss_mbedtls_symmetric_t * ) context)) - /* Host Call : aead */ -# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_aead_context_init(((sss_mbedtls_aead_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_mbedtls_aead_one_go(((sss_mbedtls_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_mbedtls_aead_init(((sss_mbedtls_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ - sss_mbedtls_aead_update_aad(((sss_mbedtls_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_aead_update(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_mbedtls_aead_finish(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_host_aead_context_free(context) \ - sss_mbedtls_aead_context_free(((sss_mbedtls_aead_t * ) context)) - /* Host Call : mac */ -# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_mac_context_init(((sss_mbedtls_mac_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_mbedtls_mac_one_go(((sss_mbedtls_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_host_mac_init(context) \ - sss_mbedtls_mac_init(((sss_mbedtls_mac_t * ) context)) -# define sss_host_mac_update(context,message,messageLen) \ - sss_mbedtls_mac_update(((sss_mbedtls_mac_t * ) context),(message),(messageLen)) -# define sss_host_mac_finish(context,mac,macLen) \ - sss_mbedtls_mac_finish(((sss_mbedtls_mac_t * ) context),(mac),(macLen)) -# define sss_host_mac_context_free(context) \ - sss_mbedtls_mac_context_free(((sss_mbedtls_mac_t * ) context)) - /* Host Call : md */ -# define sss_host_digest_context_init(context,session,algorithm,mode) \ - sss_mbedtls_digest_context_init(((sss_mbedtls_digest_t * ) context),((sss_mbedtls_session_t * ) session),(algorithm),(mode)) -# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_mbedtls_digest_one_go(((sss_mbedtls_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_host_digest_init(context) \ - sss_mbedtls_digest_init(((sss_mbedtls_digest_t * ) context)) -# define sss_host_digest_update(context,message,messageLen) \ - sss_mbedtls_digest_update(((sss_mbedtls_digest_t * ) context),(message),(messageLen)) -# define sss_host_digest_finish(context,digest,digestLen) \ - sss_mbedtls_digest_finish(((sss_mbedtls_digest_t * ) context),(digest),(digestLen)) -# define sss_host_digest_context_free(context) \ - sss_mbedtls_digest_context_free(((sss_mbedtls_digest_t * ) context)) - /* Host Call : rng */ -# define sss_host_rng_context_init(context,session) \ - sss_mbedtls_rng_context_init(((sss_mbedtls_rng_context_t * ) context),((sss_mbedtls_session_t * ) session)) -# define sss_host_rng_get_random(context,random_data,dataLen) \ - sss_mbedtls_rng_get_random(((sss_mbedtls_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_host_rng_context_free(context) \ - sss_mbedtls_rng_context_free(((sss_mbedtls_rng_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -/* clang-format on */ -#endif /* SSS_HAVE_MBEDTLS */ -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* FSL_SSS_MBEDTLS_APIS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h deleted file mode 100644 index 1d090753a..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h +++ /dev/null @@ -1,253 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ -#define SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_MBEDTLS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - -/** - * @addtogroup sss_sw_mbedtls - * @{ - */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#define SSS_SUBSYSTEM_TYPE_IS_MBEDTLS(subsystem) (subsystem == kType_SSS_mbedTLS) - -#define SSS_SESSION_TYPE_IS_MBEDTLS(session) (session && SSS_SUBSYSTEM_TYPE_IS_MBEDTLS(session->subsystem)) - -#define SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore) (keyStore && SSS_SESSION_TYPE_IS_MBEDTLS(keyStore->session)) - -#define SSS_OBJECT_TYPE_IS_MBEDTLS(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_MBEDTLS(pObject->keyStore)) - -#define SSS_ASYMMETRIC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_DERIVE_KEY_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_MAC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_RNG_CONTEXT_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_DIGEST_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_AEAD_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -struct _sss_mbedtls_session; - -typedef struct _sss_mbedtls_session -{ - /*! Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - - mbedtls_entropy_context *entropy; - mbedtls_ctr_drbg_context *ctr_drbg; - -#ifdef MBEDTLS_FS_IO - /* Root Path for persitant key store */ - const char *szRootPath; -#endif -} sss_mbedtls_session_t; - -struct _sss_mbedtls_object; - -typedef struct _sss_mbedtls_key_store -{ - sss_mbedtls_session_t *session; - -#ifdef MBEDTLS_FS_IO - /*! Implementation specific part */ - struct _sss_mbedtls_object **objects; - uint32_t max_object_count; - - keyStoreTable_t *keystore_shadow; -#endif -} sss_mbedtls_key_store_t; - -typedef struct _sss_mbedtls_object -{ - /*! key store holding the data and other properties */ - sss_mbedtls_key_store_t *keyStore; - /*! Object types */ - uint32_t objectType; - uint32_t cipherType; - /*! Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; - - /*! Implementation specific part */ - /** Contents are malloced, so must be freed */ - uint32_t contents_must_free : 1; - /** Type of key. Persistnet/trainsient @ref sss_key_object_mode_t */ - uint32_t keyMode : 3; - /** Max size allocated */ - size_t contents_max_size; - size_t contents_size; - size_t keyBitLen; - uint32_t user_id; - sss_mode_t purpose; - sss_access_permission_t accessRights; - /* malloced / referenced contents */ - void *contents; -} sss_mbedtls_object_t; - -typedef struct _sss_mbedtls_derive_key -{ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - -} sss_mbedtls_derive_key_t; - -typedef struct _sss_mbedtls_asymmetric -{ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - -} sss_mbedtls_asymmetric_t; - -typedef struct _sss_mbedtls_symmetric -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - mbedtls_cipher_context_t *cipher_ctx; - uint8_t cache_data[16]; - size_t cache_data_len; - -} sss_mbedtls_symmetric_t; - -typedef struct _sss_mbedtls_mac -{ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; /*! Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - - /*! Implementation specific part */ - mbedtls_cipher_context_t *cipher_ctx; /*For init- update -finish*/ - mbedtls_md_context_t *HmacCtx; -} sss_mbedtls_mac_t; - -typedef struct _sss_mbedtls_aead -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - - /*! Implementation specific part */ - mbedtls_gcm_context *gcm_ctx; /*!< Reference to gcm context. */ - mbedtls_ccm_context *ccm_ctx; /*!< Reference to ccm context. */ - uint8_t *pNonce; /*!< Reference to IV. */ - size_t nonceLen; /*!< Store IV len. */ - const uint8_t *pCcm_aad; /*!< Reference to AAD */ - size_t ccm_aadLen; /*!< Store AAD len. */ - uint8_t *pCcm_data; /*!< Ref to CCM data dynamic allocated.. */ - size_t ccm_dataTotalLen; /*!< Store CCM data total len. */ - size_t ccm_dataoffset; /*!< Store CCM data offset. */ - uint8_t cache_data[16]; /*!< Cache for GCM data */ - size_t cache_data_len; /*!< Store GCM Cache len*/ -} sss_mbedtls_aead_t; - -typedef struct _sss_mbedtls_digest -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_mbedtls_session_t *session; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - /*! Implementation specific part */ - mbedtls_md_context_t md_ctx; -} sss_mbedtls_digest_t; - -typedef struct -{ - sss_mbedtls_session_t *session; - -} sss_mbedtls_rng_context_t; - -#define sss_mbedtls_tunnel_t sss_tunnel_t - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -#ifdef MBEDTLS_FS_IO - -/** Store key inside persistant key store */ -sss_status_t ks_mbedtls_store_key(const sss_mbedtls_object_t *sss_key); - -sss_status_t ks_mbedtls_load_key(sss_mbedtls_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId); - -sss_status_t ks_mbedtls_remove_key(const sss_mbedtls_object_t *sss_key); - -sss_status_t ks_mbedtls_fat_update(sss_mbedtls_key_store_t *keyStore); - -#endif /* MBEDTLS_FS_IO */ - -/* Low Level API Key object create */ -sss_status_t ks_mbedtls_key_object_create(sss_mbedtls_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t keyMode); - -/** @} */ - -#endif /* SSS_HAVE_MBEDTLS */ - -#endif /* SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h deleted file mode 100644 index b4e02131d..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h +++ /dev/null @@ -1,839 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_OPENSSL_APIS_H -#define FSL_SSS_OPENSSL_APIS_H - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_OPENSSL -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_openssl_session - * @{ - */ -/** @copydoc sss_session_create - * - */ -sss_status_t sss_openssl_session_create(sss_openssl_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_openssl_session_open(sss_openssl_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_openssl_session_prop_get_u32(sss_openssl_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_openssl_session_prop_get_au8( - sss_openssl_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_openssl_session_close(sss_openssl_session_t *session); - -/** @copydoc sss_session_delete - * - */ -void sss_openssl_session_delete(sss_openssl_session_t *session); - -/*! @} */ /* end of : sss_openssl_session */ - -/** - * @addtogroup sss_openssl_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_openssl_key_object_init(sss_openssl_object_t *keyObject, sss_openssl_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - */ -sss_status_t sss_openssl_key_object_allocate_handle(sss_openssl_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - */ -sss_status_t sss_openssl_key_object_get_handle(sss_openssl_object_t *keyObject, uint32_t keyId); - -/** @copydoc sss_key_object_set_user - * - */ -sss_status_t sss_openssl_key_object_set_user(sss_openssl_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_openssl_key_object_set_purpose(sss_openssl_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @copydoc sss_key_object_set_access - * - */ -sss_status_t sss_openssl_key_object_set_access(sss_openssl_object_t *keyObject, uint32_t access, uint32_t options); - -/** @copydoc sss_key_object_set_eccgfp_group - * - */ -sss_status_t sss_openssl_key_object_set_eccgfp_group(sss_openssl_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @copydoc sss_key_object_get_user - * - */ -sss_status_t sss_openssl_key_object_get_user(sss_openssl_object_t *keyObject, uint32_t *user); - -/** @copydoc sss_key_object_get_purpose - * - */ -sss_status_t sss_openssl_key_object_get_purpose(sss_openssl_object_t *keyObject, sss_mode_t *purpose); - -/** @copydoc sss_key_object_get_access - * - */ -sss_status_t sss_openssl_key_object_get_access(sss_openssl_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - */ -void sss_openssl_key_object_free(sss_openssl_object_t *keyObject); - -/*! @} */ /* end of : sss_openssl_keyobj */ - -/** - * @addtogroup sss_openssl_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_openssl_derive_key_context_init(sss_openssl_derive_key_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_one_go -* -*/ -sss_status_t sss_openssl_derive_key_one_go(sss_openssl_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_openssl_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_sobj_one_go -* -*/ -sss_status_t sss_openssl_derive_key_sobj_one_go(sss_openssl_derive_key_t *context, - sss_openssl_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_openssl_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_openssl_derive_key_go(sss_openssl_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_openssl_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_openssl_derive_key_dh(sss_openssl_derive_key_t *context, - sss_openssl_object_t *otherPartyKeyObject, - sss_openssl_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_openssl_derive_key_context_free(sss_openssl_derive_key_t *context); - -/*! @} */ /* end of : sss_openssl_keyderive */ - -/** - * @addtogroup sss_openssl_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_openssl_key_store_context_init(sss_openssl_key_store_t *keyStore, sss_openssl_session_t *session); - -/** @copydoc sss_key_store_allocate - * - */ -sss_status_t sss_openssl_key_store_allocate(sss_openssl_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - */ -sss_status_t sss_openssl_key_store_save(sss_openssl_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - */ -sss_status_t sss_openssl_key_store_load(sss_openssl_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_openssl_key_store_set_key(sss_openssl_key_store_t *keyStore, - sss_openssl_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_openssl_key_store_generate_key( - sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_openssl_key_store_get_key(sss_openssl_key_store_t *keyStore, - sss_openssl_object_t *keyObject, - uint8_t *data, - size_t *dataLen, - size_t *pKeyBitLen); - -/** @copydoc sss_key_store_open_key - * - */ -sss_status_t sss_openssl_key_store_open_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); - -/** @copydoc sss_key_store_freeze_key - * - */ -sss_status_t sss_openssl_key_store_freeze_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_openssl_key_store_erase_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_openssl_key_store_context_free(sss_openssl_key_store_t *keyStore); - -/*! @} */ /* end of : sss_openssl_keystore */ - -/** - * @addtogroup sss_openssl_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_openssl_asymmetric_context_init(sss_openssl_asymmetric_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_openssl_asymmetric_encrypt( - sss_openssl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_openssl_asymmetric_decrypt( - sss_openssl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_openssl_asymmetric_sign_digest( - sss_openssl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_openssl_asymmetric_verify_digest( - sss_openssl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_openssl_asymmetric_context_free(sss_openssl_asymmetric_t *context); - -/*! @} */ /* end of : sss_openssl_asym */ - -/** - * @addtogroup sss_openssl_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_openssl_symmetric_context_init(sss_openssl_symmetric_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_openssl_cipher_one_go(sss_openssl_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_openssl_cipher_init(sss_openssl_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_openssl_cipher_update( - sss_openssl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_openssl_cipher_finish( - sss_openssl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_openssl_cipher_crypt_ctr(sss_openssl_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_openssl_symmetric_context_free(sss_openssl_symmetric_t *context); - -/*! @} */ /* end of : sss_openssl_symm */ - -/** - * @addtogroup sss_openssl_aead - * @{ - */ -/** @copydoc sss_aead_context_init - * - */ -sss_status_t sss_openssl_aead_context_init(sss_openssl_aead_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_aead_one_go - * - */ -sss_status_t sss_openssl_aead_one_go(sss_openssl_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_init - * - */ -sss_status_t sss_openssl_aead_init( - sss_openssl_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @copydoc sss_aead_update_aad - * - */ -sss_status_t sss_openssl_aead_update_aad(sss_openssl_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @copydoc sss_aead_update - * - */ -sss_status_t sss_openssl_aead_update( - sss_openssl_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_aead_finish - * - */ -sss_status_t sss_openssl_aead_finish(sss_openssl_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_context_free - * - */ -void sss_openssl_aead_context_free(sss_openssl_aead_t *context); - -/*! @} */ /* end of : sss_openssl_aead */ - -/** - * @addtogroup sss_openssl_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_openssl_mac_context_init(sss_openssl_mac_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_openssl_mac_one_go( - sss_openssl_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_openssl_mac_init(sss_openssl_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_openssl_mac_update(sss_openssl_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_openssl_mac_finish(sss_openssl_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_openssl_mac_context_free(sss_openssl_mac_t *context); - -/*! @} */ /* end of : sss_openssl_mac */ - -/** - * @addtogroup sss_openssl_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_openssl_digest_context_init( - sss_openssl_digest_t *context, sss_openssl_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_openssl_digest_one_go( - sss_openssl_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_openssl_digest_init(sss_openssl_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_openssl_digest_update(sss_openssl_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_openssl_digest_finish(sss_openssl_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_openssl_digest_context_free(sss_openssl_digest_t *context); - -/*! @} */ /* end of : sss_openssl_md */ - -/** - * @addtogroup sss_openssl_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_openssl_rng_context_init(sss_openssl_rng_context_t *context, sss_openssl_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_openssl_rng_get_random(sss_openssl_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_openssl_rng_context_free(sss_openssl_rng_context_t *context); - -/*! @} */ /* end of : sss_openssl_rng */ - -/* clang-format off */ -# if (SSS_HAVE_SSS == 1) - /* Direct Call : session */ -# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_openssl_session_create(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_openssl_session_open(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_prop_get_u32(session,property,pValue) \ - sss_openssl_session_prop_get_u32(((sss_openssl_session_t * ) session),(property),(pValue)) -# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_openssl_session_prop_get_au8(((sss_openssl_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_session_close(session) \ - sss_openssl_session_close(((sss_openssl_session_t * ) session)) -# define sss_session_delete(session) \ - sss_openssl_session_delete(((sss_openssl_session_t * ) session)) - /* Direct Call : keyobj */ -# define sss_key_object_init(keyObject,keyStore) \ - sss_openssl_key_object_init(((sss_openssl_object_t * ) keyObject),((sss_openssl_key_store_t * ) keyStore)) -# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_openssl_key_object_allocate_handle(((sss_openssl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_key_object_get_handle(keyObject,keyId) \ - sss_openssl_key_object_get_handle(((sss_openssl_object_t * ) keyObject),(keyId)) -# define sss_key_object_set_user(keyObject,user,options) \ - sss_openssl_key_object_set_user(((sss_openssl_object_t * ) keyObject),(user),(options)) -# define sss_key_object_set_purpose(keyObject,purpose,options) \ - sss_openssl_key_object_set_purpose(((sss_openssl_object_t * ) keyObject),(purpose),(options)) -# define sss_key_object_set_access(keyObject,access,options) \ - sss_openssl_key_object_set_access(((sss_openssl_object_t * ) keyObject),(access),(options)) -# define sss_key_object_set_eccgfp_group(keyObject,group) \ - sss_openssl_key_object_set_eccgfp_group(((sss_openssl_object_t * ) keyObject),(group)) -# define sss_key_object_get_user(keyObject,user) \ - sss_openssl_key_object_get_user(((sss_openssl_object_t * ) keyObject),(user)) -# define sss_key_object_get_purpose(keyObject,purpose) \ - sss_openssl_key_object_get_purpose(((sss_openssl_object_t * ) keyObject),(purpose)) -# define sss_key_object_get_access(keyObject,access) \ - sss_openssl_key_object_get_access(((sss_openssl_object_t * ) keyObject),(access)) -# define sss_key_object_free(keyObject) \ - sss_openssl_key_object_free(((sss_openssl_object_t * ) keyObject)) - /* Direct Call : keyderive */ -# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_derive_key_context_init(((sss_openssl_derive_key_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_derive_key_one_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_openssl_derive_key_one_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_derive_key_sobj_one_go(context,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_openssl_derive_key_sobj_one_go(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t *)saltKeyObject),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_openssl_derive_key_dh(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t * ) otherPartyKeyObject),((sss_openssl_object_t * ) derivedKeyObject)) -# define sss_derive_key_context_free(context) \ - sss_openssl_derive_key_context_free(((sss_openssl_derive_key_t * ) context)) - /* Direct Call : keystore */ -# define sss_key_store_context_init(keyStore,session) \ - sss_openssl_key_store_context_init(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_session_t * ) session)) -# define sss_key_store_allocate(keyStore,keyStoreId) \ - sss_openssl_key_store_allocate(((sss_openssl_key_store_t * ) keyStore),(keyStoreId)) -# define sss_key_store_save(keyStore) \ - sss_openssl_key_store_save(((sss_openssl_key_store_t * ) keyStore)) -# define sss_key_store_load(keyStore) \ - sss_openssl_key_store_load(((sss_openssl_key_store_t * ) keyStore)) -# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_openssl_key_store_set_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_openssl_key_store_generate_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_openssl_key_store_get_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_key_store_open_key(keyStore,keyObject) \ - sss_openssl_key_store_open_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_key_store_freeze_key(keyStore,keyObject) \ - sss_openssl_key_store_freeze_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_key_store_erase_key(keyStore,keyObject) \ - sss_openssl_key_store_erase_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_key_store_context_free(keyStore) \ - sss_openssl_key_store_context_free(((sss_openssl_key_store_t * ) keyStore)) - /* Direct Call : asym */ -# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_asymmetric_context_init(((sss_openssl_asymmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_openssl_asymmetric_encrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_openssl_asymmetric_decrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_openssl_asymmetric_sign_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_openssl_asymmetric_verify_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_context_free(context) \ - sss_openssl_asymmetric_context_free(((sss_openssl_asymmetric_t * ) context)) - /* Direct Call : symm */ -# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_symmetric_context_init(((sss_openssl_symmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_openssl_cipher_one_go(((sss_openssl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_cipher_init(context,iv,ivLen) \ - sss_openssl_cipher_init(((sss_openssl_symmetric_t * ) context),(iv),(ivLen)) -# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_openssl_cipher_update(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_openssl_cipher_finish(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_openssl_cipher_crypt_ctr(((sss_openssl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_symmetric_context_free(context) \ - sss_openssl_symmetric_context_free(((sss_openssl_symmetric_t * ) context)) - /* Direct Call : aead */ -# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_aead_context_init(((sss_openssl_aead_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_openssl_aead_one_go(((sss_openssl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_openssl_aead_init(((sss_openssl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_aead_update_aad(context,aadData,aadDataLen) \ - sss_openssl_aead_update_aad(((sss_openssl_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_openssl_aead_update(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_openssl_aead_finish(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_aead_context_free(context) \ - sss_openssl_aead_context_free(((sss_openssl_aead_t * ) context)) - /* Direct Call : mac */ -# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_mac_context_init(((sss_openssl_mac_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_openssl_mac_one_go(((sss_openssl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_mac_init(context) \ - sss_openssl_mac_init(((sss_openssl_mac_t * ) context)) -# define sss_mac_update(context,message,messageLen) \ - sss_openssl_mac_update(((sss_openssl_mac_t * ) context),(message),(messageLen)) -# define sss_mac_finish(context,mac,macLen) \ - sss_openssl_mac_finish(((sss_openssl_mac_t * ) context),(mac),(macLen)) -# define sss_mac_context_free(context) \ - sss_openssl_mac_context_free(((sss_openssl_mac_t * ) context)) - /* Direct Call : md */ -# define sss_digest_context_init(context,session,algorithm,mode) \ - sss_openssl_digest_context_init(((sss_openssl_digest_t * ) context),((sss_openssl_session_t * ) session),(algorithm),(mode)) -# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_openssl_digest_one_go(((sss_openssl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_digest_init(context) \ - sss_openssl_digest_init(((sss_openssl_digest_t * ) context)) -# define sss_digest_update(context,message,messageLen) \ - sss_openssl_digest_update(((sss_openssl_digest_t * ) context),(message),(messageLen)) -# define sss_digest_finish(context,digest,digestLen) \ - sss_openssl_digest_finish(((sss_openssl_digest_t * ) context),(digest),(digestLen)) -# define sss_digest_context_free(context) \ - sss_openssl_digest_context_free(((sss_openssl_digest_t * ) context)) - /* Direct Call : rng */ -# define sss_rng_context_init(context,session) \ - sss_openssl_rng_context_init(((sss_openssl_rng_context_t * ) context),((sss_openssl_session_t * ) session)) -# define sss_rng_get_random(context,random_data,dataLen) \ - sss_openssl_rng_get_random(((sss_openssl_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_rng_context_free(context) \ - sss_openssl_rng_context_free(((sss_openssl_rng_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -# if (SSS_HAVE_MBEDTLS == 0) - /* Host Call : session */ -# define sss_host_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_openssl_session_create(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_host_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_openssl_session_open(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_host_session_prop_get_u32(session,property,pValue) \ - sss_openssl_session_prop_get_u32(((sss_openssl_session_t * ) session),(property),(pValue)) -# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_openssl_session_prop_get_au8(((sss_openssl_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_host_session_close(session) \ - sss_openssl_session_close(((sss_openssl_session_t * ) session)) -# define sss_host_session_delete(session) \ - sss_openssl_session_delete(((sss_openssl_session_t * ) session)) - /* Host Call : keyobj */ -# define sss_host_key_object_init(keyObject,keyStore) \ - sss_openssl_key_object_init(((sss_openssl_object_t * ) keyObject),((sss_openssl_key_store_t * ) keyStore)) -# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_openssl_key_object_allocate_handle(((sss_openssl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_host_key_object_get_handle(keyObject,keyId) \ - sss_openssl_key_object_get_handle(((sss_openssl_object_t * ) keyObject),(keyId)) -# define sss_host_key_object_set_user(keyObject,user,options) \ - sss_openssl_key_object_set_user(((sss_openssl_object_t * ) keyObject),(user),(options)) -# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ - sss_openssl_key_object_set_purpose(((sss_openssl_object_t * ) keyObject),(purpose),(options)) -# define sss_host_key_object_set_access(keyObject,access,options) \ - sss_openssl_key_object_set_access(((sss_openssl_object_t * ) keyObject),(access),(options)) -# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ - sss_openssl_key_object_set_eccgfp_group(((sss_openssl_object_t * ) keyObject),(group)) -# define sss_host_key_object_get_user(keyObject,user) \ - sss_openssl_key_object_get_user(((sss_openssl_object_t * ) keyObject),(user)) -# define sss_host_key_object_get_purpose(keyObject,purpose) \ - sss_openssl_key_object_get_purpose(((sss_openssl_object_t * ) keyObject),(purpose)) -# define sss_host_key_object_get_access(keyObject,access) \ - sss_openssl_key_object_get_access(((sss_openssl_object_t * ) keyObject),(access)) -# define sss_host_key_object_free(keyObject) \ - sss_openssl_key_object_free(((sss_openssl_object_t * ) keyObject)) - /* Host Call : keyderive */ -# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_derive_key_context_init(((sss_openssl_derive_key_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_derive_key_one_go(context,saltData,saltLen,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),((sss_openssl_object_t *)saltKeyObject),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_openssl_derive_key_dh(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t * ) otherPartyKeyObject),((sss_openssl_object_t * ) derivedKeyObject)) -# define sss_host_derive_key_context_free(context) \ - sss_openssl_derive_key_context_free(((sss_openssl_derive_key_t * ) context)) - /* Host Call : keystore */ -# define sss_host_key_store_context_init(keyStore,session) \ - sss_openssl_key_store_context_init(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_session_t * ) session)) -# define sss_host_key_store_allocate(keyStore,keyStoreId) \ - sss_openssl_key_store_allocate(((sss_openssl_key_store_t * ) keyStore),(keyStoreId)) -# define sss_host_key_store_save(keyStore) \ - sss_openssl_key_store_save(((sss_openssl_key_store_t * ) keyStore)) -# define sss_host_key_store_load(keyStore) \ - sss_openssl_key_store_load(((sss_openssl_key_store_t * ) keyStore)) -# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_openssl_key_store_set_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_openssl_key_store_generate_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_openssl_key_store_get_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_host_key_store_open_key(keyStore,keyObject) \ - sss_openssl_key_store_open_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_host_key_store_freeze_key(keyStore,keyObject) \ - sss_openssl_key_store_freeze_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_host_key_store_erase_key(keyStore,keyObject) \ - sss_openssl_key_store_erase_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_host_key_store_context_free(keyStore) \ - sss_openssl_key_store_context_free(((sss_openssl_key_store_t * ) keyStore)) - /* Host Call : asym */ -# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_asymmetric_context_init(((sss_openssl_asymmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_openssl_asymmetric_encrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_openssl_asymmetric_decrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_openssl_asymmetric_sign_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_openssl_asymmetric_verify_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_context_free(context) \ - sss_openssl_asymmetric_context_free(((sss_openssl_asymmetric_t * ) context)) - /* Host Call : symm */ -# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_symmetric_context_init(((sss_openssl_symmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_openssl_cipher_one_go(((sss_openssl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_host_cipher_init(context,iv,ivLen) \ - sss_openssl_cipher_init(((sss_openssl_symmetric_t * ) context),(iv),(ivLen)) -# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_openssl_cipher_update(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_openssl_cipher_finish(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_openssl_cipher_crypt_ctr(((sss_openssl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_host_symmetric_context_free(context) \ - sss_openssl_symmetric_context_free(((sss_openssl_symmetric_t * ) context)) - /* Host Call : aead */ -# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_aead_context_init(((sss_openssl_aead_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_openssl_aead_one_go(((sss_openssl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_openssl_aead_init(((sss_openssl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ - sss_openssl_aead_update_aad(((sss_openssl_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_openssl_aead_update(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_openssl_aead_finish(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_host_aead_context_free(context) \ - sss_openssl_aead_context_free(((sss_openssl_aead_t * ) context)) - /* Host Call : mac */ -# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_mac_context_init(((sss_openssl_mac_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_openssl_mac_one_go(((sss_openssl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_host_mac_init(context) \ - sss_openssl_mac_init(((sss_openssl_mac_t * ) context)) -# define sss_host_mac_update(context,message,messageLen) \ - sss_openssl_mac_update(((sss_openssl_mac_t * ) context),(message),(messageLen)) -# define sss_host_mac_finish(context,mac,macLen) \ - sss_openssl_mac_finish(((sss_openssl_mac_t * ) context),(mac),(macLen)) -# define sss_host_mac_context_free(context) \ - sss_openssl_mac_context_free(((sss_openssl_mac_t * ) context)) - /* Host Call : md */ -# define sss_host_digest_context_init(context,session,algorithm,mode) \ - sss_openssl_digest_context_init(((sss_openssl_digest_t * ) context),((sss_openssl_session_t * ) session),(algorithm),(mode)) -# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_openssl_digest_one_go(((sss_openssl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_host_digest_init(context) \ - sss_openssl_digest_init(((sss_openssl_digest_t * ) context)) -# define sss_host_digest_update(context,message,messageLen) \ - sss_openssl_digest_update(((sss_openssl_digest_t * ) context),(message),(messageLen)) -# define sss_host_digest_finish(context,digest,digestLen) \ - sss_openssl_digest_finish(((sss_openssl_digest_t * ) context),(digest),(digestLen)) -# define sss_host_digest_context_free(context) \ - sss_openssl_digest_context_free(((sss_openssl_digest_t * ) context)) - /* Host Call : rng */ -# define sss_host_rng_context_init(context,session) \ - sss_openssl_rng_context_init(((sss_openssl_rng_context_t * ) context),((sss_openssl_session_t * ) session)) -# define sss_host_rng_get_random(context,random_data,dataLen) \ - sss_openssl_rng_get_random(((sss_openssl_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_host_rng_context_free(context) \ - sss_openssl_rng_context_free(((sss_openssl_rng_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -/* clang-format on */ -#endif /* SSS_HAVE_OPENSSL */ -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* FSL_SSS_OPENSSL_APIS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h deleted file mode 100644 index f76bf5b39..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h +++ /dev/null @@ -1,239 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ -#define SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_OPENSSL - -#include -#include -#include -#include -/** - * @addtogroup sss_sw_openssl - * @{ - */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#define SSS_SUBSYSTEM_TYPE_IS_OPENSSL(subsystem) (subsystem == kType_SSS_OpenSSL) - -#define SSS_SESSION_TYPE_IS_OPENSSL(session) (session && SSS_SUBSYSTEM_TYPE_IS_OPENSSL(session->subsystem)) - -#define SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore) (keyStore && SSS_SESSION_TYPE_IS_OPENSSL(keyStore->session)) - -#define SSS_OBJECT_TYPE_IS_OPENSSL(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_OPENSSL(pObject->keyStore)) - -#define SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_SYMMETRIC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_MAC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_RNG_CONTEXT_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_DIGEST_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_AEAD_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -struct _sss_openssl_session; - -typedef struct _sss_openssl_session -{ - /*! Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - - /* Root Path for persitant key store */ - const char *szRootPath; -} sss_openssl_session_t; - -struct _sss_openssl_object; - -typedef struct _sss_openssl_key_store -{ - sss_openssl_session_t *session; - - /*! Implementation specific part */ - struct _sss_openssl_object **objects; - uint32_t max_object_count; - - keyStoreTable_t *keystore_shadow; - -} sss_openssl_key_store_t; - -typedef struct _sss_openssl_object -{ - /*! key store holding the data and other properties */ - sss_openssl_key_store_t *keyStore; - /*! Object types */ - uint32_t objectType; - uint32_t cipherType; - /*! Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; - - /*! Implementation specific part */ - /** Contents are malloced, so must be freed */ - uint32_t contents_must_free : 1; - /** Type of key. Persistnet/trainsient @ref sss_key_object_mode_t */ - uint32_t keyMode : 3; - /** Max size allocated */ - size_t contents_max_size; - size_t contents_size; - size_t keyBitLen; - uint32_t user_id; - sss_mode_t purpose; - sss_access_permission_t accessRights; - /* malloced / referenced contents */ - void *contents; -} sss_openssl_object_t; - -typedef struct _sss_openssl_derive_key -{ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - -} sss_openssl_derive_key_t; - -typedef struct _sss_openssl_asymmetric -{ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - -} sss_openssl_asymmetric_t; - -typedef struct _sss_openssl_symmetric -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - EVP_CIPHER_CTX *cipher_ctx; - uint8_t cache_data[16]; - size_t cache_data_len; -} sss_openssl_symmetric_t; - -typedef struct -{ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - CMAC_CTX *cmac_ctx; - HMAC_CTX *hmac_ctx; -} sss_openssl_mac_t; - -typedef struct _sss_openssl_aead -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - - /*! Implementation specific part */ - EVP_CIPHER_CTX *aead_ctx; /*!< Reference to aead context. */ - uint8_t cache_data[16]; /*!< Cache for GCM data */ - size_t cache_data_len; /*!< Store GCM Cache len*/ - uint8_t *pCcm_data; /*!< Ref to CCM data dynamic allocated.. */ - size_t ccm_dataTotalLen; /*!< Store CCM data total len. */ - size_t ccm_dataoffset; /*!< Store CCM data offset. */ - uint8_t *pCcm_tag; /*!< Reference to tag. */ - size_t ccm_tagLen; /*!< Store tag len. */ - const uint8_t *pCcm_aad; /*!< Reference to AAD */ - size_t ccm_aadLen; /*!< Store AAD len. */ - const uint8_t *pCcm_iv; /*!< Reference to IV. */ - size_t ccm_ivLen; /*!< Store IV len. */ -} sss_openssl_aead_t; - -typedef struct _sss_openssl_digest -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_openssl_session_t *session; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - /*! Implementation specific part */ - EVP_MD_CTX *mdctx; -} sss_openssl_digest_t; - -typedef struct -{ - sss_openssl_session_t *session; -} sss_openssl_rng_context_t; - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** Similar to @ref sss_openssl_asymmetric_sign_digest, -* -* but hashing/digest done by openssl -*/ -sss_status_t sss_openssl_asymmetric_sign( - sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t *signatureLen); - -/** Similar to @ref sss_openssl_asymmetric_verify_digest, -* but hashing/digest done by openssl -* -*/ -sss_status_t sss_openssl_asymmetric_verify( - sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen); - -/** Store key inside persistant key store */ -sss_status_t ks_openssl_store_key(const sss_openssl_object_t *sss_key); - -sss_status_t ks_openssl_load_key(sss_openssl_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId); - -sss_status_t ks_openssl_fat_update(sss_openssl_key_store_t *keyStore); - -sss_status_t ks_openssl_remove_key(const sss_openssl_object_t *sss_key); - -sss_status_t sss_openssl_key_object_allocate(sss_openssl_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t keyMode); - -/** @} */ - -#endif /* SSS_HAVE_OPENSSL */ - -#endif /* SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h deleted file mode 100644 index 5edff4859..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h +++ /dev/null @@ -1,221 +0,0 @@ -/* - * - * Copyright 2019,2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ -/** @file */ - -#ifndef _FSL_SSS_POLICY_H_ -#define _FSL_SSS_POLICY_H_ - -#if !defined(SSS_CONFIG_FILE) -#include "fsl_sss_config.h" -#else -#include SSS_CONFIG_FILE -#endif - -#include "fsl_sss_types.h" -//#include - -/** @defgroup sss_policy Policy - * - * Policies to restrict and control sessions and objects. - */ - -/** @addtogroup sss_policy - * @{ */ - -/** Type of policy */ -typedef enum -{ - /** No policy applied */ - KPolicy_None, - /** Policy related to session. @see sss_policy_session_u */ - KPolicy_Session, - /** Policy related to key. @see sss_policy_key_u */ - KPolicy_Sym_Key, - KPolicy_Asym_Key, - KPolicy_UserID, - KPolicy_File, - KPolicy_Counter, - KPolicy_PCR, - KPolicy_Common, - KPolicy_Common_PCR_Value, -} sss_policy_type_u; - -/** Policy applicable to a session */ -typedef struct -{ - /** Number of operations permitted in a session */ - uint16_t maxOperationsInSession; - /** Session can be used for this much time, in seconds */ - uint16_t maxDurationOfSession_sec; - /** Whether maxOperationsInSession is set. - * This is to ensure '0 == maxOperationsInSession' does not get set - * by middleware. */ - uint8_t has_MaxOperationsInSession : 1; - /** Whether maxOperationsInSession is set. - * This is to ensure '0 == maxDurationOfSession_sec' does not get set - * by middleware. */ - uint8_t has_MaxDurationOfSession_sec : 1; - /** Whether this session can be refreshed without losing context. - * And also reset maxDurationOfSession_sec / maxOperationsInSession */ - uint8_t allowRefresh : 1; -} sss_policy_session_u; - -/** Policies applicable to Symmetric KEY */ -typedef struct -{ - /** Allow signature generation */ - uint8_t can_Sign : 1; - /** Allow signature verification */ - uint8_t can_Verify : 1; - /** Allow encryption */ - uint8_t can_Encrypt : 1; - /** Allow decryption */ - uint8_t can_Decrypt : 1; - /** Allow key derivation */ - uint8_t can_KD : 1; - /** Allow key wrapping */ - uint8_t can_Wrap : 1; - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to (re)generate the object */ - uint8_t can_Gen : 1; - /** Allow to perform DESFire authentication */ - uint8_t can_Desfire_Auth : 1; - /** Allow to dump DESFire session keys */ - uint8_t can_Desfire_Dump : 1; - /** Allow to imported or exported */ - uint8_t can_Import_Export : 1; -#if 1 // SSS_HAVE_SE05X_VER_GTE_06_00 - /** Forbid derived output */ - uint8_t forbid_Derived_Output : 1; -#endif - /** Allow kdf(prf) external random */ - uint8_t allow_kdf_ext_rnd : 1; -} sss_policy_sym_key_u; - -/** Policies applicable to Asymmetric KEY */ -typedef struct -{ - /** Allow signature generation */ - uint8_t can_Sign : 1; - /** Allow signature verification */ - uint8_t can_Verify : 1; - /** Allow encryption */ - uint8_t can_Encrypt : 1; - /** Allow decryption */ - uint8_t can_Decrypt : 1; - /** Allow key derivation */ - uint8_t can_KD : 1; - /** Allow key wrapping */ - uint8_t can_Wrap : 1; - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to (re)generate the object */ - uint8_t can_Gen : 1; - /** Allow to imported or exported */ - uint8_t can_Import_Export : 1; - /** Allow key agreement */ - uint8_t can_KA : 1; - /** Allow to read the object */ - uint8_t can_Read : 1; - /** Allow to attest an object */ - uint8_t can_Attest : 1; -#if 1 // SSS_HAVE_SE05X_VER_GTE_06_00 - /** Forbid derived output */ - uint8_t forbid_Derived_Output : 1; -#endif -} sss_policy_asym_key_u; - -/** All policies related to secure object type File */ -typedef struct -{ - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to read the object */ - uint8_t can_Read : 1; -} sss_policy_file_u; - -/** All policies related to secure object type Counter */ -typedef struct -{ - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to read the object */ - uint8_t can_Read : 1; -} sss_policy_counter_u; - -/** All policies related to secure object type PCR */ -typedef struct -{ - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to read the object */ - uint8_t can_Read : 1; -} sss_policy_pcr_u; - -/** All policies related to secure object type UserID */ -typedef struct -{ - /** Allow to write the object */ - uint8_t can_Write : 1; -} sss_policy_userid_u; - -/** Common Policies for all object types */ -typedef struct -{ - /** Forbid all operations */ - uint8_t forbid_All : 1; - /** Allow to delete the object */ - uint8_t can_Delete : 1; - /** Require having secure messaging enabled with encryption and integrity on the command */ - uint8_t req_Sm : 1; -} sss_policy_common_u; - -/** Common PCR Value Policies for all object types */ -typedef struct -{ - /** PCR object ID */ - uint32_t pcrObjId; - /** Expected value of the PCR */ - uint8_t pcrExpectedValue[32]; -} sss_policy_common_pcr_value_u; - -/** Unique/individual policy. - * For any operation, you need array of sss_policy_u. - */ -typedef struct -{ - /** Secure Object Type */ - sss_policy_type_u type; - /** Auth ID for each Object Policy, invalid for session policy type == KPolicy_Session*/ - uint32_t auth_obj_id; - /** Union of applicable policies based on the type of object - */ - union { - sss_policy_file_u file; - sss_policy_counter_u counter; - sss_policy_pcr_u pcr; - sss_policy_sym_key_u symmkey; - sss_policy_asym_key_u asymmkey; - sss_policy_userid_u pin; - sss_policy_common_u common; - sss_policy_common_pcr_value_u common_pcr_value; - sss_policy_session_u session; - } policy; -} sss_policy_u; - -/** An array of policies @ref sss_policy_u */ -typedef struct -{ - /** Array of unique policies, this needs to be allocated based nPolicies */ - const sss_policy_u *policies[SSS_POLICY_COUNT_MAX]; - /** Number of policies */ - size_t nPolicies; -} sss_policy_t; - -/** @} */ - -#endif /* _FSL_SSS_POLICY_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h deleted file mode 100644 index b0937f8f5..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h +++ /dev/null @@ -1,781 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file */ - -#ifndef FSL_SSS_SE05X_APIS_H -#define FSL_SSS_SE05X_APIS_H - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_se05x_session - * @{ - */ -/** @copydoc sss_session_create - * - */ -sss_status_t sss_se05x_session_create(sss_se05x_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_se05x_session_open(sss_se05x_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_se05x_session_prop_get_u32(sss_se05x_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_se05x_session_prop_get_au8( - sss_se05x_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_se05x_session_close(sss_se05x_session_t *session); - -/** @copydoc sss_session_delete - * - */ -void sss_se05x_session_delete(sss_se05x_session_t *session); - -/*! @} */ /* end of : sss_se05x_session */ - -/** - * @addtogroup sss_se05x_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_se05x_key_object_init(sss_se05x_object_t *keyObject, sss_se05x_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - * On SE050, the memory get reserved only when the actual object is created and - * hence there is no memory reservation happening in this API call. but - * internally it checks if the object already exists or not . if the object is - * already existing it returns a failure. - * - */ -sss_status_t sss_se05x_key_object_allocate_handle(sss_se05x_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - * On SE05X, this API uses @ref Se05x_API_ReadType and fetches - * parameters of the API. - * - */ -sss_status_t sss_se05x_key_object_get_handle(sss_se05x_object_t *keyObject, uint32_t keyId); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_set_user(sss_se05x_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_se05x_key_object_set_purpose(sss_se05x_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_set_access(sss_se05x_object_t *keyObject, uint32_t access, uint32_t options); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_set_eccgfp_group(sss_se05x_object_t *keyObject, sss_eccgfp_group_t *group); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_get_user(sss_se05x_object_t *keyObject, uint32_t *user); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_get_purpose(sss_se05x_object_t *keyObject, sss_mode_t *purpose); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_get_access(sss_se05x_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - * On SE050, this has no impact on physical Key Object. - */ -void sss_se05x_key_object_free(sss_se05x_object_t *keyObject); - -/*! @} */ /* end of : sss_se05x_keyobj */ - -/** - * @addtogroup sss_se05x_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_se05x_derive_key_context_init(sss_se05x_derive_key_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_se05x_derive_key_go(sss_se05x_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_se05x_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_one_go - * - */ -sss_status_t sss_se05x_derive_key_one_go(sss_se05x_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_se05x_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_sobj_one_go -* -*/ -sss_status_t sss_se05x_derive_key_sobj_one_go(sss_se05x_derive_key_t *context, - sss_se05x_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_se05x_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_se05x_derive_key_dh( - sss_se05x_derive_key_t *context, sss_se05x_object_t *otherPartyKeyObject, sss_se05x_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_se05x_derive_key_context_free(sss_se05x_derive_key_t *context); - -/*! @} */ /* end of : sss_se05x_keyderive */ - -/** - * @addtogroup sss_se05x_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_se05x_key_store_context_init(sss_se05x_key_store_t *keyStore, sss_se05x_session_t *session); - -/** @copydoc sss_key_store_allocate - * - * This API does not do anything special on SE05X. - */ -sss_status_t sss_se05x_key_store_allocate(sss_se05x_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - * This API does not do anything special on SE05X. - */ -sss_status_t sss_se05x_key_store_save(sss_se05x_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - * This API does not do anything special on SE05X. - */ -sss_status_t sss_se05x_key_store_load(sss_se05x_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_se05x_key_store_set_key(sss_se05x_key_store_t *keyStore, - sss_se05x_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_se05x_key_store_generate_key( - sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_se05x_key_store_get_key( - sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); - -/** @copydoc sss_key_store_open_key - * - * In SE05X, these keys can be used as KEK encryption key - * - * If ``keyObject`` == NULL, then subsequent key injection does not use any KEK. - * - * @return The sss status. - */ -sss_status_t sss_se05x_key_store_open_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); - -/** Not available for SE05X - * - */ -sss_status_t sss_se05x_key_store_freeze_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_se05x_key_store_erase_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_se05x_key_store_context_free(sss_se05x_key_store_t *keyStore); - -/** Export Key from SE050 to host - * - * Only Transient keys can be exported. - */ -sss_status_t sss_se05x_key_store_export_key( - sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t *keylen); - -/** Re Import previously exported SE05X key from host to the SE05X - * - * Only Transient keys can be imported. - */ -sss_status_t sss_se05x_key_store_import_key( - sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t keylen); - -/*! @} */ /* end of : sss_se05x_keystore */ - -/** - * @addtogroup sss_se05x_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_se05x_asymmetric_context_init(sss_se05x_asymmetric_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_se05x_asymmetric_encrypt( - sss_se05x_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_se05x_asymmetric_decrypt( - sss_se05x_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_se05x_asymmetric_sign_digest( - sss_se05x_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_se05x_asymmetric_verify_digest( - sss_se05x_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_se05x_asymmetric_context_free(sss_se05x_asymmetric_t *context); - -/*! @} */ /* end of : sss_se05x_asym */ - -/** - * @addtogroup sss_se05x_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_se05x_symmetric_context_init(sss_se05x_symmetric_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_se05x_cipher_one_go(sss_se05x_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_se05x_cipher_init(sss_se05x_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_se05x_cipher_update( - sss_se05x_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_se05x_cipher_finish( - sss_se05x_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_se05x_cipher_crypt_ctr(sss_se05x_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_se05x_symmetric_context_free(sss_se05x_symmetric_t *context); - -/*! @} */ /* end of : sss_se05x_symm */ - -/** - * @addtogroup sss_se05x_aead - * @{ - */ -/** @copydoc sss_aead_context_init - * - */ -sss_status_t sss_se05x_aead_context_init(sss_se05x_aead_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_aead_one_go - * - */ -sss_status_t sss_se05x_aead_one_go(sss_se05x_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_init - * - */ -sss_status_t sss_se05x_aead_init( - sss_se05x_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @copydoc sss_aead_update_aad - * - */ -sss_status_t sss_se05x_aead_update_aad(sss_se05x_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @copydoc sss_aead_update - * - */ -sss_status_t sss_se05x_aead_update( - sss_se05x_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_aead_finish - * - */ -sss_status_t sss_se05x_aead_finish(sss_se05x_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_context_free - * - */ -void sss_se05x_aead_context_free(sss_se05x_aead_t *context); - -/*! @} */ /* end of : sss_se05x_aead */ - -/** - * @addtogroup sss_se05x_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_se05x_mac_context_init(sss_se05x_mac_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_se05x_mac_one_go( - sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_se05x_mac_init(sss_se05x_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_se05x_mac_update(sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_se05x_mac_finish(sss_se05x_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_se05x_mac_context_free(sss_se05x_mac_t *context); - -/*! @} */ /* end of : sss_se05x_mac */ - -/** - * @addtogroup sss_se05x_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_se05x_digest_context_init( - sss_se05x_digest_t *context, sss_se05x_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_se05x_digest_one_go( - sss_se05x_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_se05x_digest_init(sss_se05x_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_se05x_digest_update(sss_se05x_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_se05x_digest_finish(sss_se05x_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_se05x_digest_context_free(sss_se05x_digest_t *context); - -/*! @} */ /* end of : sss_se05x_md */ - -/** - * @addtogroup sss_se05x_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_se05x_rng_context_init(sss_se05x_rng_context_t *context, sss_se05x_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_se05x_rng_get_random(sss_se05x_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_se05x_rng_context_free(sss_se05x_rng_context_t *context); - -/*! @} */ /* end of : sss_se05x_rng */ - -/** -* @addtogroup sss_se05x_tunnel -* @{ -*/ -/** @copydoc sss_tunnel_context_init - * - */ -sss_status_t sss_se05x_tunnel_context_init(sss_se05x_tunnel_context_t *context, sss_se05x_session_t *session); - -/** @copydoc sss_tunnel_context_free -* -*/ -void sss_se05x_tunnel_context_free(sss_se05x_tunnel_context_t *context); - -/*! @} */ /* end of : sss_se05x_tunnel */ - -sss_status_t sss_se05x_refresh_session(sss_se05x_session_t *session, void *connectionData); - -/** - * @addtogroup sss_se05x_tunnel - * @{ - */ - -/** @copydoc sss_tunnel_context_init - * - */ -sss_status_t sss_se05x_tunnel_context_init(sss_se05x_tunnel_context_t *context, sss_se05x_session_t *session); - -/** @copydoc sss_tunnel_t - * - */ -sss_status_t sss_se05x_tunnel(sss_se05x_tunnel_context_t *context, - uint8_t *data, - size_t dataLen, - sss_se05x_object_t *keyObjects, - uint32_t keyObjectCount, - uint32_t tunnelType); - -/** @copydoc sss_tunnel_context_free - * - */ -void sss_se05x_tunnel_context_free(sss_se05x_tunnel_context_t *context); - -/*! @} */ /* end of : sss_se05x_tunnel */ - -/** Set features of the Applet. - * - * See @ref Se05x_API_SetAppletFeatures - */ -sss_status_t sss_se05x_set_feature( - sss_se05x_session_t *session, SE05x_Applet_Feature_t feature, SE05x_Applet_Feature_Disable_t disable_features); - -SE05x_DigestMode_t se05x_get_sha_algo(sss_algorithm_t algorithm); - -#if SSSFTR_SE05X_ECC -sss_status_t sss_se05x_key_store_create_curve(Se05xSession_t *pSession, uint32_t curve_id); -#endif - -/* clang-format off */ -# if (SSS_HAVE_SSS == 1) - /* Direct Call : session */ -# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_se05x_session_create(((sss_se05x_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_se05x_session_open(((sss_se05x_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_prop_get_u32(session,property,pValue) \ - sss_se05x_session_prop_get_u32(((sss_se05x_session_t * ) session),(property),(pValue)) -# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_se05x_session_prop_get_au8(((sss_se05x_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_session_close(session) \ - sss_se05x_session_close(((sss_se05x_session_t * ) session)) -# define sss_session_delete(session) \ - sss_se05x_session_delete(((sss_se05x_session_t * ) session)) - /* Direct Call : keyobj */ -# define sss_key_object_init(keyObject,keyStore) \ - sss_se05x_key_object_init(((sss_se05x_object_t * ) keyObject),((sss_se05x_key_store_t * ) keyStore)) -# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_se05x_key_object_allocate_handle(((sss_se05x_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_key_object_get_handle(keyObject,keyId) \ - sss_se05x_key_object_get_handle(((sss_se05x_object_t * ) keyObject),(keyId)) -# define sss_key_object_set_user(keyObject,user,options) \ - sss_se05x_key_object_set_user(((sss_se05x_object_t * ) keyObject),(user),(options)) -# define sss_key_object_set_purpose(keyObject,purpose,options) \ - sss_se05x_key_object_set_purpose(((sss_se05x_object_t * ) keyObject),(purpose),(options)) -# define sss_key_object_set_access(keyObject,access,options) \ - sss_se05x_key_object_set_access(((sss_se05x_object_t * ) keyObject),(access),(options)) -# define sss_key_object_set_eccgfp_group(keyObject,group) \ - sss_se05x_key_object_set_eccgfp_group(((sss_se05x_object_t * ) keyObject),(group)) -# define sss_key_object_get_user(keyObject,user) \ - sss_se05x_key_object_get_user(((sss_se05x_object_t * ) keyObject),(user)) -# define sss_key_object_get_purpose(keyObject,purpose) \ - sss_se05x_key_object_get_purpose(((sss_se05x_object_t * ) keyObject),(purpose)) -# define sss_key_object_get_access(keyObject,access) \ - sss_se05x_key_object_get_access(((sss_se05x_object_t * ) keyObject),(access)) -# define sss_key_object_free(keyObject) \ - sss_se05x_key_object_free(((sss_se05x_object_t * ) keyObject)) - /* Direct Call : keyderive */ -# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_derive_key_context_init(((sss_se05x_derive_key_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_se05x_derive_key_go(((sss_se05x_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_se05x_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_se05x_derive_key_dh(((sss_se05x_derive_key_t * ) context),((sss_se05x_object_t * ) otherPartyKeyObject),((sss_se05x_object_t * ) derivedKeyObject)) -# define sss_derive_key_context_free(context) \ - sss_se05x_derive_key_context_free(((sss_se05x_derive_key_t * ) context)) - /* Direct Call : keystore */ -# define sss_key_store_context_init(keyStore,session) \ - sss_se05x_key_store_context_init(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_session_t * ) session)) -# define sss_key_store_allocate(keyStore,keyStoreId) \ - sss_se05x_key_store_allocate(((sss_se05x_key_store_t * ) keyStore),(keyStoreId)) -# define sss_key_store_save(keyStore) \ - sss_se05x_key_store_save(((sss_se05x_key_store_t * ) keyStore)) -# define sss_key_store_load(keyStore) \ - sss_se05x_key_store_load(((sss_se05x_key_store_t * ) keyStore)) -# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_se05x_key_store_set_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_se05x_key_store_generate_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_se05x_key_store_get_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_key_store_open_key(keyStore,keyObject) \ - sss_se05x_key_store_open_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) -# define sss_key_store_freeze_key(keyStore,keyObject) \ - sss_se05x_key_store_freeze_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) -# define sss_key_store_erase_key(keyStore,keyObject) \ - sss_se05x_key_store_erase_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) -# define sss_key_store_context_free(keyStore) \ - sss_se05x_key_store_context_free(((sss_se05x_key_store_t * ) keyStore)) - /* Direct Call : asym */ -# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_asymmetric_context_init(((sss_se05x_asymmetric_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_se05x_asymmetric_encrypt(((sss_se05x_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_se05x_asymmetric_decrypt(((sss_se05x_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_se05x_asymmetric_sign_digest(((sss_se05x_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_se05x_asymmetric_verify_digest(((sss_se05x_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_context_free(context) \ - sss_se05x_asymmetric_context_free(((sss_se05x_asymmetric_t * ) context)) - /* Direct Call : symm */ -# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_symmetric_context_init(((sss_se05x_symmetric_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_se05x_cipher_one_go(((sss_se05x_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_cipher_init(context,iv,ivLen) \ - sss_se05x_cipher_init(((sss_se05x_symmetric_t * ) context),(iv),(ivLen)) -# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_se05x_cipher_update(((sss_se05x_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_se05x_cipher_finish(((sss_se05x_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_se05x_cipher_crypt_ctr(((sss_se05x_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_symmetric_context_free(context) \ - sss_se05x_symmetric_context_free(((sss_se05x_symmetric_t * ) context)) - /* Direct Call : aead */ -# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_aead_context_init(((sss_se05x_aead_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_se05x_aead_one_go(((sss_se05x_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_se05x_aead_init(((sss_se05x_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_aead_update_aad(context,aadData,aadDataLen) \ - sss_se05x_aead_update_aad(((sss_se05x_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_se05x_aead_update(((sss_se05x_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_se05x_aead_finish(((sss_se05x_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_aead_context_free(context) \ - sss_se05x_aead_context_free(((sss_se05x_aead_t * ) context)) - /* Direct Call : mac */ -# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_mac_context_init(((sss_se05x_mac_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_se05x_mac_one_go(((sss_se05x_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_mac_init(context) \ - sss_se05x_mac_init(((sss_se05x_mac_t * ) context)) -# define sss_mac_update(context,message,messageLen) \ - sss_se05x_mac_update(((sss_se05x_mac_t * ) context),(message),(messageLen)) -# define sss_mac_finish(context,mac,macLen) \ - sss_se05x_mac_finish(((sss_se05x_mac_t * ) context),(mac),(macLen)) -# define sss_mac_context_free(context) \ - sss_se05x_mac_context_free(((sss_se05x_mac_t * ) context)) - /* Direct Call : md */ -# define sss_digest_context_init(context,session,algorithm,mode) \ - sss_se05x_digest_context_init(((sss_se05x_digest_t * ) context),((sss_se05x_session_t * ) session),(algorithm),(mode)) -# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_se05x_digest_one_go(((sss_se05x_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_digest_init(context) \ - sss_se05x_digest_init(((sss_se05x_digest_t * ) context)) -# define sss_digest_update(context,message,messageLen) \ - sss_se05x_digest_update(((sss_se05x_digest_t * ) context),(message),(messageLen)) -# define sss_digest_finish(context,digest,digestLen) \ - sss_se05x_digest_finish(((sss_se05x_digest_t * ) context),(digest),(digestLen)) -# define sss_digest_context_free(context) \ - sss_se05x_digest_context_free(((sss_se05x_digest_t * ) context)) - /* Direct Call : rng */ -# define sss_rng_context_init(context,session) \ - sss_se05x_rng_context_init(((sss_se05x_rng_context_t * ) context),((sss_se05x_session_t * ) session)) -# define sss_rng_get_random(context,random_data,dataLen) \ - sss_se05x_rng_get_random(((sss_se05x_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_rng_context_free(context) \ - sss_se05x_rng_context_free(((sss_se05x_rng_context_t * ) context)) - /* Direct Call : tunnel */ -# define sss_tunnel_context_init(context,session) \ - sss_se05x_tunnel_context_init(((sss_se05x_tunnel_context_t * ) context),((sss_se05x_session_t * ) session)) -# define sss_tunnel(context,data,dataLen,keyObjects,keyObjectCount,tunnelType) \ - sss_se05x_tunnel(((sss_se05x_tunnel_context_t * ) context),(data),(dataLen),((sss_se05x_object_t * ) keyObjects),(keyObjectCount),(tunnelType)) -# define sss_tunnel_context_free(context) \ - sss_se05x_tunnel_context_free(((sss_se05x_tunnel_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -/* clang-format on */ -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* FSL_SSS_SE05X_APIS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h deleted file mode 100644 index bab222bf0..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_SE05X_POLICY_H -#define FSL_SSS_SE05X_POLICY_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT -#include -#include -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** @brief - * The function serializes input passed by user (array of sss_policy_t) in to - * uin8[] policy buffer - * - * @param[in] Array of policies passed by user. - * @param[out] buffer passed by user where serialized policy data is copied. - * @param[out] buf_len passed by user where serialized policy data length is copied. - * - * @warning Please ensure pbuff is atleast of size MAX_POLICY_BUFFER_SIZE - * - */ -sss_status_t sss_se05x_create_object_policy_buffer(sss_policy_t *policies, uint8_t *pbuff, size_t *buf_len); -/*! @brief - * The function serializes input passed by user (sss_policy_session_u) in to - * uin8[] policy buffer - * - * @param[in] pointer to sss_policy_session_u passed by user. - * @param[out] buffer passed by user where serialized policy data is copied. - * @param[out] buf_len passed by user where serialized policy data length is copied. - * - * @warning Please ensure session_pol_buff is atleast of size MAX_POLICY_BUFFER_SIZE - * - */ -sss_status_t sss_se05x_create_session_policy_buffer( - sss_policy_session_u *session_policy, uint8_t *session_pol_buff, size_t *buf_len); -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ -#endif /* FSL_SSS_SE05X_POLICY_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h deleted file mode 100644 index d15a4bdd9..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h +++ /dev/null @@ -1,56 +0,0 @@ -/* -* -* Copyright 2018-2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef FSL_SSS_SE05X_SCP03_H -#define FSL_SSS_SE05X_SCP03_H - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "nxScp03_Const.h" -#include "nxScp03_Types.h" -#include "se05x_tlv.h" -#if SSS_HAVE_MBEDTLS -#include -#endif -#if SSS_HAVE_OPENSSL -#include -#endif - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** -* To send and receive encrypted communication using SCP03 -*/ -sss_status_t nxScp03_AuthenticateChannel(pSe05xSession_t se05xSession, NXSCP03_AuthCtx_t *authScp03); - -/** -* To send and receive encrypted communication using Fast SCP -*/ -sss_status_t nxECKey_AuthenticateChannel(pSe05xSession_t se05xSession, SE05x_AuthCtx_ECKey_t *pAuthFScp); - -#ifdef __cplusplus -} /* extern "c"*/ -#endif - -#endif /* FSL_SSS_SE05X_SCP03_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h deleted file mode 100644 index 12cb2dd9a..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h +++ /dev/null @@ -1,618 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ -#define SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include -#include - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT -#include "nxScp03_Types.h" -#include "se05x_const.h" -#include "se05x_tlv.h" -#include "sm_api.h" -#if (__GNUC__ && !AX_EMBEDDED && !__MBED__) -#include -/* Only for base session with os */ -#elif __MBED__ -#include "cmsis_os2.h" -#include "mbed_rtos_storage.h" -#endif -/* FreeRTOS includes. */ -#if USE_RTOS -#include "FreeRTOS.h" -#include "FreeRTOSIPConfig.h" -#include "semphr.h" -#include "task.h" -#endif - -/*! - * @addtogroup sss_sw_se05x - * @{ - */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_SUBSYSTEM_TYPE_IS_SE05X(subsystem) (subsystem == kType_SSS_SE_SE05x) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_SESSION_TYPE_IS_SE05X(session) (session && SSS_SUBSYSTEM_TYPE_IS_SE05X(session->subsystem)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_KEY_STORE_TYPE_IS_SE05X(keyStore) (keyStore && SSS_SESSION_TYPE_IS_SE05X(keyStore->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_OBJECT_TYPE_IS_SE05X(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_SE05X(pObject->keyStore)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_ASYMMETRIC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_DERIVE_KEY_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_SYMMETRIC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_MAC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_RNG_CONTEXT_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_DIGEST_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_AEAD_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_TUNNEL_CONTEXT_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_TUNNEL_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -struct _sss_se05x_session; - -/** @copydoc sss_tunnel_t */ -typedef struct _sss_se05x_tunnel_context -{ - /** Pointer to the base SE050 SEssion */ - struct _sss_se05x_session *se05x_session; - /** Where exactly this tunnel terminates to */ - sss_tunnel_dest_t tunnelDest; -/** For systems where we potentially have multi-threaded operations, have a lock */ -#if USE_RTOS - SemaphoreHandle_t channelLock; -#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) - pthread_mutex_t channelLock; -#elif __MBED__ - osSemaphoreId_t channelLock; -#endif -} sss_se05x_tunnel_context_t; - -/** @copydoc sss_session_t */ -typedef struct _sss_se05x_session -{ - /** Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - - /** Connection context to SE050 */ - - Se05xSession_t s_ctx; - - /** In case connection is tunneled, context to the tunnel */ - - sss_se05x_tunnel_context_t *ptun_ctx; -} sss_se05x_session_t; - -struct _sss_se05x_object; - -/** @copydoc sss_key_store_t */ -typedef struct -{ - /** Pointer to the session */ - sss_se05x_session_t *session; - /** In case the we are using Key Wrapping while injecting the keys, pointer to key used for wrapping */ - struct _sss_se05x_object *kekKey; - -} sss_se05x_key_store_t; - -/** @copydoc sss_object_t */ -typedef struct _sss_se05x_object -{ - /** key store holding the data and other properties */ - sss_se05x_key_store_t *keyStore; - /** @copydoc sss_object_t::objectType */ - uint32_t objectType; - /** @copydoc sss_object_t::cipherType */ - uint32_t cipherType; - /** Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; - - /** If this is an ECC Key, the Curve ID of the key */ - SE05x_ECCurve_t curve_id; - - /** Whether this is a persistant or tansient object */ - uint8_t isPersistant : 1; - -} sss_se05x_object_t; - -/** @copydoc sss_derive_key_t */ -typedef struct -{ - /** @copydoc sss_derive_key_t::session */ - sss_se05x_session_t *session; - /** @copydoc sss_derive_key_t::keyObject */ - sss_se05x_object_t *keyObject; - /** @copydoc sss_derive_key_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_derive_key_t::mode */ - sss_mode_t mode; - -} sss_se05x_derive_key_t; - -/** @copydoc sss_asymmetric_t */ -typedef struct -{ - /** @copydoc sss_asymmetric_t::session */ - sss_se05x_session_t *session; - /** @copydoc sss_asymmetric_t::keyObject */ - sss_se05x_object_t *keyObject; - /** @copydoc sss_asymmetric_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_asymmetric_t::mode */ - sss_mode_t mode; - -} sss_se05x_asymmetric_t; - -/** @copydoc sss_symmetric_t */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_se05x_session_t *session; - /** Reference to key and it's properties. */ - sss_se05x_object_t *keyObject; - /** @copydoc sss_symmetric_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_symmetric_t::mode */ - sss_mode_t mode; - - /* Implementation specific part */ - - /** Used crypto object ID for this operation */ - SE05x_CryptoObjectID_t cryptoObjectId; - /** Since underlying system conly only process in fixed chunks, chache them on host - * to complete the operation sanely */ - uint8_t cache_data[16]; - /** Length of bytes cached on host */ - size_t cache_data_len; -} sss_se05x_symmetric_t; - -/** @copydoc sss_mac_t */ -typedef struct -{ - /** copydoc sss_mac_t::session */ - sss_se05x_session_t *session; - /** copydoc sss_mac_t::keyObject */ - sss_se05x_object_t *keyObject; - - /** copydoc sss_mac_t::algorithm */ - sss_algorithm_t algorithm; - /** copydoc sss_mac_t::mode */ - sss_mode_t mode; - /* Implementation specific part */ - - /** Used crypto object ID for this operation */ - SE05x_CryptoObjectID_t cryptoObjectId; -} sss_se05x_mac_t; - -/** @copydoc sss_aead_t */ -typedef struct -{ - /** @copydoc sss_aead_t::session */ - sss_se05x_session_t *session; - /** @copydoc sss_aead_t::keyObject */ - sss_se05x_object_t *keyObject; - /** @copydoc sss_aead_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_aead_t::mode */ - sss_mode_t mode; - - /** Implementation specific part */ - SE05x_CryptoObjectID_t cryptoObjectId; - /** Cache in case of un-alined inputs */ - uint8_t cache_data[16]; - /** How much we have cached */ - size_t cache_data_len; -} sss_se05x_aead_t; - -/** @copydoc sss_digest_t */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_se05x_session_t *session; - /** @copydoc sss_digest_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_digest_t::mode */ - sss_mode_t mode; - /** @copydoc sss_digest_t::digestFullLen */ - size_t digestFullLen; - /** Implementation specific part */ - - SE05x_CryptoObjectID_t cryptoObjectId; -} sss_se05x_digest_t; - -/** @copydoc sss_rng_context_t */ -typedef struct -{ - /** @copydoc sss_rng_context_t::session */ - sss_se05x_session_t *session; -} sss_se05x_rng_context_t; - -/** SE050 Properties that can be represented as an array */ -typedef enum -{ - kSSS_SE05x_SessionProp_CertUID = kSSS_SessionProp_au8_Proprietary_Start + 1, -} sss_s05x_sesion_prop_au8_t; - -/** SE050 Properties that can be represented as 32bit numbers */ -typedef enum -{ - kSSS_SE05x_SessionProp_CertUIDLen = kSSS_SessionProp_u32_Optional_Start + 1, -} sss_s05x_sesion_prop_u32_t; - -/** deprecated : Used only for backwards compatibility */ -#define SE05x_Connect_Ctx_t SE_Connect_Ctx_t -/** deprecated : Used only for backwards compatibility */ -#define se05x_auth_context_t SE_Connect_Ctx_t - -/** Used to enable Applet Features via ``sss_se05x_set_feature`` */ -typedef struct -{ - /** Use of curve TPM_ECC_BN_P256 */ - uint8_t AppletConfig_ECDAA : 1; - /** EC DSA and DH support */ - uint8_t AppletConfig_ECDSA_ECDH_ECDHE : 1; - /** Use of curve RESERVED_ID_ECC_ED_25519 */ - uint8_t AppletConfig_EDDSA : 1; - /** Use of curve RESERVED_ID_ECC_MONT_DH_25519 */ - uint8_t AppletConfig_DH_MONT : 1; - /** Writing HMACKey objects */ - uint8_t AppletConfig_HMAC : 1; - /** Writing RSAKey objects */ - uint8_t AppletConfig_RSA_PLAIN : 1; - /** Writing RSAKey objects */ - uint8_t AppletConfig_RSA_CRT : 1; - /** Writing AESKey objects */ - uint8_t AppletConfig_AES : 1; - /** Writing DESKey objects */ - uint8_t AppletConfig_DES : 1; - /** PBKDF2 */ - uint8_t AppletConfig_PBKDF : 1; - /** TLS Handshake support commands (see 4.16) in APDU Spec*/ - uint8_t AppletConfig_TLS : 1; - /** Mifare DESFire support (see 4.15) in APDU Spec*/ - uint8_t AppletConfig_MIFARE : 1; - /** Allocated value undefined and reserved for future use */ - uint8_t AppletConfig_RFU1 : 1; - /** I2C Master support (see 4.17) in APDU Spec*/ - uint8_t AppletConfig_I2CM : 1; - /** RFU */ - uint8_t AppletConfig_RFU21 : 1; -} SE05x_Applet_Feature_t; - -/** Used to disable Applet Features via ``sss_se05x_set_feature`` */ -typedef struct -{ - /** Disable feature ECDH B2b8 */ - uint8_t EXTCFG_FORBID_ECDH : 1; - /** Disable feature ECDAA B2b7 */ - uint8_t EXTCFG_FORBID_ECDAA : 1; - /** Disable feature RSA_LT_2K B6b8 */ - uint8_t EXTCFG_FORBID_RSA_LT_2K : 1; - /** Disable feature RSA_SHA1 B6b7 */ - uint8_t EXTCFG_FORBID_RSA_SHA1 : 1; - /** Disable feature AES_GCM B8b8 */ - uint8_t EXTCFG_FORBID_AES_GCM : 1; - /** Disable feature AES_GCM_EXT_IV B8b7 */ - uint8_t EXTCFG_FORBID_AES_GCM_EXT_IV : 1; - /** Disable feature HKDF_EXTRACT B10b7 */ - uint8_t EXTCFG_FORBID_HKDF_EXTRACT : 1; -} SE05x_Applet_Feature_Disable_t; - -/** Attestation data */ -typedef struct -{ - /** Random used during attestation */ - uint8_t outrandom[16]; - /** length of outrandom */ - size_t outrandomLen; - /** time stamp */ - SE05x_TimeStamp_t timeStamp; - /** Length of timeStamp */ - size_t timeStampLen; - /** Uinquie ID of SE050 */ - uint8_t chipId[SE050_MODULE_UNIQUE_ID_LEN]; - /** Lenght of the Unique ID */ - size_t chipIdLen; - /** Attributes */ - uint8_t attribute[MAX_POLICY_BUFFER_SIZE + 15]; - /** Length of Attribute */ - size_t attributeLen; - /** Signature for attestation */ - uint8_t signature[512]; - /** Lenght of signature */ - size_t signatureLen; -} sss_se05x_attst_comp_data_t; - -/** Data to be read with attestation */ -typedef struct -{ - /** Whle reading RSA Objects, modulus and public exporent get attested separately, */ - sss_se05x_attst_comp_data_t data[SE05X_MAX_ATTST_DATA]; - /** How many entries to attest */ - uint8_t valid_number; -} sss_se05x_attst_data_t; - -/** @} */ - -/** @addtogroup se050_i2cm - * - * @{ */ - -/** Types of entries in an I2CM Transaction */ -typedef enum -{ - /** Do nothing */ - kSE05x_I2CM_None = 0, - /** Configure the address, baudrate */ - kSE05x_I2CM_Configure, - /** Write to I2C Slave */ - kSE05x_I2CM_Write = 3, - /** Read from I2C Slave */ - kSE05x_I2CM_Read, - - /** Response from SE05x that there is something wrong */ - kSE05x_I2CM_StructuralIssue = 0xFF -} SE05x_I2CM_TLV_type_t; - -/** Status of I2CM Transaction */ -typedef enum -{ - kSE05x_I2CM_Success = 0x5A, - kSE05x_I2CM_I2C_Nack_Fail = 0x01, - kSE05x_I2CM_I2C_Write_Error = 0x02, - kSE05x_I2CM_I2C_Read_Error = 0x03, - kSE05x_I2CM_I2C_Time_Out_Error = 0x05, - kSE05x_I2CM_Invalid_Tag = 0x11, - kSE05x_I2CM_Invalid_Length = 0x12, - kSE05x_I2CM_Invalid_Length_Encode = 0x13, - kSE05x_I2CM_I2C_Config = 0x21 -} SE05x_I2CM_status_t; - -/** Additional operation on data read by I2C */ -typedef enum -{ - kSE05x_Security_None = 0, - kSE05x_Sign_Request, - kSE05x_Sign_Enc_Request, -} SE05x_I2CM_securityReq_t; - -/** Configuration for I2CM */ -typedef enum -{ - kSE05x_I2CM_Baud_Rate_100Khz = 0, - kSE05x_I2CM_Baud_Rate_400Khz, -} SE05x_I2CM_Baud_Rate_t; - -/** Data Configuration for I2CM */ -typedef struct -{ - /** 7 Bit address of I2C slave */ - uint8_t I2C_addr; - /** What baud rate */ - SE05x_I2CM_Baud_Rate_t I2C_baudRate; - /** return status of the config operation */ - SE05x_I2CM_status_t status; -} SE05x_I2CM_configData_t; - -/** @brief Security Configuration for I2CM */ -typedef struct -{ - /** @copydoc SE05x_I2CM_securityReq_t */ - SE05x_I2CM_securityReq_t operation; - /** object used for the operation */ - uint32_t keyObject; -} SE05x_I2CM_securityData_t; - -/** @brief Write From I2CM to I2C Slave */ -typedef struct -{ - /** How many bytes to write */ - uint8_t writeLength; - /** [Out] status of the operation */ - SE05x_I2CM_status_t wrStatus; - /** Buffer to be written */ - uint8_t *writebuf; /* Input */ -} SE05x_I2CM_writeData_t; - -/** Read to I2CM from I2C Slave */ -typedef struct -{ - /** How many bytes to read */ - uint16_t readLength; - /** [Out] status of the operation */ - SE05x_I2CM_status_t rdStatus; - /** Output. rdBuf will point to Host buffer. */ - uint8_t *rdBuf; -} SE05x_I2CM_readData_t; - -/** Used to report error response, not for outgoing command */ -typedef struct -{ - /** [Out] In case there is any structural issue */ - SE05x_I2CM_status_t issueStatus; -} SE05x_I2CM_structuralIssue_t; - -/** @brief Individual entry in array of TLV commands */ -typedef union { - /** @copydoc SE05x_I2CM_configData_t */ - SE05x_I2CM_configData_t cfg; - /** @copydoc SE05x_I2CM_securityData_t */ - SE05x_I2CM_securityData_t sec; - /** @copydoc SE05x_I2CM_writeData_t */ - SE05x_I2CM_writeData_t w; - /** @copydoc SE05x_I2CM_readData_t */ - SE05x_I2CM_readData_t rd; - /** @copydoc SE05x_I2CM_structuralIssue_t */ - SE05x_I2CM_structuralIssue_t issue; -} SE05x_I2CM_INS_type_t; - -/** Individual entry in array of TLV commands, with type - * - * @ref Se05x_i2c_master_txn would expect an array of these. - */ -typedef struct _SE05x_I2CM_cmd -{ - /** @copybrief SE05x_I2CM_TLV_type_t */ - SE05x_I2CM_TLV_type_t type; - /** @copybrief SE05x_I2CM_INS_type_t */ - SE05x_I2CM_INS_type_t cmd; -} SE05x_I2CM_cmd_t; - -/*! - *@} - */ /* end of se050_i2cm */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** MAC Validate - * - */ -sss_status_t sss_se05x_mac_validate_one_go( - sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t macLen); - -/** Similar to @ref sss_se05x_asymmetric_sign_digest, - * - * but hashing/digest done by SE - */ -sss_status_t sss_se05x_asymmetric_sign( - sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t *signatureLen); - -/** Similar to @ref sss_se05x_asymmetric_verify_digest, - * but hashing/digest done by SE - * - */ -sss_status_t sss_se05x_asymmetric_verify( - sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen); - -/** Read with attestation - * - */ -sss_status_t sss_se05x_key_store_get_key_attst(sss_se05x_key_store_t *keyStore, - sss_se05x_object_t *keyObject, - uint8_t *key, - size_t *keylen, - size_t *pKeyBitLen, - sss_se05x_object_t *keyObject_attst, - sss_algorithm_t algorithm_attst, - uint8_t *random_attst, - size_t randomLen_attst, - sss_se05x_attst_data_t *attst_data); - -uint32_t se05x_sssKeyTypeLenToCurveId(sss_cipher_type_t keyType, size_t keyBits); - -/** @addtogroup se050_i2cm - * - * @{ -*/ - -/** @brief Se05x_i2c_master_txn -* -* I2CM Transaction -* -* @param[in] sess session identifier -* @param[in,out] cmds Array of structure type capturing a sequence of i2c master cmd/rsp transactions. -* @param[in] cmdLen Amount of structures contained in cmds -* -* @pre p describes I2C master commands. -* @post p contains execution state of I2C master commands, the I2C master commands can be overwritten to report on execution failure. -*/ -smStatus_t Se05x_i2c_master_txn(sss_session_t *sess, SE05x_I2CM_cmd_t *cmds, uint8_t cmdLen); - -/** @brief Se05x_i2c_master_attst_txn - * - * I2CM Read With Attestation - * - * @param[in] sess session identifier - * @param[in] keyObject Keyobject which contains 4 byte attestaion KeyId - * @param[in,out] p Array of structure type capturing a sequence of i2c master cmd/rsp transactions. - * @param[in] random_attst 16-byte freshness random - * @param[in] random_attstLen length of freshness random - * @param[in] attst_algo 1 byte attestationAlgo - * @param[out] ptimeStamp timestamp - * @param[out] timeStampLen Length for timestamp - * @param[out] freshness freshness (random) - * @param[out] pfreshnessLen Length for freshness - * @param[out] chipId unique chip Id - * @param[out] pchipIdLen Length for chipId - * @param[out] signature signature - * @param[out] psignatureLen Length for signature - * @param[in] noOftags Amount of structures contained in ``p`` - * - * @pre p describes I2C master commands. - * @post p contains execution state of I2C master commands, the I2C master commands can be overwritten to report on execution failure. - */ -smStatus_t Se05x_i2c_master_attst_txn(sss_session_t *sess, - sss_object_t *keyObject, - SE05x_I2CM_cmd_t *p, - uint8_t *random_attst, - size_t random_attstLen, - SE05x_AttestationAlgo_t attst_algo, - SE05x_TimeStamp_t *ptimeStamp, - size_t *timeStampLen, - uint8_t *freshness, - size_t *pfreshnessLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen, - uint8_t noOftags); - -/*! - *@} - */ /* end of se050_i2cm */ - -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ - -#endif /* SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h deleted file mode 100644 index b80f0c3e6..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h +++ /dev/null @@ -1,717 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _FSL_SSS_SSCP_H_ -#define _FSL_SSS_SSCP_H_ - -#include "fsl_sscp.h" -#include "fsl_sss_api.h" - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if !defined(SSS_SSCP_CONFIG_FILE) -#include "fsl_sss_sscp_config.h" -#else -#include SSS_SSCP_CONFIG_FILE -#endif - -#define SSS_SUBSYSTEM_TYPE_IS_SSCP(subsystem) ((subsystem == kType_SSS_SE_A71CH) || (subsystem == kType_SSS_SE_A71CL)) - -#define SSS_SESSION_TYPE_IS_SSCP(session) (session && SSS_SUBSYSTEM_TYPE_IS_SSCP(session->subsystem)) - -#define SSS_KEY_STORE_TYPE_IS_SSCP(keyStore) (keyStore && SSS_SESSION_TYPE_IS_SSCP(keyStore->session)) - -#define SSS_OBJECT_TYPE_IS_SSCP(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_SSCP(pObject->keyStore)) - -#define SSS_DERIVE_KEY_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_ASYMMETRIC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_SYMMETRIC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_MAC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_RNG_CONTEXT_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_DIGEST_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_AEAD_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -typedef enum -{ - kSSS_SSCP_SessionProp_CertUID = kSSS_SessionProp_au8_Proprietary_Start + 1, -} sss_sscp_sesion_prop_au8_t; - -typedef enum -{ - kSSS_SSCP_SessionProp_CertUIDLen = kSSS_SessionProp_u32_Optional_Start + 1, -} sss_sscp_sesion_prop_u32_t; - -typedef void (*fn_sscp_close_t)(void); - -typedef struct _sss_sscp_session -{ - /*! Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - - /*! Implementation specific part - * This will be NULL unitl and unless we are not ready to use the sscp_context. - */ - sscp_context_t *sscp_context; - /** - * Allocated structure, not to be used directly... - * Use only sscp_context */ - sscp_context_t mem_sscp_ctx; - /** session identifier */ - uint32_t sessionId; - /** Function pointer that can be used to close the last active session. */ - fn_sscp_close_t fp_closeConnection; -} sss_sscp_session_t; - -typedef struct _sss_sscp_key_store -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_sscp_session_t *session; - /*! Implementation specific part */ - uint32_t keyStoreId; -} sss_sscp_key_store_t; - -typedef struct _sss_sscp_object -{ - /*! key store holding the data and other properties */ - sss_sscp_key_store_t *keyStore; - - uint32_t objectType; /*!< Object types */ - uint32_t cipherType; /*!< Cipher types */ - /*! Application specific key identifier. The keyId is kept in the key store along with the key data and other - * properties. */ - uint32_t keyId; - - void *transientObject; - size_t transientObjectLen; - size_t transientObjectBitLen; - uint8_t slotId; -} sss_sscp_object_t; - -/*! @brief ::sss_symmetric_t with SSCP specific information */ -typedef struct _sss_sscp_symmetric -{ - /*! Virtual connection between application (user context) and - specific security subsystem and function thereof. */ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< What eventual operation algorithm be performed */ - sss_mode_t mode; /*!< High level operation, encrypt/decrypt/etc. */ - uint32_t sessionId; /*!< Session identifier in case of parallel contexts */ - /*! Implementation specific part */ - struct - { - uint8_t data[SSS_SSCP_SYMMETRIC_CONTEXT_SIZE]; - } context; -} sss_sscp_symmetric_t; - -typedef struct _sss_sscp_aead -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - - /*! Implementation specific part */ -} sss_sscp_aead_t; - -typedef struct _sss_sscp_digest -{ - /*! Virtual connection between application (user context) and specific security subsystem and function thereof. */ - sss_sscp_session_t *session; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - - /*! Implementation specific part */ - struct - { - uint8_t data[SSS_SSCP_DIGEST_CONTEXT_SIZE]; - } context; -} sss_sscp_digest_t; - -typedef struct _sss_sscp_mac -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - - /*! Implementation specific part */ - uint32_t macFullLen; - struct - { - uint8_t data[SSS_SSCP_MAC_CONTEXT_SIZE]; - } context; -} sss_sscp_mac_t; - -typedef struct _sss_sscp_asymmetric -{ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - size_t signatureFullLen; - uint32_t sessionId; /*!< */ - /*! Implementation specific part */ -} sss_sscp_asymmetric_t; - -typedef struct _sss_sscp_tunnel -{ - sss_sscp_session_t *session; - uint32_t tunnelType; - uint32_t sessionId; /*!< */ - /*! Implementation specific part */ -} sss_sscp_tunnel_t; - -typedef struct _sss_sscp_derive_key -{ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - uint32_t sessionId; /*!< */ - /*! Implementation specific part */ -} sss_sscp_derive_key_t; - -typedef struct -{ - /** Context holder of session */ - sss_sscp_session_t *session; -} sss_sscp_rng_context_t; - -/******************************************************************************* - * API - ******************************************************************************/ -#if defined(__cplusplus) -extern "C" { -#endif - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_sscp_session - * @{ - */ -/** @copydoc sss_session_open - * - */ -sss_status_t sss_sscp_session_open(sss_sscp_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_sscp_session_prop_get_u32(sss_sscp_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_sscp_session_prop_get_au8( - sss_sscp_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_sscp_session_close(sss_sscp_session_t *session); - -/*! @} */ /* end of : sss_sscp_session */ - -/** - * @addtogroup sss_sscp_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_sscp_key_object_init(sss_sscp_object_t *keyObject, sss_sscp_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - */ -sss_status_t sss_sscp_key_object_allocate_handle(sss_sscp_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - */ -sss_status_t sss_sscp_key_object_get_handle(sss_sscp_object_t *keyObject, uint32_t keyId); - -/** @copydoc sss_key_object_set_user - * - */ -sss_status_t sss_sscp_key_object_set_user(sss_sscp_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_sscp_key_object_set_purpose(sss_sscp_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @copydoc sss_key_object_set_access - * - */ -sss_status_t sss_sscp_key_object_set_access(sss_sscp_object_t *keyObject, uint32_t access, uint32_t options); - -/** @copydoc sss_key_object_set_eccgfp_group - * - */ -sss_status_t sss_sscp_key_object_set_eccgfp_group(sss_sscp_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @copydoc sss_key_object_get_user - * - */ -sss_status_t sss_sscp_key_object_get_user(sss_sscp_object_t *keyObject, uint32_t *user); - -/** @copydoc sss_key_object_get_purpose - * - */ -sss_status_t sss_sscp_key_object_get_purpose(sss_sscp_object_t *keyObject, sss_mode_t *purpose); - -/** @copydoc sss_key_object_get_access - * - */ -sss_status_t sss_sscp_key_object_get_access(sss_sscp_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - */ -void sss_sscp_key_object_free(sss_sscp_object_t *keyObject); - -/*! @} */ /* end of : sss_sscp_keyobj */ - -/** - * @addtogroup sss_sscp_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_sscp_derive_key_context_init(sss_sscp_derive_key_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_one_go -* -*/ -sss_status_t sss_sscp_derive_key_one_go(sss_sscp_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_sscp_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_sobj_one_go -* -*/ -sss_status_t sss_sscp_derive_key_sobj_one_go(sss_sscp_derive_key_t *context, - sss_sscp_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_sscp_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_sscp_derive_key_go(sss_sscp_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_sscp_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_sscp_derive_key_dh( - sss_sscp_derive_key_t *context, sss_sscp_object_t *otherPartyKeyObject, sss_sscp_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_sscp_derive_key_context_free(sss_sscp_derive_key_t *context); - -/*! @} */ /* end of : sss_sscp_keyderive */ - -/** - * @addtogroup sss_sscp_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_sscp_key_store_context_init(sss_sscp_key_store_t *keyStore, sss_sscp_session_t *session); - -/** @copydoc sss_key_store_allocate - * - */ -sss_status_t sss_sscp_key_store_allocate(sss_sscp_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - */ -sss_status_t sss_sscp_key_store_save(sss_sscp_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - */ -sss_status_t sss_sscp_key_store_load(sss_sscp_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_sscp_key_store_set_key(sss_sscp_key_store_t *keyStore, - sss_sscp_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_sscp_key_store_generate_key( - sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_sscp_key_store_get_key( - sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); - -#if 0 -/* To be reviewed: Purnank */ -/** @copydoc sss_sscp_key_store_get_key_fromoffset - * - */ -sss_status_t sss_sscp_key_store_get_key_fromoffset(sss_sscp_key_store_t *keyStore, - sss_sscp_object_t *keyObject, - uint8_t *data, - size_t *dataLen, - size_t *pKeyBitLen, - uint16_t offset); -#endif -/** @copydoc sss_key_store_open_key - * - */ -sss_status_t sss_sscp_key_store_open_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); - -/** @copydoc sss_key_store_freeze_key - * - */ -sss_status_t sss_sscp_key_store_freeze_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_sscp_key_store_erase_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_sscp_key_store_context_free(sss_sscp_key_store_t *keyStore); - -/*! @} */ /* end of : sss_sscp_keystore */ - -/** - * @addtogroup sss_sscp_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_sscp_asymmetric_context_init(sss_sscp_asymmetric_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_sscp_asymmetric_encrypt( - sss_sscp_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_sscp_asymmetric_decrypt( - sss_sscp_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_sscp_asymmetric_sign_digest( - sss_sscp_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_sscp_asymmetric_verify_digest( - sss_sscp_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_sscp_asymmetric_context_free(sss_sscp_asymmetric_t *context); - -/*! @} */ /* end of : sss_sscp_asym */ - -/** - * @addtogroup sss_sscp_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_sscp_symmetric_context_init(sss_sscp_symmetric_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_sscp_cipher_one_go(sss_sscp_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_sscp_cipher_init(sss_sscp_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_sscp_cipher_update( - sss_sscp_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_sscp_cipher_finish( - sss_sscp_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_sscp_cipher_crypt_ctr(sss_sscp_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_sscp_symmetric_context_free(sss_sscp_symmetric_t *context); - -/*! @} */ /* end of : sss_sscp_symm */ - -/** - * @addtogroup sss_sscp_aead - * @{ - */ -/** @copydoc sss_aead_context_init - * - */ -sss_status_t sss_sscp_aead_context_init(sss_sscp_aead_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_aead_one_go - * - */ -sss_status_t sss_sscp_aead_one_go(sss_sscp_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_init - * - */ -sss_status_t sss_sscp_aead_init( - sss_sscp_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @copydoc sss_aead_update_aad - * - */ -sss_status_t sss_sscp_aead_update_aad(sss_sscp_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @copydoc sss_aead_update - * - */ -sss_status_t sss_sscp_aead_update( - sss_sscp_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_aead_finish - * - */ -sss_status_t sss_sscp_aead_finish(sss_sscp_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_context_free - * - */ -void sss_sscp_aead_context_free(sss_sscp_aead_t *context); - -/*! @} */ /* end of : sss_sscp_aead */ - -/** - * @addtogroup sss_sscp_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_sscp_mac_context_init(sss_sscp_mac_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_sscp_mac_one_go( - sss_sscp_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_sscp_mac_init(sss_sscp_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_sscp_mac_update(sss_sscp_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_sscp_mac_finish(sss_sscp_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_sscp_mac_context_free(sss_sscp_mac_t *context); - -/*! @} */ /* end of : sss_sscp_mac */ - -/** - * @addtogroup sss_sscp_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_sscp_digest_context_init( - sss_sscp_digest_t *context, sss_sscp_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_sscp_digest_one_go( - sss_sscp_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_sscp_digest_init(sss_sscp_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_sscp_digest_update(sss_sscp_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_sscp_digest_finish(sss_sscp_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_sscp_digest_context_free(sss_sscp_digest_t *context); - -/*! @} */ /* end of : sss_sscp_md */ - -/** - * @addtogroup sss_sscp_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_sscp_rng_context_init(sss_sscp_rng_context_t *context, sss_sscp_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_sscp_rng_get_random(sss_sscp_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_sscp_rng_context_free(sss_sscp_rng_context_t *context); - -/*! @} */ /* end of : sss_sscp_rng */ - -#if defined(__cplusplus) -} -#endif - -#endif /* _FSL_SSS_SSCP_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h deleted file mode 100644 index 65900ab50..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h +++ /dev/null @@ -1,627 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef fsl_sss_user_apis_H -#define fsl_sss_user_apis_H - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_HOSTCRYPTO_USER -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_user_impl_session - * @{ - */ -/** @copydoc sss_session_create - * - */ -sss_status_t sss_user_impl_session_create(sss_user_impl_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connetion_type, - void *connectionData); - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_user_impl_session_open(sss_user_impl_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connetion_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_user_impl_session_prop_get_u32(sss_user_impl_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_user_impl_session_prop_get_au8( - sss_user_impl_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_user_impl_session_close(sss_user_impl_session_t *session); - -/** @copydoc sss_session_delete - * - */ -void sss_user_impl_session_delete(sss_user_impl_session_t *session); - -/*! @} */ /* end of : sss_user_impl_session */ - -/** - * @addtogroup sss_user_impl_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_user_impl_key_object_init(sss_user_impl_object_t *keyObject, sss_user_impl_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - */ -sss_status_t sss_user_impl_key_object_allocate_handle(sss_user_impl_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - */ -sss_status_t sss_user_impl_key_object_get_handle(sss_user_impl_object_t *keyObject, uint32_t keyId); - -/** @copydoc sss_key_object_set_user - * - */ -sss_status_t sss_user_impl_key_object_set_user(sss_user_impl_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_user_impl_key_object_set_purpose( - sss_user_impl_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @copydoc sss_key_object_set_access - * - */ -sss_status_t sss_user_impl_key_object_set_access(sss_user_impl_object_t *keyObject, uint32_t access, uint32_t options); - -/** @copydoc sss_key_object_set_eccgfp_group - * - */ -sss_status_t sss_user_impl_key_object_set_eccgfp_group(sss_user_impl_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @copydoc sss_key_object_get_user - * - */ -sss_status_t sss_user_impl_key_object_get_user(sss_user_impl_object_t *keyObject, uint32_t *user); - -/** @copydoc sss_key_object_get_purpose - * - */ -sss_status_t sss_user_impl_key_object_get_purpose(sss_user_impl_object_t *keyObject, sss_mode_t *purpose); - -/** @copydoc sss_key_object_get_access - * - */ -sss_status_t sss_user_impl_key_object_get_access(sss_user_impl_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - */ -void sss_user_impl_key_object_free(sss_user_impl_object_t *keyObject); - -/*! @} */ /* end of : sss_user_impl_keyobj */ - -/** - * @addtogroup sss_user_impl_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_user_impl_derive_key_context_init(sss_user_impl_derive_key_t *context, - sss_user_impl_session_t *session, - sss_user_impl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_user_impl_derive_key_go(sss_user_impl_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_user_impl_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_user_impl_derive_key_dh(sss_user_impl_derive_key_t *context, - sss_user_impl_object_t *otherPartyKeyObject, - sss_user_impl_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_user_impl_derive_key_context_free(sss_user_impl_derive_key_t *context); - -/*! @} */ /* end of : sss_user_impl_keyderive */ - -/** - * @addtogroup sss_user_impl_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_user_impl_key_store_context_init( - sss_user_impl_key_store_t *keyStore, sss_user_impl_session_t *session); - -/** @copydoc sss_key_store_allocate - * - */ -sss_status_t sss_user_impl_key_store_allocate(sss_user_impl_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - */ -sss_status_t sss_user_impl_key_store_save(sss_user_impl_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - */ -sss_status_t sss_user_impl_key_store_load(sss_user_impl_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_user_impl_key_store_set_key(sss_user_impl_key_store_t *keyStore, - sss_user_impl_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_user_impl_key_store_generate_key( - sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_user_impl_key_store_get_key(sss_user_impl_key_store_t *keyStore, - sss_user_impl_object_t *keyObject, - uint8_t *data, - size_t *dataLen, - size_t *pKeyBitLen); - -/** @copydoc sss_key_store_open_key - * - */ -sss_status_t sss_user_impl_key_store_open_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); - -/** @copydoc sss_key_store_freeze_key - * - */ -sss_status_t sss_user_impl_key_store_freeze_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_user_impl_key_store_erase_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); - -/** @copydoc sss_key_store_prop_get_u32 - * - */ -sss_status_t sss_user_impl_key_store_prop_get_u32( - sss_user_impl_key_store_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_key_store_prop_get_au8 - * - */ -sss_status_t sss_user_impl_key_store_prop_get_au8( - sss_user_impl_key_store_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_user_impl_key_store_context_free(sss_user_impl_key_store_t *keyStore); - -/*! @} */ /* end of : sss_user_impl_keystore */ - -/** - * @addtogroup sss_user_impl_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_user_impl_asymmetric_context_init(sss_user_impl_asymmetric_t *context, - sss_user_impl_session_t *session, - sss_user_impl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_user_impl_asymmetric_encrypt( - sss_user_impl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_user_impl_asymmetric_decrypt( - sss_user_impl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_user_impl_asymmetric_sign_digest( - sss_user_impl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_user_impl_asymmetric_verify_digest( - sss_user_impl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_user_impl_asymmetric_context_free(sss_user_impl_asymmetric_t *context); - -/*! @} */ /* end of : sss_user_impl_asym */ - -/** - * @addtogroup sss_user_impl_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_user_impl_symmetric_context_init(sss_user_impl_symmetric_t *context, - sss_user_impl_session_t *session, - sss_user_impl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_user_impl_cipher_one_go(sss_user_impl_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_user_impl_cipher_init(sss_user_impl_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_user_impl_cipher_update( - sss_user_impl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_user_impl_cipher_finish( - sss_user_impl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_user_impl_cipher_crypt_ctr(sss_user_impl_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_user_impl_symmetric_context_free(sss_user_impl_symmetric_t *context); - -/*! @} */ /* end of : sss_user_impl_symm */ - -/** - * @addtogroup sss_user_impl_aead - * @{ - */ - -/** - * @addtogroup sss_user_impl_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_user_impl_mac_context_init(sss_user_impl_mac_t *context, - sss_user_impl_session_t *session, - sss_user_impl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_user_impl_mac_one_go( - sss_user_impl_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_user_impl_mac_init(sss_user_impl_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_user_impl_mac_update(sss_user_impl_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_user_impl_mac_finish(sss_user_impl_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_user_impl_mac_context_free(sss_user_impl_mac_t *context); - -/*! @} */ /* end of : sss_user_impl_mac */ - -/** - * @addtogroup sss_user_impl_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_user_impl_digest_context_init( - sss_user_impl_digest_t *context, sss_user_impl_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_user_impl_digest_one_go( - sss_user_impl_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_user_impl_digest_init(sss_user_impl_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_user_impl_digest_update(sss_user_impl_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_user_impl_digest_finish(sss_user_impl_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_user_impl_digest_context_free(sss_user_impl_digest_t *context); - -/*! @} */ /* end of : sss_user_impl_md */ - -/** - * @addtogroup sss_user_impl_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_user_impl_rng_context_init(sss_user_impl_rng_context_t *context, sss_user_impl_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_user_impl_rng_get_random(sss_user_impl_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_user_impl_rng_context_free(sss_user_impl_rng_context_t *context); - -/*! @} */ /* end of : sss_user_impl_rng */ - -/* clang-format off */ - - /* Host Call : session */ -# define sss_host_session_create(session,subsystem,application_id,connetion_type,connectionData) \ - sss_user_impl_session_create(((sss_user_impl_session_t * ) session),(subsystem),(application_id),(connetion_type),(connectionData)) -# define sss_host_session_open(session,subsystem,application_id,connetion_type,connectionData) \ - sss_user_impl_session_open(((sss_user_impl_session_t * ) session),(subsystem),(application_id),(connetion_type),(connectionData)) -# define sss_host_session_prop_get_u32(session,property,pValue) \ - sss_user_impl_session_prop_get_u32(((sss_user_impl_session_t * ) session),(property),(pValue)) -# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_user_impl_session_prop_get_au8(((sss_user_impl_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_host_session_close(session) \ - sss_user_impl_session_close(((sss_user_impl_session_t * ) session)) -# define sss_host_session_delete(session) \ - sss_user_impl_session_delete(((sss_user_impl_session_t * ) session)) - /* Host Call : keyobj */ -# define sss_host_key_object_init(keyObject,keyStore) \ - sss_user_impl_key_object_init(((sss_user_impl_object_t * ) keyObject),((sss_user_impl_key_store_t * ) keyStore)) -# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_user_impl_key_object_allocate_handle(((sss_user_impl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_host_key_object_get_handle(keyObject,keyId) \ - sss_user_impl_key_object_get_handle(((sss_user_impl_object_t * ) keyObject),(keyId)) -# define sss_host_key_object_set_user(keyObject,user,options) \ - sss_user_impl_key_object_set_user(((sss_user_impl_object_t * ) keyObject),(user),(options)) -# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ - sss_user_impl_key_object_set_purpose(((sss_user_impl_object_t * ) keyObject),(purpose),(options)) -# define sss_host_key_object_set_access(keyObject,access,options) \ - sss_user_impl_key_object_set_access(((sss_user_impl_object_t * ) keyObject),(access),(options)) -# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ - sss_user_impl_key_object_set_eccgfp_group(((sss_user_impl_object_t * ) keyObject),(group)) -# define sss_host_key_object_get_user(keyObject,user) \ - sss_user_impl_key_object_get_user(((sss_user_impl_object_t * ) keyObject),(user)) -# define sss_host_key_object_get_purpose(keyObject,purpose) \ - sss_user_impl_key_object_get_purpose(((sss_user_impl_object_t * ) keyObject),(purpose)) -# define sss_host_key_object_get_access(keyObject,access) \ - sss_user_impl_key_object_get_access(((sss_user_impl_object_t * ) keyObject),(access)) -# define sss_host_key_object_free(keyObject) \ - sss_user_impl_key_object_free(((sss_user_impl_object_t * ) keyObject)) - /* Host Call : keyderive */ -# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_derive_key_context_init(((sss_user_impl_derive_key_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_user_impl_derive_key_go(((sss_user_impl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_user_impl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_user_impl_derive_key_dh(((sss_user_impl_derive_key_t * ) context),((sss_user_impl_object_t * ) otherPartyKeyObject),((sss_user_impl_object_t * ) derivedKeyObject)) -# define sss_host_derive_key_context_free(context) \ - sss_user_impl_derive_key_context_free(((sss_user_impl_derive_key_t * ) context)) - /* Host Call : keystore */ -# define sss_host_key_store_context_init(keyStore,session) \ - sss_user_impl_key_store_context_init(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_session_t * ) session)) -# define sss_host_key_store_allocate(keyStore,keyStoreId) \ - sss_user_impl_key_store_allocate(((sss_user_impl_key_store_t * ) keyStore),(keyStoreId)) -# define sss_host_key_store_save(keyStore) \ - sss_user_impl_key_store_save(((sss_user_impl_key_store_t * ) keyStore)) -# define sss_host_key_store_load(keyStore) \ - sss_user_impl_key_store_load(((sss_user_impl_key_store_t * ) keyStore)) -# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_user_impl_key_store_set_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_user_impl_key_store_generate_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_user_impl_key_store_get_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_host_key_store_open_key(keyStore,keyObject) \ - sss_user_impl_key_store_open_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) -# define sss_host_key_store_freeze_key(keyStore,keyObject) \ - sss_user_impl_key_store_freeze_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) -# define sss_host_key_store_erase_key(keyStore,keyObject) \ - sss_user_impl_key_store_erase_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) -# define sss_host_key_store_prop_get_u32(session,property,pValue) \ - sss_user_impl_key_store_prop_get_u32(((sss_user_impl_key_store_t * ) session),(property),(pValue)) -# define sss_host_key_store_prop_get_au8(session,property,pValue,pValueLen) \ - sss_user_impl_key_store_prop_get_au8(((sss_user_impl_key_store_t * ) session),(property),(pValue),(pValueLen)) -# define sss_host_key_store_context_free(keyStore) \ - sss_user_impl_key_store_context_free(((sss_user_impl_key_store_t * ) keyStore)) - /* Host Call : asym */ -# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_asymmetric_context_init(((sss_user_impl_asymmetric_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_asymmetric_encrypt(((sss_user_impl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_asymmetric_decrypt(((sss_user_impl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_user_impl_asymmetric_sign_digest(((sss_user_impl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_user_impl_asymmetric_verify_digest(((sss_user_impl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_context_free(context) \ - sss_user_impl_asymmetric_context_free(((sss_user_impl_asymmetric_t * ) context)) - /* Host Call : symm */ -# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_symmetric_context_init(((sss_user_impl_symmetric_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_user_impl_cipher_one_go(((sss_user_impl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_host_cipher_init(context,iv,ivLen) \ - sss_user_impl_cipher_init(((sss_user_impl_symmetric_t * ) context),(iv),(ivLen)) -# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_cipher_update(((sss_user_impl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_cipher_finish(((sss_user_impl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_user_impl_cipher_crypt_ctr(((sss_user_impl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_host_symmetric_context_free(context) \ - sss_user_impl_symmetric_context_free(((sss_user_impl_symmetric_t * ) context)) - /* Host Call : aead */ -# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_aead_context_init(((sss_user_impl_aead_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_user_impl_aead_one_go(((sss_user_impl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_user_impl_aead_init(((sss_user_impl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ - sss_user_impl_aead_update_aad(((sss_user_impl_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_aead_update(((sss_user_impl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_user_impl_aead_finish(((sss_user_impl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_host_aead_context_free(context) \ - sss_user_impl_aead_context_free(((sss_user_impl_aead_t * ) context)) - /* Host Call : mac */ -# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_mac_context_init(((sss_user_impl_mac_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_user_impl_mac_one_go(((sss_user_impl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_host_mac_init(context) \ - sss_user_impl_mac_init(((sss_user_impl_mac_t * ) context)) -# define sss_host_mac_update(context,message,messageLen) \ - sss_user_impl_mac_update(((sss_user_impl_mac_t * ) context),(message),(messageLen)) -# define sss_host_mac_finish(context,mac,macLen) \ - sss_user_impl_mac_finish(((sss_user_impl_mac_t * ) context),(mac),(macLen)) -# define sss_host_mac_context_free(context) \ - sss_user_impl_mac_context_free(((sss_user_impl_mac_t * ) context)) - /* Host Call : md */ -# define sss_host_digest_context_init(context,session,algorithm,mode) \ - sss_user_impl_digest_context_init(((sss_user_impl_digest_t * ) context),((sss_user_impl_session_t * ) session),(algorithm),(mode)) -# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_user_impl_digest_one_go(((sss_user_impl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_host_digest_init(context) \ - sss_user_impl_digest_init(((sss_user_impl_digest_t * ) context)) -# define sss_host_digest_update(context,message,messageLen) \ - sss_user_impl_digest_update(((sss_user_impl_digest_t * ) context),(message),(messageLen)) -# define sss_host_digest_finish(context,digest,digestLen) \ - sss_user_impl_digest_finish(((sss_user_impl_digest_t * ) context),(digest),(digestLen)) -# define sss_host_digest_context_free(context) \ - sss_user_impl_digest_context_free(((sss_user_impl_digest_t * ) context)) - /* Host Call : rng */ -# define sss_host_rng_context_init(context,session) \ - sss_user_impl_rng_context_init(((sss_user_impl_rng_context_t * ) context),((sss_user_impl_session_t * ) session)) -# define sss_host_rng_get_random(context,random_data,dataLen) \ - sss_user_impl_rng_get_random(((sss_user_impl_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_host_rng_context_free(context) \ - sss_user_impl_rng_context_free(((sss_user_impl_rng_context_t * ) context)) - -/* clang-format on */ -#endif /* SSS_HAVE_HOSTCRYPTO_USER */ -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* fsl_sss_user_apis_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h deleted file mode 100644 index 302c34e90..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h +++ /dev/null @@ -1,144 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_fsl_sss_user_types_H_ -#define SSS_APIS_INC_fsl_sss_user_types_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_HOSTCRYPTO_USER - -/** - * @addtogroup sss_sw_host_impl - * @{ - */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#define SSS_SUBSYSTEM_TYPE_IS_HOST(subsystem) (subsystem == kType_SSS_mbedTLS) - -#define SSS_SESSION_TYPE_IS_HOST(session) (session && SSS_SUBSYSTEM_TYPE_IS_HOST(session->subsystem)) - -#define SSS_KEY_STORE_TYPE_IS_HOST(keyStore) (keyStore && SSS_SESSION_TYPE_IS_HOST(keyStore->session)) - -#define SSS_OBJECT_TYPE_IS_HOST(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_HOST(pObject->keyStore)) - -#define SSS_SYMMETRIC_TYPE_IS_HOST(context) (context && SSS_SESSION_TYPE_IS_HOST(context->session)) - -#define SSS_RNG_CONTEXT_TYPE_IS_HOST(context) (context && SSS_SESSION_TYPE_IS_HOST(context->session)) - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -struct _sss_user_impl_session; - -typedef struct _sss_user_impl_session -{ - /*! Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - -} sss_user_impl_session_t; - -struct _sss_user_impl_object; - -typedef struct _sss_user_impl_key_store -{ - sss_user_impl_session_t *session; - -} sss_user_impl_key_store_t; - -typedef struct _sss_user_impl_object -{ - /*! key store holding the data and other properties */ - sss_user_impl_key_store_t *keyStore; - /*! Object types */ - uint32_t objectType; - uint32_t cipherType; - /*! Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; -} sss_user_impl_object_t; - -typedef struct _sss_user_impl_derive_key -{ - sss_user_impl_session_t *session; - sss_user_impl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ -} sss_user_impl_derive_key_t; - -typedef struct _sss_user_impl_asymmetric -{ - sss_user_impl_session_t *session; - sss_user_impl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ -} sss_user_impl_asymmetric_t; - -typedef struct _sss_user_impl_symmetric -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_user_impl_session_t *session; - /*** Reference to key and it's properties. */ - sss_user_impl_object_t *keyObject; - sss_algorithm_t algorithm; - sss_mode_t mode; -} sss_user_impl_symmetric_t; - -typedef struct _sss_user_impl_mac -{ - sss_user_impl_session_t *session; - /*! Reference to key and it's properties. */ - sss_user_impl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ -} sss_user_impl_mac_t; - -typedef struct _sss_user_impl_digest -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_user_impl_session_t *session; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - /*! Implementation specific part */ -} sss_user_impl_digest_t; - -typedef struct -{ - sss_user_impl_session_t *session; - -} sss_user_impl_rng_context_t; - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** @} */ - -#endif /* SSS_HAVE_HOSTCRYPTO_USER */ - -#endif /* SSS_APIS_INC_fsl_sss_user_types_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h deleted file mode 100644 index ae83a08ca..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h +++ /dev/null @@ -1,175 +0,0 @@ -/* -* -* Copyright 2018-2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef FSL_SSS_UTIL_ASN1_DER_H -#define FSL_SSS_UTIL_ASN1_DER_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#include - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -#define ASN_TAG_INT 0x02 -#define ASN_TAG_SEQUENCE 0x30 -#define ASN_TAG_BITSTRING 0x03 -#define ASN_TAG_OCTETSTRING 0x04 -#define ASN_TAG_OBJ_IDF 0x06 -#define ASN_TAG_CNT_SPECIFIC 0xA1 -#define ASN_TAG_CNT_SPECIFIC_PRIMITIVE 0x80 -#define ASN_TAG_CRL_EXTENSIONS 0xA0 - -extern const uint8_t grsa1kPubHeader[]; -extern const uint8_t grsa1152PubHeader[]; -extern const uint8_t grsa2kPubHeader[]; -extern const uint8_t grsa3kPubHeader[]; -extern const uint8_t grsa4kPubHeader[]; -extern const uint8_t gecc_der_header_nist192[]; -extern const uint8_t gecc_der_header_nist224[]; -extern const uint8_t gecc_der_header_nist256[]; -extern const uint8_t gecc_der_header_nist384[]; -extern const uint8_t gecc_der_header_nist521[]; -extern const uint8_t gecc_der_header_160k[]; -extern const uint8_t gecc_der_header_192k[]; -extern const uint8_t gecc_der_header_224k[]; -extern const uint8_t gecc_der_header_256k[]; -extern const uint8_t gecc_der_header_bp160[]; -extern const uint8_t gecc_der_header_bp192[]; -extern const uint8_t gecc_der_header_bp224[]; -extern const uint8_t gecc_der_header_bp256[]; -extern const uint8_t gecc_der_header_bp320[]; -extern const uint8_t gecc_der_header_bp384[]; -extern const uint8_t gecc_der_header_bp512[]; -extern const uint8_t gecc_der_header_mont_dh_448[]; -extern const uint8_t gecc_der_header_mont_dh_25519[]; -extern const uint8_t gecc_der_header_twisted_ed_25519[]; - -extern const size_t der_ecc_nistp192_header_len; -extern const size_t der_ecc_nistp224_header_len; -extern const size_t der_ecc_nistp256_header_len; -extern const size_t der_ecc_nistp384_header_len; -extern const size_t der_ecc_nistp521_header_len; -extern const size_t der_ecc_160k_header_len; -extern const size_t der_ecc_192k_header_len; -extern const size_t der_ecc_224k_header_len; -extern const size_t der_ecc_256k_header_len; -extern const size_t der_ecc_bp160_header_len; -extern const size_t der_ecc_bp192_header_len; -extern const size_t der_ecc_bp224_header_len; -extern const size_t der_ecc_bp256_header_len; -extern const size_t der_ecc_bp320_header_len; -extern const size_t der_ecc_bp384_header_len; -extern const size_t der_ecc_bp512_header_len; -extern const size_t der_ecc_mont_dh_448_header_len; -extern const size_t der_ecc_mont_dh_25519_header_len; -extern const size_t der_ecc_twisted_ed_25519_header_len; - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/**/ -sss_status_t sss_util_asn1_rsa_parse_private(const uint8_t *key, - size_t keylen, - sss_cipher_type_t cipher_type, - uint8_t **modulus, - size_t *modlen, - uint8_t **pubExp, - size_t *pubExplen, - uint8_t **priExp, - size_t *priExplen, - uint8_t **prime1, - size_t *prime1len, - uint8_t **prime2, - size_t *prime2len, - uint8_t **exponent1, - size_t *exponent1len, - uint8_t **exponent2, - size_t *exponent2len, - uint8_t **coefficient, - size_t *coefficientlen); - -sss_status_t sss_util_asn1_rsa_parse_private_allow_invalid_key(const uint8_t *key, - size_t keylen, - sss_cipher_type_t cipher_type, - uint8_t **modulus, - size_t *modlen, - uint8_t **pubExp, - size_t *pubExplen, - uint8_t **priExp, - size_t *priExplen, - uint8_t **prime1, - size_t *prime1len, - uint8_t **prime2, - size_t *prime2len, - uint8_t **exponent1, - size_t *exponent1len, - uint8_t **exponent2, - size_t *exponent2len, - uint8_t **coefficient, - size_t *coefficientlen); - -sss_status_t sss_util_asn1_rsa_parse_public_nomalloc( - const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); - -sss_status_t sss_util_asn1_rsa_parse_public_nomalloc_complete_modulus( - const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); - -sss_status_t sss_util_asn1_rsa_parse_public( - const uint8_t *key, size_t keylen, uint8_t **modulus, size_t *modlen, uint8_t **pubExp, size_t *pubExplen); - -sss_status_t sss_util_asn1_rsa_get_public( - uint8_t *key, size_t *keylen, uint8_t *modulus, size_t modlen, uint8_t *pubExp, size_t pubExplen); - -#if SSS_HAVE_ECDAA -sss_status_t sss_util_asn1_ecdaa_get_signature( - uint8_t *signature, size_t *signatureLen, uint8_t *rawSignature, size_t rawSignatureLen); -#endif - -sss_status_t sss_util_asn1_get_oid_from_header(uint8_t *input, size_t inLen, uint32_t *output, uint8_t *outLen); - -sss_status_t sss_util_asn1_get_oid_from_sssObj(sss_object_t *pkeyObject, uint32_t *output, uint8_t *outLen); - -sss_status_t sss_util_pkcs8_asn1_get_ec_public_key_index( - const uint8_t *input, size_t inLen, uint16_t *outkeyIndex, size_t *publicKeyLen); - -sss_status_t sss_util_pkcs8_asn1_get_ec_pair_key_index(const uint8_t *input, - size_t inLen, - uint16_t *pubkeyIndex, - size_t *publicKeyLen, - uint16_t *prvkeyIndex, - size_t *privateKeyLen); - -sss_status_t sss_util_rfc8410_asn1_get_ec_pair_key_index(const uint8_t *input, - size_t inLen, - uint16_t *pubkeyIndex, - size_t *publicKeyLen, - uint16_t *prvkeyIndex, - size_t *privateKeyLen); - -int asn_1_parse_tlv(uint8_t *pbuf, size_t *taglen, size_t *bufindex); - -sss_status_t sss_util_asn1_rsa_parse_public_nomalloc( - const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); - -sss_status_t sss_util_asn1_rsa_parse_public_nomalloc_complete_modulus( - const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); - -sss_status_t sss_util_openssl_read_pkcs12( - const char *pkcs12_cert, const char *password, uint8_t *private_key, uint8_t *cert); - -sss_status_t sss_util_openssl_write_pkcs12(const char *pkcs12_cert, - const char *password, - const char *ref_key, - long ref_key_length, - const char *cert, - long cert_length); - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h deleted file mode 100644 index c78fd34b0..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_UTIL_RSA_SIGN_H -#define FSL_SSS_UTIL_RSA_SIGN_H - -uint8_t pkcs1_v15_encode( - sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); - -uint8_t pkcs1_v15_encode_no_hash( - sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); - -uint8_t sss_mgf_mask_func(uint8_t *dst, - size_t dlen, - uint8_t *src, - size_t slen, - sss_algorithm_t sha_algorithm, - sss_se05x_asymmetric_t *context); - -uint8_t emsa_encode(sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); - -uint8_t emsa_decode_and_compare( - sss_se05x_asymmetric_t *context, uint8_t *sig, size_t siglen, uint8_t *hash, size_t hashlen); - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h deleted file mode 100644 index 69a324a2d..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Copyright 2018-2020 NXP - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include "fsl_sss_api.h" - -/* - * Set sss keystore for ecdsa verify - */ -void sss_mbedtls_set_sss_keystore(sss_key_store_t *ssskeystore); \ No newline at end of file diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h deleted file mode 100644 index 88dcf2349..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h +++ /dev/null @@ -1,191 +0,0 @@ -/** - * \file ecp_alt.h - * - * \brief This file provides an API for Elliptic Curves over GF(P) (ECP). - * - * The use of ECP in cryptography and TLS is defined in - * Standards for Efficient Cryptography Group (SECG): SEC1 - * Elliptic Curve Cryptography and - * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites - * for Transport Layer Security (TLS). - * - * RFC-2409: The Internet Key Exchange (IKE) defines ECP - * group types. - * - */ - -/* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of Mbed TLS (https://tls.mbed.org) - */ - -#ifndef SSS_ECP_ALT_H_INCLUDED -#define SSS_ECP_ALT_H_INCLUDED - -/* clang-format off */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_ECP_ALT) - -#if SSS_HAVE_ALT_SSS -#include -#endif -#if SSS_HAVE_ALT_A71CH -#include "HLSETypes.h" -#endif - -/* - * default mbed TLS elliptic curve arithmetic implementation - * - * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an - * alternative implementation for the whole module and it will replace this - * one.) - */ - -/** - * \brief The ECP group structure. - * - * We consider two types of curve equations: - *
  • Short Weierstrass: y^2 = x^3 + A x + B mod P - * (SEC1 + RFC-4492)
    • - *
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, - * Curve448)
- * In both cases, the generator (\p G) for a prime-order subgroup is fixed. - * - * For Short Weierstrass, this subgroup is the whole curve, and its - * cardinality is denoted by \p N. Our code requires that \p N is an - * odd prime as mbedtls_ecp_mul() requires an odd number, and - * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. - * - * For Montgomery curves, we do not store \p A, but (A + 2) / 4, - * which is the quantity used in the formulas. Additionally, \p nbits is - * not the size of \p N but the required size for private keys. - * - * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. - * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the - * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer - * which is congruent mod \p P to the given MPI, and is close enough to \p pbits - * in size, so that it may be efficiently brought in the 0..P-1 range by a few - * additions or subtractions. Therefore, it is only an approximative modular - * reduction. It must return 0 on success and non-zero on failure. - * - */ -typedef struct -{ - mbedtls_ecp_group_id id; /*!< An internal group identifier. */ - mbedtls_mpi P; /*!< The prime modulus of the base field. */ - mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For - Montgomery curves: (A + 2) / 4. */ - mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. - For Montgomery curves: unused. */ - mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ - mbedtls_mpi N; /*!< The order of \p G. */ - size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. - For Montgomery curves: the number of bits in the - private keys. */ - unsigned int h; /*!< \internal 1 if the constants are static. */ - int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction - mod \p P (see above).*/ - int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ - int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ - void *t_data; /*!< Unused. */ - mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ - size_t T_size; /*!< The number of pre-computed points. */ - -#if SSS_HAVE_ALT_A71CH - /** Reference to object mapped between HLSE Layer of A71CH Host library */ - HLSE_OBJECT_HANDLE hlse_handle; -#endif -#if SSS_HAVE_ALT_SSS - /** Reference to object mapped between SSS Layer */ - sss_object_t* pSSSObject; - sss_key_store_t* hostKs; -#endif -} -mbedtls_ecp_group; - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in config.h, or define them using the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_ECP_MAX_BITS) -/** - * The maximum size of the groups, that is, of \c N and \c P. - */ -#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ -#endif - -#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) -#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) - -#if !defined(MBEDTLS_ECP_WINDOW_SIZE) -/* - * Maximum "window" size used for point multiplication. - * Default: 6. - * Minimum value: 2. Maximum value: 7. - * - * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) - * points used for point multiplication. This value is directly tied to EC - * peak memory usage, so decreasing it by one should roughly cut memory usage - * by two (if large curves are in use). - * - * Reduction in size may reduce speed, but larger curves are impacted first. - * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): - * w-size: 6 5 4 3 2 - * 521 145 141 135 120 97 - * 384 214 209 198 177 146 - * 256 320 320 303 262 226 - * 224 475 475 453 398 342 - * 192 640 640 633 587 476 - */ -#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ -#endif /* MBEDTLS_ECP_WINDOW_SIZE */ - -#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) -/* - * Trade memory for speed on fixed-point multiplication. - * - * This speeds up repeated multiplication of the generator (that is, the - * multiplication in ECDSA signatures, and half of the multiplications in - * ECDSA verification and ECDHE) by a factor roughly 3 to 4. - * - * The cost is increasing EC peak memory usage by a factor roughly 2. - * - * Change this value to 0 to reduce peak memory usage. - */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ -#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ - -/* \} name SECTION: Module settings */ - -#endif /* MBEDTLS_ECP_ALT */ - -#ifdef __cplusplus -} -#endif - -/* clang-format on */ - -#endif /* SSS_ECP_ALT_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h deleted file mode 100644 index e7ba8da2b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h +++ /dev/null @@ -1,86 +0,0 @@ -/** - * \file rsa.h - * - * \brief This file provides an API for the RSA public-key cryptosystem. - * - * The RSA public-key cryptosystem is defined in Public-Key - * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption - * and Public-Key Cryptography Standards (PKCS) #1 v2.1: - * RSA Cryptography Specifications. - * - */ -/* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * Copyright (C) 2019, NXP, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of Mbed TLS (https://tls.mbed.org) - */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_RSA_ALT) -#include - -typedef struct -{ - int ver; /*!< Always 0.*/ - size_t len; /*!< The size of \p N in Bytes. */ - - mbedtls_mpi N; /*!< The public modulus. */ - mbedtls_mpi E; /*!< The public exponent. */ - - mbedtls_mpi D; /*!< The private exponent. */ - mbedtls_mpi P; /*!< The first prime factor. */ - mbedtls_mpi Q; /*!< The second prime factor. */ - - mbedtls_mpi DP; /*!< D % (P - 1). */ - mbedtls_mpi DQ; /*!< D % (Q - 1). */ - mbedtls_mpi QP; /*!< 1 / (Q % P). */ - - mbedtls_mpi RN; /*!< cached R^2 mod N. */ - - mbedtls_mpi RP; /*!< cached R^2 mod P. */ - mbedtls_mpi RQ; /*!< cached R^2 mod Q. */ - - mbedtls_mpi Vi; /*!< The cached blinding value. */ - mbedtls_mpi Vf; /*!< The cached un-blinding value. */ - - int padding; /*!< Selects padding mode: - #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ - int hash_id; /*!< Hash identifier of mbedtls_md_type_t type, - as specified in md.h for use in the MGF - mask generating function used in the - EME-OAEP and EMSA-PSS encodings. */ -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */ -#endif - - /** Reference to object mapped between SSS Layer */ - sss_object_t *pSSSObject; -} mbedtls_rsa_context; - -#endif /* MBEDTLS_RSA_ALT */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h deleted file mode 100644 index a559e1900..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h +++ /dev/null @@ -1,102 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * Implementation of key association between NXP Secure Element and mbedtls. - * @par History - * 1.0 30-jan-2018 : Initial version - * - *****************************************************************************/ - -#ifndef AX_MBEDTLS_H -#define AX_MBEDTLS_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_ALT_SSS -#include "sss_mbedtls.h" -#else -#include "ax_mbedtls.h" -#endif - -#include - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -#include -#endif -#if SSS_HAVE_MBEDTLS -#include -#endif - -/** @ingroup ax_mbed_tls */ -/** @{ */ - -#include "fsl_sss_api.h" -#include "mbedtls/pk.h" -#include "mbedtls/ssl.h" - -/** - * @brief Associate a keypair provisioned in the secure element for - * subsequent operations. - * - * @param[out] pkey Pointer to the mbedtls_pk_context which will be - * associated with data corresponding to the key_index - * - * @param[in] pkeyObject The object that we are going to be use. - * - * @return 0 if successful, or 1 if unsuccessful - */ -int sss_mbedtls_associate_keypair(mbedtls_pk_context *pkey, sss_object_t *pkeyObject); - -/** - * @brief Associate a pubkey provisioned in the secure element for - * subsequent operations. - * - * @param[out] pkey Pointer to the mbedtls_pk_context which will be - * associated with data corresponding to the key index - * - * @param[in] pkeyObject The object that we are going to be use. - * - * @return 0 if successful, or 1 if unsuccessful - */ -int sss_mbedtls_associate_pubkey(mbedtls_pk_context *pkey, sss_object_t *pkeyObject); - -/** - * @brief Update ECDSA HandShake key with given inded. - * - * @param[in,out] handshake Pointer to the mbedtls_ssl_handshake_params which - * will be associated with data corresponding to the - * key index - * - * @param[in] pkeyObject The object that we are going to be use. - * - * @param[in] hostKs Keystore to host for session key. - * - * @return 0 if successful, or 1 if unsuccessful - */ - -int sss_mbedtls_associate_ecdhctx( - mbedtls_ssl_handshake_params *handshake, sss_object_t *pkeyObject, sss_key_store_t *hostKs); - -/** @} */ - -/** - * \brief This function frees the components of a key pair. Original implementation - * \param key The key pair to free. - */ -void mbedtls_ecp_keypair_free_o(mbedtls_ecp_keypair *key); - -/** - * same as ``mbedtls_ecp_tls_read_group`` - */ -int mbedtls_ecp_tls_read_group_o(mbedtls_ecp_group *grp, const unsigned char **buf, size_t len); - -#endif /* AX_MBEDTLS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h deleted file mode 100644 index a312a7970..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h +++ /dev/null @@ -1,3368 +0,0 @@ -/** - * \file sss_mbedtls_x86_config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - */ -/* - * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved - * Copyright 2020 NXP - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef MBEDTLS_CONFIG_X86_H -#define MBEDTLS_CONFIG_X86_H - -/* clang-format off */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#ifdef CHECK_MEMORY - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#define MBEDTLS_PLATFORM_MEMORY - -void tstDoTraceAndFree( - const char * szWhat, - const char * szFunction, const unsigned int line, - void * pWhat ); - -void * tstDoTraceAndCalloc( - const char * szNUM, const char * szSize, - const char * szFunction, const unsigned int line, - const unsigned int num, const unsigned int size ); - -#define MBEDTLS_PLATFORM_FREE_MACRO(WHAT) \ - tstDoTraceAndFree(#WHAT, __FUNCTION__, __LINE__, WHAT ) -#define MBEDTLS_PLATFORM_CALLOC_MACRO(NUM, SIZE) \ - tstDoTraceAndCalloc(#NUM, #SIZE, __FUNCTION__, __LINE__, NUM, SIZE ) - -#define MBEDTLS_MEMORY_DEBUG -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -#endif /* CHECK_MEMORY */ - -/** - * \name SECTION: System support - * - * This section sets system specific settings. - * \{ - */ - -/** - * \def MBEDTLS_HAVE_ASM - * - * The compiler has support for asm(). - * - * Requires support for asm() in compiler. - * - * Used in: - * library/aria.c - * library/timing.c - * include/mbedtls/bn_mul.h - * - * Required by: - * MBEDTLS_AESNI_C - * MBEDTLS_PADLOCK_C - * - * Comment to disable the use of assembly code. - */ -#define MBEDTLS_HAVE_ASM - -/** - * \def MBEDTLS_NO_UDBL_DIVISION - * - * The platform lacks support for double-width integer division (64-bit - * division on a 32-bit platform, 128-bit division on a 64-bit platform). - * - * Used in: - * include/mbedtls/bignum.h - * library/bignum.c - * - * The bignum code uses double-width division to speed up some operations. - * Double-width division is often implemented in software that needs to - * be linked with the program. The presence of a double-width integer - * type is usually detected automatically through preprocessor macros, - * but the automatic detection cannot know whether the code needs to - * and can be linked with an implementation of division for that type. - * By default division is assumed to be usable if the type is present. - * Uncomment this option to prevent the use of double-width division. - * - * Note that division for the native integer type is always required. - * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. In some - * cases it is also desirable to disable some double-width operations. For - * example, if double-width division is implemented in software, disabling - * it can reduce code size in some embedded targets. - */ -//#define MBEDTLS_NO_UDBL_DIVISION - -/** - * \def MBEDTLS_NO_64BIT_MULTIPLICATION - * - * The platform lacks support for 32x32 -> 64-bit multiplication. - * - * Used in: - * library/poly1305.c - * - * Some parts of the library may use multiplication of two unsigned 32-bit - * operands with a 64-bit result in order to speed up computations. On some - * platforms, this is not available in hardware and has to be implemented in - * software, usually in a library provided by the toolchain. - * - * Sometimes it is not desirable to have to link to that library. This option - * removes the dependency of that library on platforms that lack a hardware - * 64-bit multiplier by embedding a software implementation in Mbed TLS. - * - * Note that depending on the compiler, this may decrease performance compared - * to using the library function provided by the toolchain. - */ -//#define MBEDTLS_NO_64BIT_MULTIPLICATION - -/** - * \def MBEDTLS_HAVE_SSE2 - * - * CPU supports SSE2 instruction set. - * - * Uncomment if the CPU supports SSE2 (IA-32 specific). - */ -//#define MBEDTLS_HAVE_SSE2 - -/** - * \def MBEDTLS_HAVE_TIME - * - * System has time.h and time(). - * The time does not need to be correct, only time differences are used, - * by contrast with MBEDTLS_HAVE_TIME_DATE - * - * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, - * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and - * MBEDTLS_PLATFORM_STD_TIME. - * - * Comment if your system does not support time functions - */ -#define MBEDTLS_HAVE_TIME - -/** - * \def MBEDTLS_HAVE_TIME_DATE - * - * System has time.h, time(), and an implementation for - * mbedtls_platform_gmtime_r() (see below). - * The time needs to be correct (not necesarily very accurate, but at least - * the date should be correct). This is used to verify the validity period of - * X.509 certificates. - * - * Comment if your system does not have a correct clock. - * - * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that - * behaves similarly to the gmtime_r() function from the C standard. Refer to - * the documentation for mbedtls_platform_gmtime_r() for more information. - * - * \note It is possible to configure an implementation for - * mbedtls_platform_gmtime_r() at compile-time by using the macro - * MBEDTLS_PLATFORM_GMTIME_R_ALT. - */ -#define MBEDTLS_HAVE_TIME_DATE - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -//#define MBEDTLS_PLATFORM_MEMORY - -/** - * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - * - * Do not assign standard functions in the platform layer (e.g. calloc() to - * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) - * - * This makes sure there are no linking errors on platforms that do not support - * these functions. You will HAVE to provide alternatives, either at runtime - * via the platform_set_xxx() functions or at compile time by setting - * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a - * MBEDTLS_PLATFORM_XXX_MACRO. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Uncomment to prevent default assignment of standard functions in the - * platform layer. - */ -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - -/** - * \def MBEDTLS_PLATFORM_EXIT_ALT - * - * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the - * function in the platform abstraction layer. - * - * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will - * provide a function "mbedtls_platform_set_printf()" that allows you to set an - * alternative printf function pointer. - * - * All these define require MBEDTLS_PLATFORM_C to be defined! - * - * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; - * it will be enabled automatically by check_config.h - * - * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as - * MBEDTLS_PLATFORM_XXX_MACRO! - * - * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME - * - * Uncomment a macro to enable alternate implementation of specific base - * platform function - */ -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_TIME_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT -//#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT - -/** - * \def MBEDTLS_DEPRECATED_WARNING - * - * Mark deprecated functions so that they generate a warning if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * This only works with GCC and Clang. With other compilers, you may want to - * use MBEDTLS_DEPRECATED_REMOVED - * - * Uncomment to get warnings on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_WARNING - -/** - * \def MBEDTLS_DEPRECATED_REMOVED - * - * Remove deprecated functions so that they generate an error if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * Uncomment to get errors on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_REMOVED - -/** - * \def MBEDTLS_CHECK_PARAMS - * - * This configuration option controls whether the library validates more of - * the parameters passed to it. - * - * When this flag is not defined, the library only attempts to validate an - * input parameter if: (1) they may come from the outside world (such as the - * network, the filesystem, etc.) or (2) not validating them could result in - * internal memory errors such as overflowing a buffer controlled by the - * library. On the other hand, it doesn't attempt to validate parameters whose - * values are fully controlled by the application (such as pointers). - * - * When this flag is defined, the library additionally attempts to validate - * parameters that are fully controlled by the application, and should always - * be valid if the application code is fully correct and trusted. - * - * For example, when a function accepts as input a pointer to a buffer that may - * contain untrusted data, and its documentation mentions that this pointer - * must not be NULL: - * - the pointer is checked to be non-NULL only if this option is enabled - * - the content of the buffer is always validated - * - * When this flag is defined, if a library function receives a parameter that - * is invalid, it will: - * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a - * call to the function mbedtls_param_failed() - * - immediately return (with a specific error code unless the function - * returns void and can't communicate an error). - * - * When defining this flag, you also need to: - * - either provide a definition of the function mbedtls_param_failed() in - * your application (see platform_util.h for its prototype) as the library - * calls that function, but does not provide a default definition for it, - * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() - * below if the above mechanism is not flexible enough to suit your needs. - * See the documentation of this macro later in this file. - * - * Uncomment to enable validation of application-controlled parameters. - */ -//#define MBEDTLS_CHECK_PARAMS - -/* \} name SECTION: System support */ - -/** - * \name SECTION: mbed TLS feature support - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/** - * \def MBEDTLS_TIMING_ALT - * - * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), - * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() - * - * Only works if you have MBEDTLS_TIMING_C enabled. - * - * You will need to provide a header "timing_alt.h" and an implementation at - * compile time. - */ -//#define MBEDTLS_TIMING_ALT - -/** - * \def MBEDTLS_AES_ALT - * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternate core implementation of a symmetric crypto, an arithmetic or hash - * module (e.g. platform specific assembly optimized implementations). Keep - * in mind that the function prototypes should remain the same. - * - * This replaces the whole module. If you only want to replace one of the - * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer - * provide the "struct mbedtls_aes_context" definition and omit the base - * function declarations and implementations. "aes_alt.h" will be included from - * "aes.h" to include the new function definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * module. - * - * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their - * use constitutes a security risk. If possible, we recommend - * avoiding dependencies on them, and considering stronger message - * digests and ciphers instead. - * - */ -//#define MBEDTLS_AES_ALT -//#define MBEDTLS_ARC4_ALT -//#define MBEDTLS_ARIA_ALT -//#define MBEDTLS_BLOWFISH_ALT -//#define MBEDTLS_CAMELLIA_ALT -//#define MBEDTLS_CCM_ALT -//#define MBEDTLS_CHACHA20_ALT -//#define MBEDTLS_CHACHAPOLY_ALT -//#define MBEDTLS_CMAC_ALT -//#define MBEDTLS_DES_ALT -//#define MBEDTLS_DHM_ALT -//#define MBEDTLS_ECJPAKE_ALT -//#define MBEDTLS_GCM_ALT -//#define MBEDTLS_NIST_KW_ALT -//#define MBEDTLS_MD2_ALT -//#define MBEDTLS_MD4_ALT -//#define MBEDTLS_MD5_ALT -//#define MBEDTLS_POLY1305_ALT -//#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_RSA_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT -//#define MBEDTLS_XTEA_ALT - -/* - * When replacing the elliptic curve module, pleace consider, that it is - * implemented with two .c files: - * - ecp.c - * - ecp_curves.c - * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT - * macros as described above. The only difference is that you have to make sure - * that you provide functionality for both .c files. - */ - -#if defined(SSS_HAVE_ALT) && (SSS_HAVE_ALT) -# define MBEDTLS_ECP_ALT -# define MBEDTLS_RSA_ALT -#endif /* SSS_HAVE_ALT */ -//#define MBEDTLS_ECP_ALT - - -/** - * - MBEDTLS_ECDSA_VERIFY_ALT - * To use SE for all public key ecdsa verify operation, enable MBEDTLS_ECDSA_VERIFY_ALT - */ - -#if defined(SSS_HAVE_ALT) && (SSS_HAVE_ALT) -# define MBEDTLS_ECDH_ALT -# define MBEDTLS_ECDH_GEN_PUBLIC_ALT -# define MBEDTLS_ECDH_COMPUTE_SHARED_ALT -//# define MBEDTLS_ECDSA_VERIFY_ALT -#endif /* SSS_HAVE_ALT */ -//#define MBEDTLS_ECDH_ALT - -/** - * \def MBEDTLS_MD2_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * must stay untouched. - * - * \note If you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - * - * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use - * constitutes a security risk. If possible, we recommend avoiding - * dependencies on them, and considering stronger message digests - * and ciphers instead. - * - */ -//#define MBEDTLS_MD2_PROCESS_ALT -//#define MBEDTLS_MD4_PROCESS_ALT -//#define MBEDTLS_MD5_PROCESS_ALT -//#define MBEDTLS_RIPEMD160_PROCESS_ALT -//#define MBEDTLS_SHA1_PROCESS_ALT -//#define MBEDTLS_SHA256_PROCESS_ALT -//#define MBEDTLS_SHA512_PROCESS_ALT -//#define MBEDTLS_DES_SETKEY_ALT -//#define MBEDTLS_DES_CRYPT_ECB_ALT -//#define MBEDTLS_DES3_CRYPT_ECB_ALT -//#define MBEDTLS_AES_SETKEY_ENC_ALT -//#define MBEDTLS_AES_SETKEY_DEC_ALT -//#define MBEDTLS_AES_ENCRYPT_ALT -//#define MBEDTLS_AES_DECRYPT_ALT -//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT -//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT -//#define MBEDTLS_ECDSA_VERIFY_ALT -//#define MBEDTLS_ECDSA_SIGN_ALT -//#define MBEDTLS_ECDSA_GENKEY_ALT - -/** - * \def MBEDTLS_ECP_INTERNAL_ALT - * - * Expose a part of the internal interface of the Elliptic Curve Point module. - * - * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternative core implementation of elliptic curve arithmetic. Keep in mind - * that function prototypes should remain the same. - * - * This partially replaces one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation - * is still present and it is used for group structures not supported by the - * alternative. - * - * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT - * and implementing the following functions: - * unsigned char mbedtls_internal_ecp_grp_capable( - * const mbedtls_ecp_group *grp ) - * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) - * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) - * The mbedtls_internal_ecp_grp_capable function should return 1 if the - * replacement functions implement arithmetic for the given group and 0 - * otherwise. - * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are - * called before and after each point operation and provide an opportunity to - * implement optimized set up and tear down instructions. - * - * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and - * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac - * function, but will use your mbedtls_internal_ecp_double_jac if the group is - * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when - * receives it as an argument). If the group is not supported then the original - * implementation is used. The other functions and the definition of - * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your - * implementation of mbedtls_internal_ecp_double_jac and - * mbedtls_internal_ecp_grp_capable must be compatible with this definition. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - */ -/* Required for all the functions in this section */ -//#define MBEDTLS_ECP_INTERNAL_ALT -/* Support for Weierstrass curves with Jacobi representation */ -//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT -//#define MBEDTLS_ECP_ADD_MIXED_ALT -//#define MBEDTLS_ECP_DOUBLE_JAC_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT -/* Support for curves with Montgomery arithmetic */ -//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT -//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT -//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT - -/** - * \def MBEDTLS_TEST_NULL_ENTROPY - * - * Enables testing and use of mbed TLS without any configured entropy sources. - * This permits use of the library on platforms before an entropy source has - * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the - * MBEDTLS_ENTROPY_NV_SEED switches). - * - * WARNING! This switch MUST be disabled in production builds, and is suitable - * only for development. - * Enabling the switch negates any security provided by the library. - * - * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - */ -//#define MBEDTLS_TEST_NULL_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_HARDWARE_ALT - * - * Uncomment this macro to let mbed TLS use your own implementation of a - * hardware entropy collector. - * - * Your function must be called \c mbedtls_hardware_poll(), have the same - * prototype as declared in entropy_poll.h, and accept NULL as first argument. - * - * Uncomment to use your own hardware entropy collector. - */ -//#define MBEDTLS_ENTROPY_HARDWARE_ALT - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Use precomputed AES tables stored in ROM. - * - * Uncomment this macro to use precomputed AES tables stored in ROM. - * Comment this macro to generate AES tables in RAM at runtime. - * - * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb - * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the - * initialization time before the first AES operation can be performed. - * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c - * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded - * performance if ROM access is slower than RAM access. - * - * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. - * - */ -//#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_AES_FEWER_TABLES - * - * Use less ROM/RAM for AES tables. - * - * Uncommenting this macro omits 75% of the AES tables from - * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) - * by computing their values on the fly during operations - * (the tables are entry-wise rotations of one another). - * - * Tradeoff: Uncommenting this reduces the RAM / ROM footprint - * by ~6kb but at the cost of more arithmetic operations during - * runtime. Specifically, one has to compare 4 accesses within - * different tables to 4 accesses with additional arithmetic - * operations within the same table. The performance gain/loss - * depends on the system and memory details. - * - * This option is independent of \c MBEDTLS_AES_ROM_TABLES. - * - */ -//#define MBEDTLS_AES_FEWER_TABLES - -/** - * \def MBEDTLS_CAMELLIA_SMALL_MEMORY - * - * Use less ROM for the Camellia implementation (saves about 768 bytes). - * - * Uncomment this macro to use less memory for Camellia. - */ -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY - -/** - * \def MBEDTLS_CIPHER_MODE_CBC - * - * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CBC - -/** - * \def MBEDTLS_CIPHER_MODE_CFB - * - * Enable Cipher Feedback mode (CFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CFB - -/** - * \def MBEDTLS_CIPHER_MODE_CTR - * - * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CTR - -/** - * \def MBEDTLS_CIPHER_MODE_OFB - * - * Enable Output Feedback mode (OFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_OFB - -/** - * \def MBEDTLS_CIPHER_MODE_XTS - * - * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. - */ -#define MBEDTLS_CIPHER_MODE_XTS - -/** - * \def MBEDTLS_CIPHER_NULL_CIPHER - * - * Enable NULL cipher. - * Warning: Only do so when you know what you are doing. This allows for - * encryption or channels without any security! - * - * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable - * the following ciphersuites: - * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA - * - * Uncomment this macro to enable the NULL cipher and ciphersuites - */ -//#define MBEDTLS_CIPHER_NULL_CIPHER - -/** - * \def MBEDTLS_CIPHER_PADDING_PKCS7 - * - * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for - * specific padding modes in the cipher layer with cipher modes that support - * padding (e.g. CBC) - * - * If you disable all padding modes, only full blocks can be used with CBC. - * - * Enable padding modes in the cipher layer. - */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS - -/** - * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES - * - * Enable weak ciphersuites in SSL / TLS. - * Warning: Only do so when you know what you are doing. This allows for - * channels with virtually no security at all! - * - * This enables the following ciphersuites: - * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA - * - * Uncomment this macro to enable weak ciphersuites - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - */ -//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES - -/** - * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES - * - * Remove RC4 ciphersuites by default in SSL / TLS. - * This flag removes the ciphersuites based on RC4 from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to - * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them - * explicitly. - * - * Uncomment this macro to remove RC4 ciphersuites by default. - */ -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES - -/** - * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES - * - * Remove 3DES ciphersuites by default in SSL / TLS. - * This flag removes the ciphersuites based on 3DES from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible - * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including - * them explicitly. - * - * A man-in-the-browser attacker can recover authentication tokens sent through - * a TLS connection using a 3DES based cipher suite (see "On the Practical - * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan - * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls - * in your threat model or you are unsure, then you should keep this option - * enabled to remove 3DES based cipher suites. - * - * Comment this macro to keep 3DES in the default ciphersuite list. - */ -#define MBEDTLS_REMOVE_3DES_CIPHERSUITES - -/** - * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED - * - * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve - * module. By default all supported curves are enabled. - * - * Comment macros to disable the curve and functions for it - */ -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED - -#ifdef TGT_A71CH -# undef MBEDTLS_ECP_DP_SECP192R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP224R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP384R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP521R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP192K1_ENABLED -# undef MBEDTLS_ECP_DP_SECP224K1_ENABLED -# undef MBEDTLS_ECP_DP_SECP256K1_ENABLED -# undef MBEDTLS_ECP_DP_BP256R1_ENABLED -# undef MBEDTLS_ECP_DP_BP384R1_ENABLED -# undef MBEDTLS_ECP_DP_BP512R1_ENABLED -# undef MBEDTLS_ECP_DP_CURVE25519_ENABLED -# undef MBEDTLS_ECP_DP_CURVE448_ENABLED -#endif - - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#define MBEDTLS_ECP_NIST_OPTIM - -/** - * \def MBEDTLS_ECP_RESTARTABLE - * - * Enable "non-blocking" ECC operations that can return early and be resumed. - * - * This allows various functions to pause by returning - * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in - * order to further progress and eventually complete their operation. This is - * controlled through mbedtls_ecp_set_max_ops() which limits the maximum - * number of ECC operations a function may perform before pausing; see - * mbedtls_ecp_set_max_ops() for more information. - * - * This is useful in non-threaded environments if you want to avoid blocking - * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. - * - * Uncomment this macro to enable restartable ECC computations. - * - * \note This option only works with the default software implementation of - * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. - */ -//#define MBEDTLS_ECP_RESTARTABLE - -/** - * \def MBEDTLS_ECDSA_DETERMINISTIC - * - * Enable deterministic ECDSA (RFC 6979). - * Standard ECDSA is "fragile" in the sense that lack of entropy when signing - * may result in a compromise of the long-term signing key. This is avoided by - * the deterministic variant. - * - * Requires: MBEDTLS_HMAC_DRBG_C - * - * Comment this macro to disable deterministic ECDSA. - */ -#define MBEDTLS_ECDSA_DETERMINISTIC - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - * - * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Requires: MBEDTLS_ECJPAKE_C - * MBEDTLS_SHA256_C - * MBEDTLS_ECP_DP_SECP256R1_ENABLED - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_GENPRIME - * - * Enable the prime-number generation code. - * - * Requires: MBEDTLS_BIGNUM_C - */ -#define MBEDTLS_GENPRIME - -/** - * \def MBEDTLS_FS_IO - * - * Enable functions that use the filesystem. - */ -#define MBEDTLS_FS_IO - -/** - * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - * Do not add default entropy sources. These are the platform specific, - * mbedtls_timing_hardclock and HAVEGE based poll functions. - * - * This is useful to have more control over the added entropy sources in an - * application. - * - * Uncomment this macro to prevent loading of default entropy functions. - */ -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -//#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_FORCE_SHA256 - * - * Force the entropy accumulator to use a SHA-256 accumulator instead of the - * default SHA-512 based one (if both are available). - * - * Requires: MBEDTLS_SHA256_C - * - * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option - * if you have performance concerns. - * - * This option is only useful if both MBEDTLS_SHA256_C and - * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. - */ -//#define MBEDTLS_ENTROPY_FORCE_SHA256 - -/** - * \def MBEDTLS_ENTROPY_NV_SEED - * - * Enable the non-volatile (NV) seed file-based entropy source. - * (Also enables the NV seed read/write functions in the platform layer) - * - * This is crucial (if not required) on systems that do not have a - * cryptographic entropy source (in hardware or kernel) available. - * - * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C - * - * \note The read/write functions that are used by the entropy source are - * determined in the platform layer, and can be modified at runtime and/or - * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. - * - * \note If you use the default implementation functions that read a seedfile - * with regular fopen(), please make sure you make a seedfile with the - * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at - * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from - * and written to or you will get an entropy source error! The default - * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE - * bytes from the file. - * - * \note The entropy collector will write to the seed file before entropy is - * given to an external source, to update it. - */ -//#define MBEDTLS_ENTROPY_NV_SEED - -/** - * \def MBEDTLS_MEMORY_DEBUG - * - * Enable debugging of buffer allocator memory issues. Automatically prints - * (to stderr) all (fatal) messages on memory allocation issues. Enables - * function for 'debug output' of allocated memory. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Uncomment this macro to let the buffer allocator print out error messages. - */ -//#define MBEDTLS_MEMORY_DEBUG - -/** - * \def MBEDTLS_MEMORY_BACKTRACE - * - * Include backtrace information with each allocated block. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * GLIBC-compatible backtrace() an backtrace_symbols() support - * - * Uncomment this macro to include backtrace information - */ -//#define MBEDTLS_MEMORY_BACKTRACE - -/** - * \def MBEDTLS_PK_RSA_ALT_SUPPORT - * - * Support external private RSA keys (eg from a HSM) in the PK layer. - * - * Comment this macro to disable support for external private RSA keys. - */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT - -/** - * \def MBEDTLS_PKCS1_V15 - * - * Enable support for PKCS#1 v1.5 encoding. - * - * Requires: MBEDTLS_RSA_C - * - * This enables support for PKCS#1 v1.5 operations. - */ -#define MBEDTLS_PKCS1_V15 - -/** - * \def MBEDTLS_PKCS1_V21 - * - * Enable support for PKCS#1 v2.1 encoding. - * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C - * - * This enables support for RSAES-OAEP and RSASSA-PSS operations. - */ -#define MBEDTLS_PKCS1_V21 - -/** - * \def MBEDTLS_RSA_NO_CRT - * - * Do not use the Chinese Remainder Theorem - * for the RSA private operation. - * - * Uncomment this macro to disable the use of CRT in RSA. - * - */ -//#define MBEDTLS_RSA_NO_CRT - -/** - * \def MBEDTLS_SELF_TEST - * - * Enable the checkup functions (*_self_test). - */ -//#define MBEDTLS_SELF_TEST - -/** - * \def MBEDTLS_SHA256_SMALLER - * - * Enable an implementation of SHA-256 that has lower ROM footprint but also - * lower performance. - * - * The default implementation is meant to be a reasonnable compromise between - * performance and size. This version optimizes more aggressively for size at - * the expense of performance. Eg on Cortex-M4 it reduces the size of - * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about - * 30%. - * - * Uncomment to enable the smaller implementation of SHA256. - */ -//#define MBEDTLS_SHA256_SMALLER - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** - * \def MBEDTLS_SSL_ASYNC_PRIVATE - * - * Enable asynchronous external private key operations in SSL. This allows - * you to configure an SSL connection to call an external cryptographic - * module to perform private key operations instead of performing the - * operation inside the library. - * - */ -//#define MBEDTLS_SSL_ASYNC_PRIVATE - -/** - * \def MBEDTLS_SSL_DEBUG_ALL - * - * Enable the debug messages in SSL module for all issues. - * Debug messages have been disabled in some places to prevent timing - * attacks due to (unbalanced) debugging function calls. - * - * If you need all error reporting you should enable this during debugging, - * but remove this for production servers that should log as well. - * - * Uncomment this macro to report all debug messages on errors introducing - * a timing side-channel. - * - */ -//#define MBEDTLS_SSL_DEBUG_ALL - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for Extended Master Secret, aka Session Hash - * (draft-ietf-tls-session-hash-02). - * - * This was introduced as "the proper fix" to the Triple Handshake familiy of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET - -/** - * \def MBEDTLS_SSL_FALLBACK_SCSV - * - * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). - * - * For servers, it is recommended to always enable this, unless you support - * only one version of TLS, or know for sure that none of your clients - * implements a fallback strategy. - * - * For clients, you only need this if you're using a fallback strategy, which - * is not recommended in the first place, unless you absolutely need it to - * interoperate with buggy (version-intolerant) servers. - * - * Comment this macro to disable support for FALLBACK_SCSV - */ -#define MBEDTLS_SSL_FALLBACK_SCSV - -/** - * \def MBEDTLS_SSL_HW_RECORD_ACCEL - * - * Enable hooking functions in SSL module for hardware acceleration of - * individual records. - * - * Uncomment this macro to enable hooking functions. - */ -//#define MBEDTLS_SSL_HW_RECORD_ACCEL - -/** - * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING - * - * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. - * - * This is a countermeasure to the BEAST attack, which also minimizes the risk - * of interoperability issues compared to sending 0-length records. - * - * Comment this macro to disable 1/n-1 record splitting. - */ -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Enable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Comment this to disable support for renegotiation. - * - * \note Even if this option is disabled, both client and server are aware - * of the Renegotiation Indication Extension (RFC 5746) used to - * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). - * (See \c mbedtls_ssl_conf_legacy_renegotiation for the - * configuration of this extension). - * - */ -#define MBEDTLS_SSL_RENEGOTIATION - -/** - * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - * - * Enable support for receiving and parsing SSLv2 Client Hello messages for the - * SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to enable support for SSLv2 Client Hello messages. - */ -//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - -/** - * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - * - * Pick the ciphersuite according to the client's preferences rather than ours - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to respect client's ciphersuite order - */ -//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_SSL3 - * - * Enable support for SSL 3.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for SSL 3.0 - */ -//#define MBEDTLS_SSL_PROTO_SSL3 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1 - * - * Enable support for TLS 1.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.0 - */ -#define MBEDTLS_SSL_PROTO_TLS1 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_1 - * - * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 - */ -#define MBEDTLS_SSL_PROTO_TLS1_1 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C - * (Depends on ciphersuites) - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, - * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_1 - * or MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#define MBEDTLS_SSL_PROTO_DTLS - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#define MBEDTLS_SSL_ALPN - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can ba a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - -/** - * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT - * - * Enable support for a limit of records with bad MAC. - * - * See mbedtls_ssl_conf_dtls_badmac_limit(). - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - */ -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintainance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#define MBEDTLS_SSL_SESSION_TICKETS - -/** - * \def MBEDTLS_SSL_EXPORT_KEYS - * - * Enable support for exporting key block and master secret. - * This is required for certain users of TLS, e.g. EAP-TLS. - * - * Comment this macro to disable support for key export - */ -#define MBEDTLS_SSL_EXPORT_KEYS - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT - * - * Fallback to old (pre-2.7), non-conforming implementation of the truncated - * HMAC extension which also truncates the HMAC key. Note that this option is - * only meant for a transitory upgrade period and is likely to be removed in - * a future version of the library. - * - * \warning The old implementation is non-compliant and has a security weakness - * (2^80 brute force attack on the HMAC key used for a single, - * uninterrupted connection). This should only be enabled temporarily - * when (1) the use of truncated HMAC is essential in order to save - * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use - * the fixed implementation yet (pre-2.7). - * - * \deprecated This option is deprecated and will likely be removed in a - * future version of Mbed TLS. - * - * Uncomment to fallback to old, non-compliant truncated HMAC implementation. - * - * Requires: MBEDTLS_SSL_TRUNCATED_HMAC - */ -//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT - -/** - * \def MBEDTLS_THREADING_ALT - * - * Provide your own alternate threading implementation. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to allow your own alternate threading implementation. - */ -//#define MBEDTLS_THREADING_ALT - -/** - * \def MBEDTLS_THREADING_PTHREAD - * - * Enable the pthread wrapper layer for the threading layer. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to enable pthread mutexes. - */ -//#define MBEDTLS_THREADING_PTHREAD - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an extension in a v1 or v2 certificate. - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - -/** - * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an unknown critical extension. - * - * \warning Depending on your PKI use, enabling this can be a security risk! - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT - -/** - * \def MBEDTLS_ZLIB_SUPPORT - * - * If set, the SSL/TLS module uses ZLIB to support compression and - * decompression of packet data. - * - * \warning TLS-level compression MAY REDUCE SECURITY! See for example the - * CRIME attack. Before enabling this option, you should examine with care if - * CRIME or similar exploits may be a applicable to your use case. - * - * \note Currently compression can't be used with DTLS. - * - * \deprecated This feature is deprecated and will be removed - * in the next major revision of the library. - * - * Used in: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This feature requires zlib library and headers to be present. - * - * Uncomment to enable use of ZLIB - */ -//#define MBEDTLS_ZLIB_SUPPORT -/* \} name SECTION: mbed TLS feature support */ - -/** - * \name SECTION: mbed TLS modules - * - * This section enables or disables entire modules in mbed TLS - * \{ - */ - -/** - * \def MBEDTLS_AESNI_C - * - * Enable AES-NI support on x86-64. - * - * Module: library/aesni.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the AES-NI instructions on x86-64 - */ -#define MBEDTLS_AESNI_C - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/cipher.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#define MBEDTLS_AES_C - -/** - * \def MBEDTLS_ARC4_C - * - * Enable the ARCFOUR stream cipher. - * - * Module: library/arc4.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. If possible, we recommend avoidng dependencies on - * it, and considering stronger ciphers instead. - * - */ -#define MBEDTLS_ARC4_C - -/** - * \def MBEDTLS_ASN1_PARSE_C - * - * Enable the generic ASN1 parser. - * - * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c - * library/pkcs12.c - * library/pkcs5.c - * library/pkparse.c - */ -#define MBEDTLS_ASN1_PARSE_C - -/** - * \def MBEDTLS_ASN1_WRITE_C - * - * Enable the generic ASN1 writer. - * - * Module: library/asn1write.c - * Caller: library/ecdsa.c - * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/x509write_csr.c - */ -#define MBEDTLS_ASN1_WRITE_C - -/** - * \def MBEDTLS_BASE64_C - * - * Enable the Base64 module. - * - * Module: library/base64.c - * Caller: library/pem.c - * - * This module is required for PEM support (required by X.509). - */ -#define MBEDTLS_BASE64_C - -/** - * \def MBEDTLS_BIGNUM_C - * - * Enable the multi-precision integer library. - * - * Module: library/bignum.c - * Caller: library/dhm.c - * library/ecp.c - * library/ecdsa.c - * library/rsa.c - * library/rsa_internal.c - * library/ssl_tls.c - * - * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. - */ -#define MBEDTLS_BIGNUM_C - -/** - * \def MBEDTLS_BLOWFISH_C - * - * Enable the Blowfish block cipher. - * - * Module: library/blowfish.c - */ -#define MBEDTLS_BLOWFISH_C - -/** - * \def MBEDTLS_CAMELLIA_C - * - * Enable the Camellia block cipher. - * - * Module: library/camellia.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_CAMELLIA_C - -/** - * \def MBEDTLS_ARIA_C - * - * Enable the ARIA block cipher. - * - * Module: library/aria.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * - * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 - */ -//#define MBEDTLS_ARIA_C - -/** - * \def MBEDTLS_CCM_C - * - * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. - * - * Module: library/ccm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-CCM ciphersuites, if other requisites are - * enabled as well. - */ -#define MBEDTLS_CCM_C - -/** - * \def MBEDTLS_CERTS_C - * - * Enable the test certificates. - * - * Module: library/certs.c - * Caller: - * - * This module is used for testing (ssl_client/server). - */ -#define MBEDTLS_CERTS_C - -/** - * \def MBEDTLS_CHACHA20_C - * - * Enable the ChaCha20 stream cipher. - * - * Module: library/chacha20.c - */ -#define MBEDTLS_CHACHA20_C - -/** - * \def MBEDTLS_CHACHAPOLY_C - * - * Enable the ChaCha20-Poly1305 AEAD algorithm. - * - * Module: library/chachapoly.c - * - * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C - */ -#define MBEDTLS_CHACHAPOLY_C - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ssl_tls.c - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CMAC_C - * - * Enable the CMAC (Cipher-based Message Authentication Code) mode for block - * ciphers. - * - * Module: library/cmac.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C - * - */ -#define MBEDTLS_CMAC_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-based random generator. - * The CTR_DRBG generator uses AES-256 by default. - * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C - * - * This module provides the CTR_DRBG AES random number generator. - */ -#define MBEDTLS_CTR_DRBG_C - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module provides debugging functions. - */ -#define MBEDTLS_DEBUG_C - -/** - * \def MBEDTLS_DES_C - * - * Enable the DES block cipher. - * - * Module: library/des.c - * Caller: library/pem.c - * library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * - * PEM_PARSE uses DES/3DES for decrypting encrypted keys. - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - */ -#define MBEDTLS_DES_C - -/** - * \def MBEDTLS_DHM_C - * - * Enable the Diffie-Hellman-Merkle module. - * - * Module: library/dhm.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * DHE-RSA, DHE-PSK - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_DHM_C - -/** - * \def MBEDTLS_ECDH_C - * - * Enable the elliptic curve Diffie-Hellman library. - * - * Module: library/ecdh.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK - * - * Requires: MBEDTLS_ECP_C - */ -#define MBEDTLS_ECDH_C - -/** - * \def MBEDTLS_ECDSA_C - * - * Enable the elliptic curve DSA library. - * - * Module: library/ecdsa.c - * Caller: - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C - */ -#define MBEDTLS_ECDSA_C - -/** - * \def MBEDTLS_ECJPAKE_C - * - * Enable the elliptic curve J-PAKE library. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Module: library/ecjpake.c - * Caller: - * - * This module is used by the following key exchanges: - * ECJPAKE - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C - */ -//#define MBEDTLS_ECJPAKE_C - -/** - * \def MBEDTLS_ECP_C - * - * Enable the elliptic curve over GF(p) library. - * - * Module: library/ecp.c - * Caller: library/ecdh.c - * library/ecdsa.c - * library/ecjpake.c - * - * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED - */ -#define MBEDTLS_ECP_C - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_GCM_C - * - * Enable the Galois/Counter Mode (GCM) for AES. - * - * Module: library/gcm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other - * requisites are enabled as well. - */ -#define MBEDTLS_GCM_C - -/** - * \def MBEDTLS_HAVEGE_C - * - * Enable the HAVEGE random generator. - * - * Warning: the HAVEGE random generator is not suitable for virtualized - * environments - * - * Warning: the HAVEGE random generator is dependent on timing and specific - * processor traits. It is therefore not advised to use HAVEGE as - * your applications primary random generator or primary entropy pool - * input. As a secondary input to your entropy pool, it IS able add - * the (limited) extra entropy it provides. - * - * Module: library/havege.c - * Caller: - * - * Requires: MBEDTLS_TIMING_C - * - * Uncomment to enable the HAVEGE random generator. - */ -//#define MBEDTLS_HAVEGE_C - -/** - * \def MBEDTLS_HKDF_C - * - * Enable the HKDF algorithm (RFC 5869). - * - * Module: library/hkdf.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the Hashed Message Authentication Code - * (HMAC)-based key derivation function (HKDF). - */ -#define MBEDTLS_HKDF_C - -/** - * \def MBEDTLS_HMAC_DRBG_C - * - * Enable the HMAC_DRBG random generator. - * - * Module: library/hmac_drbg.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * Uncomment to enable the HMAC_DRBG random number geerator. - */ -#define MBEDTLS_HMAC_DRBG_C - -/** - * \def MBEDTLS_NIST_KW_C - * - * Enable the Key Wrapping mode for 128-bit block ciphers, - * as defined in NIST SP 800-38F. Only KW and KWP modes - * are supported. At the moment, only AES is approved by NIST. - * - * Module: library/nist_kw.c - * - * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C - */ -//#define MBEDTLS_NIST_KW_C - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic message digest layer. - * - * Module: library/md.c - * Caller: - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C - -/** - * \def MBEDTLS_MD2_C - * - * Enable the MD2 hash algorithm. - * - * Module: library/md2.c - * Caller: - * - * Uncomment to enable support for (rare) MD2-signed X.509 certs. - * - * \warning MD2 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_MD2_C - -/** - * \def MBEDTLS_MD4_C - * - * Enable the MD4 hash algorithm. - * - * Module: library/md4.c - * Caller: - * - * Uncomment to enable support for (rare) MD4-signed X.509 certs. - * - * \warning MD4 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_MD4_C - -/** - * \def MBEDTLS_MD5_C - * - * Enable the MD5 hash algorithm. - * - * Module: library/md5.c - * Caller: library/md.c - * library/pem.c - * library/ssl_tls.c - * - * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2 - * depending on the handshake parameters. Further, it is used for checking - * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded - * encrypted keys. - * - * \warning MD5 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_MD5_C - -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP and UDP over IPv6/IPv4 networking routines. - * - * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) - * and Windows. For other platforms, you'll want to disable it, and write your - * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/net_sockets.c - * - * This module provides networking routines. - */ -#define MBEDTLS_NET_C - -/** - * \def MBEDTLS_OID_C - * - * Enable the OID database. - * - * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * This modules translates between OIDs and internal values. - */ -#define MBEDTLS_OID_C - -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - -/** - * \def MBEDTLS_PEM_PARSE_C - * - * Enable PEM decoding / parsing. - * - * Module: library/pem.c - * Caller: library/dhm.c - * library/pkparse.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for decoding / parsing PEM files. - */ -#define MBEDTLS_PEM_PARSE_C - -/** - * \def MBEDTLS_PEM_WRITE_C - * - * Enable PEM encoding / writing. - * - * Module: library/pem.c - * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for encoding / writing PEM files. - */ -#define MBEDTLS_PEM_WRITE_C - -/** - * \def MBEDTLS_PK_C - * - * Enable the generic public (asymetric) key layer. - * - * Module: library/pk.c - * Caller: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C - * - * Uncomment to enable generic public key wrappers. - */ -#define MBEDTLS_PK_C - -/** - * \def MBEDTLS_PK_PARSE_C - * - * Enable the generic public (asymetric) key parser. - * - * Module: library/pkparse.c - * Caller: library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key parse functions. - */ -#define MBEDTLS_PK_PARSE_C - -/** - * \def MBEDTLS_PK_WRITE_C - * - * Enable the generic public (asymetric) key writer. - * - * Module: library/pkwrite.c - * Caller: library/x509write.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key write functions. - */ -#define MBEDTLS_PK_WRITE_C - -/** - * \def MBEDTLS_PKCS5_C - * - * Enable PKCS#5 functions. - * - * Module: library/pkcs5.c - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the PKCS#5 functions. - */ -#define MBEDTLS_PKCS5_C - -/** - * \def MBEDTLS_PKCS11_C - * - * Enable wrapper for PKCS#11 smartcard support. - * - * Module: library/pkcs11.c - * Caller: library/pk.c - * - * Requires: MBEDTLS_PK_C - * - * This module enables SSL/TLS PKCS #11 smartcard support. - * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) - */ -//#define MBEDTLS_PKCS11_C - -/** - * \def MBEDTLS_PKCS12_C - * - * Enable PKCS#12 PBE functions. - * Adds algorithms for parsing PKCS#8 encrypted private keys - * - * Module: library/pkcs12.c - * Caller: library/pkparse.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * Can use: MBEDTLS_ARC4_C - * - * This module enables PKCS#12 functions. - */ -#define MBEDTLS_PKCS12_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_POLY1305_C - * - * Enable the Poly1305 MAC algorithm. - * - * Module: library/poly1305.c - * Caller: library/chachapoly.c - */ -#define MBEDTLS_POLY1305_C - -/** - * \def MBEDTLS_RIPEMD160_C - * - * Enable the RIPEMD-160 hash algorithm. - * - * Module: library/ripemd160.c - * Caller: library/md.c - * - */ -#define MBEDTLS_RIPEMD160_C - -/** - * \def MBEDTLS_RSA_C - * - * Enable the RSA public-key cryptosystem. - * - * Module: library/rsa.c - * library/rsa_internal.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509.c - * - * This module is used by the following key exchanges: - * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C - */ -#define MBEDTLS_RSA_C - -/** - * \def MBEDTLS_SHA1_C - * - * Enable the SHA1 cryptographic hash algorithm. - * - * Module: library/sha1.c - * Caller: library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509write_crt.c - * - * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 - * depending on the handshake parameters, and for SHA1-signed certificates. - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_SHA1_C - -/** - * \def MBEDTLS_SHA256_C - * - * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. - * - * Module: library/sha256.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module adds support for SHA-224 and SHA-256. - * This module is required for the SSL/TLS 1.2 PRF function. - */ -#define MBEDTLS_SHA256_C - -/** - * \def MBEDTLS_SHA512_C - * - * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. - * - * Module: library/sha512.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This module adds support for SHA-384 and SHA-512. - */ -#define MBEDTLS_SHA512_C - -#if (SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM) -#undef MBEDTLS_SHA512_C -#endif - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: MBEDTLS_CIPHER_C - */ -#define MBEDTLS_SSL_TICKET_C - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl_cli.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS client support. - */ -#define MBEDTLS_SSL_CLI_C - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl_srv.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS server support. - */ -#define MBEDTLS_SSL_SRV_C - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#define MBEDTLS_SSL_TLS_C - -/** - * \def MBEDTLS_THREADING_C - * - * Enable the threading abstraction layer. - * By default mbed TLS assumes it is used in a non-threaded environment or that - * contexts are not shared between threads. If you do intend to use contexts - * between threads, you will need to enable this layer to prevent race - * conditions. See also our Knowledge Base article about threading: - * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading - * - * Module: library/threading.c - * - * This allows different threading implementations (self-implemented or - * provided). - * - * You will have to enable either MBEDTLS_THREADING_ALT or - * MBEDTLS_THREADING_PTHREAD. - * - * Enable this layer to allow use of mutexes within mbed TLS - */ -//#define MBEDTLS_THREADING_C - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the semi-portable timing interface. - * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/timing.c - * Caller: library/havege.c - * - * This module is used by the HAVEGE random number generator. - */ -#define MBEDTLS_TIMING_C - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/x509_crl.c - * Caller: library/x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/** - * \def MBEDTLS_XTEA_C - * - * Enable the XTEA block cipher. - * - * Module: library/xtea.c - * Caller: - */ -#define MBEDTLS_XTEA_C - -/* \} name SECTION: mbed TLS modules */ - -/** - * \name SECTION: Module configuration options - * - * This section allows for the setting of module specific sizes and - * configuration options. The default values are already present in the - * relevant header files and should suffice for the regular use cases. - * - * Our advice is to enable options and change their values here - * only if you have a good reason and know the consequences. - * - * Please check the respective header file for documentation on these - * parameters (to prevent duplicate documentation). - * \{ - */ - -/* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ -//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ - -/* CTR_DRBG options */ -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ -//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */ - -/* HMAC_DRBG options */ -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ -//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ - -/* Entropy options */ -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ -//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ - -/* Memory buffer allocator options */ -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ - -/* Platform options */ -//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ - -/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ -/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ - -/** - * \brief This macro is invoked by the library when an invalid parameter - * is detected that is only checked with MBEDTLS_CHECK_PARAMS - * (see the documentation of that option for context). - * - * When you leave this undefined here, a default definition is - * provided that invokes the function mbedtls_param_failed(), - * which is declared in platform_util.h for the benefit of the - * library, but that you need to define in your application. - * - * When you define this here, this replaces the default - * definition in platform_util.h (which no longer declares the - * function mbedtls_param_failed()) and it is your responsibility - * to make sure this macro expands to something suitable (in - * particular, that all the necessary declarations are visible - * from within the library - you can ensure that by providing - * them in this file next to the macro definition). - * - * Note that you may define this macro to expand to nothing, in - * which case you don't have to worry about declarations or - * definitions. However, you will then be notified about invalid - * parameters only in non-void functions, and void function will - * just silently return early on invalid parameters, which - * partially negates the benefits of enabling - * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. - * - * \param cond The expression that should evaluate to true, but doesn't. - */ -//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) - -/* SSL Cache options */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ - -/* SSL options */ - -/** \def MBEDTLS_SSL_MAX_CONTENT_LEN - * - * Maximum length (in bytes) of incoming and outgoing plaintext fragments. - * - * This determines the size of both the incoming and outgoing TLS I/O buffers - * in such a way that both are capable of holding the specified amount of - * plaintext data, regardless of the protection mechanism used. - * - * To configure incoming and outgoing I/O buffers separately, use - * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN, - * which overwrite the value set by this option. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of both - * incoming and outgoing I/O buffers. - */ -//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_IN_CONTENT_LEN - * - * Maximum length (in bytes) of incoming plaintext fragments. - * - * This determines the size of the incoming TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * If this option is undefined, it inherits its value from - * #MBEDTLS_SSL_MAX_CONTENT_LEN. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of the incoming I/O buffer - * independently of the outgoing I/O buffer. - */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_OUT_CONTENT_LEN - * - * Maximum length (in bytes) of outgoing plaintext fragments. - * - * This determines the size of the outgoing TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * If this option undefined, it inherits its value from - * #MBEDTLS_SSL_MAX_CONTENT_LEN. - * - * It is possible to save RAM by setting a smaller outward buffer, while keeping - * the default inward 16384 byte buffer to conform to the TLS specification. - * - * The minimum required outward buffer size is determined by the handshake - * protocol's usage. Handshaking will fail if the outward buffer is too small. - * The specific size requirement depends on the configured ciphers and any - * certificate data which is sent during the handshake. - * - * Uncomment to set the maximum plaintext size of the outgoing I/O buffer - * independently of the incoming I/O buffer. - */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING - * - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - * - * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN - * to account for a reassembled handshake message of maximum size, - * together with its reassembly bitmap. - * - * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) - * should be sufficient for all practical situations as it allows - * to reassembly a large handshake message (such as a certificate) - * while buffering multiple smaller handshake messages. - * - */ -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 - -//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ - -/** - * Complete list of ciphersuites to use, in order of preference. - * - * \warning No dependency checking is done on that field! This option can only - * be used to restrict the set of available ciphersuites. It is your - * responsibility to make sure the needed modules are active. - * - * Use this to save a few hundred bytes of ROM (default ordering of all - * available ciphersuites) and a few to a few hundred bytes of RAM. - * - * The value below is only an example, not the default. - */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* X509 options */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ - -/** - * Allow SHA-1 in the default TLS configuration for certificate signing. - * Without this build-time option, SHA-1 support must be activated explicitly - * through mbedtls_ssl_conf_cert_profile. Turning on this option is not - * recommended because of it is possible to generate SHA-1 collisions, however - * this may be safe for legacy infrastructure where additional controls apply. - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES - -/** - * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake - * signature and ciphersuite selection. Without this build-time option, SHA-1 - * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. - * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by - * default. At the time of writing, there is no practical attack on the use - * of SHA-1 in handshake signatures, hence this option is turned on by default - * to preserve compatibility with existing peers, but the general - * warning applies nonetheless: - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE - -/** - * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_platform_zeroize(). This replaces the default implementation in - * platform_util.c. - * - * mbedtls_platform_zeroize() is a widely used function across the library to - * zero a block of memory. The implementation is expected to be secure in the - * sense that it has been written to prevent the compiler from removing calls - * to mbedtls_platform_zeroize() as part of redundant code elimination - * optimizations. However, it is difficult to guarantee that calls to - * mbedtls_platform_zeroize() will not be optimized by the compiler as older - * versions of the C language standards do not provide a secure implementation - * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to - * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from newer - * C standards (e.g using memset_s() in C11) or calling a secure memset() from - * their system (e.g explicit_bzero() in BSD). - */ -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT - -/** - * Uncomment the macro to let Mbed TLS use your alternate implementation of - * mbedtls_platform_gmtime_r(). This replaces the default implementation in - * platform_util.c. - * - * gmtime() is not a thread-safe function as defined in the C standard. The - * library will try to use safer implementations of this function, such as - * gmtime_r() when available. However, if Mbed TLS cannot identify the target - * system, the implementation of mbedtls_platform_gmtime_r() will default to - * using the standard gmtime(). In this case, calls from the library to - * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the - * library are also guarded with this mutex to avoid race conditions. However, - * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will - * unconditionally use the implementation for mbedtls_platform_gmtime_r() - * supplied at compile time. - */ -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT - -/* \} name SECTION: Customisation configuration options */ - -/* Target and application specific configurations - * - * Allow user to override any previous default. - * - */ -#if defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -#include "mbedtls/check_config.h" - -/* clang-format on */ - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h deleted file mode 100644 index 969be8767..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_TYPES_H -#define FSL_SSS_TYPES_H - -#include -#include -#include - -#if (__STDC__ && !__MBED__) -#include -#endif - -#ifndef FALSE -#define FALSE false -#endif - -#ifndef TRUE -#define TRUE true -#endif - -#ifndef ARRAY_SIZE -#define ARRAY_SIZE(array) (sizeof(array) / (sizeof(array[0]))) -#endif - -#if __MBED__ -#include "mbed_assert.h" -#define assert_static(e) MBED_ASSERT(e) -#else -#define assert_static(e) \ - { \ - char assert_static__[(e) ? 1 : -1]; \ - assert_static__; \ - } -#endif - -/** Compile time assert */ -#define SSS_ASSERT(condition) assert_static(condition) - -/*! @brief Compile time sizeof() check */ -#define SSCP_BUILD_ASSURE(condition, msg) assert_static(condition) - -/* snprintf definition for MSVisualC */ -#ifdef _MSC_VER -#define SNPRINTF _snprintf -#define STRNICMP _strnicmp -#else /* _MSC_VER*/ -#define SNPRINTF snprintf -#define STRNICMP strncasecmp -#endif /*_MSC_VER*/ - -#ifndef SSS_MALLOC -#define SSS_MALLOC malloc -#endif // SSS_MALLOC - -#ifndef SSS_FREE -#define SSS_FREE free -#endif // SSS_FREE - -#ifndef SSS_CALLOC -#define SSS_CALLOC calloc -#endif // SSS_CALLOC - -#endif /* FSL_SSS_TYPES_H */ diff --git a/extras/variables/nicla.variables b/extras/variables/nicla.variables index c894e0366..b9340db07 100644 --- a/extras/variables/nicla.variables +++ b/extras/variables/nicla.variables @@ -1,5 +1,5 @@ export FLAVOUR="nicla" export VARIANTS=("NICLA NICLA_VISION GENERIC_STM32H747_M4") export FQBNS=("nicla_sense nicla_voice nicla_vision") -export LIBRARIES=("SPI Wire Scheduler Nicla_System WiFi ea_malloc openamp_arduino STM32H747_System ThreadDebug GC2145 Himax_HM01B0 PDM KernelDebug RPC USBHID Camera rpclib USBHOST mbed-memory-status USBMSD SocketWrapper MRI SE05X MLC NDP syntiant_ilib") +export LIBRARIES=("SPI Wire Scheduler Nicla_System WiFi ea_malloc openamp_arduino STM32H747_System ThreadDebug GC2145 Himax_HM01B0 PDM KernelDebug RPC USBHID Camera rpclib USBHOST mbed-memory-status USBMSD SocketWrapper MRI MLC NDP syntiant_ilib") export BOOTLOADERS=("NICLA NICLA_VISION NICLA_VOICE") diff --git a/libraries/SE05X/examples/SE05XImportPublicKey/SE05XImportPublicKey.ino b/libraries/SE05X/examples/SE05XImportPublicKey/SE05XImportPublicKey.ino deleted file mode 100644 index 25e17cb99..000000000 --- a/libraries/SE05X/examples/SE05XImportPublicKey/SE05XImportPublicKey.ino +++ /dev/null @@ -1,86 +0,0 @@ -/* - SE05X ImportAndVerify - - This sketch uses the SE05X to generate a new EC NIST P-256 keypair - and store it with id 999, then input buffer SHA256 is signed with the private - key. The public key is imported with another id 899 into SE05X and the - signature is checked using the imported public key. - - Circuit: - - Portenta - - Nicla Vision -*/ - -#include - -const byte input[64] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f -}; - -void printBufferHex(const byte input[], size_t inputLength) { - for (int i = 0; i < inputLength; i++) { - Serial.print(input[i] >> 4, HEX); - Serial.print(input[i] & 0x0f, HEX); - } - Serial.println(); -} - -void setup() { - Serial.begin(9600); - while (!Serial); - - if (!SE05X.begin()) { - Serial.println("Failed to communicate with SE05X!"); - while (1); - } - - const int privKeyId = 999; - const int publKeyId = 899; - byte derBuf[256]; - size_t derSize; - - SE05X.generatePrivateKey(privKeyId, derBuf, sizeof(derBuf), &derSize); - - // print the input - Serial.print("Input is: "); - printBufferHex(input, sizeof(input)); - - //calculate the input SHA256 - byte sha256[256]; - size_t sha256Len; - SE05X.SHA256(input, sizeof(input), sha256, sizeof(sha256), &sha256Len); - Serial.print("Input SHA256 is: "); - printBufferHex(sha256, sha256Len); - - // calculate the signature, input MUST be SHA256 - byte signature[256]; - size_t signatureLen; - SE05X.Sign(privKeyId, sha256, sha256Len, signature, sizeof(signature), &signatureLen); - - // print the signature - Serial.print("Signature using KeyId "); - Serial.print(privKeyId); - Serial.print(" is: "); - printBufferHex(signature, signatureLen); - - Serial.println(); - - SE05X.importPublicKey(publKeyId, derBuf, derSize); - - // To make the signature verifcation fail, uncomment the next line: - // signature[0] = 0x00; - - // validate the signature - if (SE05X.Verify(publKeyId, sha256, sha256Len, signature, signatureLen)) { - Serial.println("Verified signature successfully :D"); - } else { - Serial.println("oh no! failed to verify signature :("); - } -} - -void loop() { - -} diff --git a/libraries/SE05X/examples/SE05XPrivateKey/SE05XPrivateKey.ino b/libraries/SE05X/examples/SE05XPrivateKey/SE05XPrivateKey.ino deleted file mode 100644 index f30ebc651..000000000 --- a/libraries/SE05X/examples/SE05XPrivateKey/SE05XPrivateKey.ino +++ /dev/null @@ -1,41 +0,0 @@ -/* - SE05X Private Key - - This sketch uses the SE05X to generate a new EC NIST P-256 keypair - and store it with id 999, then the public key is printed in DER format. - - Circuit: - - Portenta - - Nicla Vision -*/ - -#include - -void printBufferHex(const byte input[], size_t inputLength) { - for (int i = 0; i < inputLength; i++) { - Serial.print(input[i] >> 4, HEX); - Serial.print(input[i] & 0x0f, HEX); - } - Serial.println(); -} - -void setup() { - Serial.begin(9600); - while (!Serial); - - if (!SE05X.begin()) { - Serial.println("Failed to communicate with SE05X!"); - while (1); - } - - const int KeyId = 999; - byte derBuf[256]; - size_t derSize; - - SE05X.generatePrivateKey(KeyId, derBuf, sizeof(derBuf), &derSize); - printBufferHex(derBuf, derSize); -} - -void loop() { - -} diff --git a/libraries/SE05X/examples/SE05XRandomNumber/SE05XRandomNumber.ino b/libraries/SE05X/examples/SE05XRandomNumber/SE05XRandomNumber.ino deleted file mode 100644 index 2a3e216c4..000000000 --- a/libraries/SE05X/examples/SE05XRandomNumber/SE05XRandomNumber.ino +++ /dev/null @@ -1,29 +0,0 @@ -/* - SE05X Random Number - - This sketch uses the SE05X to generate a random number - every second and print it to the Serial monitor - - Circuit: - - Portenta - - Nicla Vision -*/ - -#include - -void setup() { - Serial.begin(9600); - while (!Serial); - - if (!SE05X.begin()) { - Serial.println("Failed to communicate with SE05X!"); - while (1); - } -} - -void loop() { - Serial.print("Random number = "); - Serial.println(SE05X.random(65535)); - - delay(1000); -} diff --git a/libraries/SE05X/examples/SE05XSignAndVerify/SE05XSignAndVerify.ino b/libraries/SE05X/examples/SE05XSignAndVerify/SE05XSignAndVerify.ino deleted file mode 100644 index 1209ac141..000000000 --- a/libraries/SE05X/examples/SE05XSignAndVerify/SE05XSignAndVerify.ino +++ /dev/null @@ -1,82 +0,0 @@ -/* - SE05X SignAndVerify - - This sketch uses the SE05X to generate a new EC NIST P-256 keypair - and store it with id 999, then input buffer SHA256 is signed with the private - key and verified with the public key. - - Circuit: - - Portenta - - Nicla Vision -*/ - -#include - -const byte input[64] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f -}; - -void printBufferHex(const byte input[], size_t inputLength) { - for (int i = 0; i < inputLength; i++) { - Serial.print(input[i] >> 4, HEX); - Serial.print(input[i] & 0x0f, HEX); - } - Serial.println(); -} - -void setup() { - Serial.begin(9600); - while (!Serial); - - if (!SE05X.begin()) { - Serial.println("Failed to communicate with SE05X!"); - while (1); - } - - const int KeyId = 999; - byte derBuf[256]; - size_t derSize; - - SE05X.generatePrivateKey(KeyId, derBuf, sizeof(derBuf), &derSize); - - // print the input - Serial.print("Input is: "); - printBufferHex(input, sizeof(input)); - - //calculate the input SHA256 - byte sha256[256]; - size_t sha256Len; - SE05X.SHA256(input, sizeof(input), sha256, sizeof(sha256), &sha256Len); - Serial.print("Input SHA256 is: "); - printBufferHex(sha256, sha256Len); - - // calculate the signature, input MUST be SHA256 - byte signature[256]; - size_t signatureLen; - SE05X.Sign(KeyId, sha256, sha256Len, signature, sizeof(signature), &signatureLen); - - // print the signature - Serial.print("Signature using KeyId "); - Serial.print(KeyId); - Serial.print(" is: "); - printBufferHex(signature, signatureLen); - - Serial.println(); - - // To make the signature verifcation fail, uncomment the next line: - // signature[0] = 0x00; - - // validate the signature - if (SE05X.Verify(KeyId, sha256, sha256Len, signature, signatureLen)) { - Serial.println("Verified signature successfully :D"); - } else { - Serial.println("oh no! failed to verify signature :("); - } -} - -void loop() { - -} diff --git a/libraries/SE05X/library.properties b/libraries/SE05X/library.properties deleted file mode 100644 index f083826ce..000000000 --- a/libraries/SE05X/library.properties +++ /dev/null @@ -1,9 +0,0 @@ -name=SE05X -version=0.0.1 -author=Arduino -maintainer=Arduino -sentence=Arduino Library for the NXP SE05X crypto chips -paragraph= -category=Communication -url=https://github.com/arduino/ArduinoCore-mbed/tree/master/libraries/SE05X -architectures=mbed_nicla diff --git a/libraries/SE05X/src/SE05X.cpp b/libraries/SE05X/src/SE05X.cpp deleted file mode 100644 index 1fb3dfe22..000000000 --- a/libraries/SE05X/src/SE05X.cpp +++ /dev/null @@ -1,644 +0,0 @@ -/* - SE05X.cpp - Copyright (c) 2022 Arduino SA. All right reserved. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#include "SE05X.h" - -#define SE05X_EC_KEY_RAW_LENGTH 64 -#define SE05X_EC_KEY_HEADER_LENGTH 27 -#define SE05X_EC_KEY_DER_LENGTH SE05X_EC_KEY_HEADER_LENGTH + SE05X_EC_KEY_RAW_LENGTH -#define SE05X_EC_SIGNATURE_RAW_LENGTH 64 -#define SE05X_EC_SIGNATURE_HEADER_LENGTH 6 -#define SE05X_EC_SIGNATURE_DER_LENGTH SE05X_EC_SIGNATURE_HEADER_LENGTH + SE05X_EC_SIGNATURE_RAW_LENGTH -#define SE05X_SHA256_LENGTH 32 -#define SE05X_DER_BUFFER_SIZE 256 -#define SE05X_TEMP_OBJECT 9999 - -SE05XClass::SE05XClass() -: _cipher_type {kSSS_CipherType_EC_NIST_P} -, _algorithm_type {kAlgorithm_SSS_ECDSA_SHA256} -, _key_size_bits {256} -{ - -} - -SE05XClass::~SE05XClass() -{ - -} - -static void getECKeyXyValuesFromDER(byte* derKey, size_t derLen, byte* rawKey) -{ - memcpy(rawKey, &derKey[derLen - SE05X_EC_KEY_RAW_LENGTH], SE05X_EC_KEY_RAW_LENGTH); -} - -static void setECKeyXyVauesInDER(const byte* rawKey, byte* derKey) -{ - static const byte ecc_der_header_nist256[SE05X_EC_KEY_HEADER_LENGTH] = - { - 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, - 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, - 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04 - }; - - memcpy(&derKey[0], &ecc_der_header_nist256[0], SE05X_EC_KEY_HEADER_LENGTH); - memcpy(&derKey[SE05X_EC_KEY_HEADER_LENGTH], &rawKey[0], SE05X_EC_KEY_RAW_LENGTH); -} - -static void getECSignatureRsValuesFromDER(byte* derSignature, size_t derLen, byte* rawSignature) -{ - byte rLen; - byte sLen; - - rLen = derSignature[3]; - sLen = derSignature[3 + rLen + 2]; - - byte * out = rawSignature; - - if(rLen == (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)) - { - memcpy(out, &derSignature[4], (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)); - } - else if ((rLen == ((SE05X_EC_SIGNATURE_RAW_LENGTH / 2) + 1)) && (derSignature[4] == 0)) - { - memcpy(out, &derSignature[5], (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)); - } - - out += (SE05X_EC_SIGNATURE_RAW_LENGTH / 2); - - if(sLen == (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)) - { - memcpy(out, &derSignature[3 + rLen + 3], (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)); - } - else if ((sLen == ((SE05X_EC_SIGNATURE_RAW_LENGTH / 2) + 1)) && (derSignature[3 + rLen + 3] == 0)) - { - memcpy(out, &derSignature[3 + rLen + 4], (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)); - } -} - -static void setECSignatureRsValuesInDER(const byte* rawSignature, byte* signature) -{ - byte rLen = (SE05X_EC_SIGNATURE_RAW_LENGTH / 2); - byte sLen = (SE05X_EC_SIGNATURE_RAW_LENGTH / 2); - byte rawSignatureLen = SE05X_EC_SIGNATURE_RAW_LENGTH; - - signature[0] = 0x30; - signature[1] = (uint8_t)(rawSignatureLen + 4); - signature[2] = 0x02; - signature[3] = (uint8_t)rLen; - memcpy(&signature[4], &rawSignature[0], rLen); - signature[3 + rLen + 1] = 0x02; - signature[3 + rLen + 2] = (uint8_t)sLen; - memcpy(&signature[3 + rLen + 3], &rawSignature[rLen], sLen); -} - -int SE05XClass::begin() -{ - memset(&_boot_ctx, 0, sizeof(ex_sss_boot_ctx_t)); - - se05x_ic_power_on(); - - if (nLog_Init() != 0) { - SE05X_PRINT_ERROR("Lock initialisation failed"); - return 0; - } - - if (kStatus_SSS_Success != ex_sss_boot_open(&_boot_ctx, "portName")) { - SE05X_PRINT_ERROR("ex_sss_session_open Failed"); - return 0; - } - - if (kStatus_SSS_Success != ex_sss_key_store_and_object_init(&_boot_ctx)) { - SE05X_PRINT_ERROR("ex_sss_key_store_and_object_init Failed"); - return 0; - } - - return 1; -} - -void SE05XClass::end() -{ - se05x_ic_power_off(); -} - -int SE05XClass::writeConfiguration(const byte data[]) -{ - _cipher_type = (sss_cipher_type_t)data[0]; - _algorithm_type = (sss_algorithm_t)(data[1] << 8 | data[2]); - _key_size_bits = (size_t)(data[3] << 8 | data[4]); - return 1; -} - -int SE05XClass::readConfiguration(byte data[]) -{ - data[0] = (byte)_cipher_type; - data[1] = (byte)_algorithm_type >> 8; - data[2] = (byte)_algorithm_type; - data[3] = (byte)_key_size_bits >> 8; - data[4] = (byte)_key_size_bits; - return 1; -} - -int SE05XClass::serialNumber(byte sn[]) -{ - return serialNumber(sn, SE05X_SN_LENGTH); -} - -int SE05XClass::serialNumber(byte sn[], size_t length) -{ - size_t uidLen = SE05X_SN_LENGTH; - byte UID[SE05X_SN_LENGTH]; - - if(!sn) { - return 0; - } - - sss_status_t status = sss_session_prop_get_au8(&_boot_ctx.session, kSSS_SessionProp_UID, UID, &uidLen); - if ((status != kStatus_SSS_Success)) { - SE05X_PRINT_ERROR("Error in Se05x_API_ReadObject \n"); - return 0; - } - memcpy(sn, UID, length < SE05X_SN_LENGTH ? length : SE05X_SN_LENGTH); - return 1; -} - -String SE05XClass::serialNumber() -{ - String result = (char*)NULL; - byte UID[SE05X_SN_LENGTH]; - - serialNumber(UID, sizeof(UID)); - - result.reserve(SE05X_SN_LENGTH * 2); - - for (size_t i = 0; i < SE05X_SN_LENGTH; i++) { - byte b = UID[i]; - - if (b < 16) { - result += "0"; - } - result += String(b, HEX); - } - - result.toUpperCase(); - - return result; -} - -long SE05XClass::random(long max) -{ - return random(0, max); -} - -long SE05XClass::random(long min, long max) -{ - if (min >= max) - { - return min; - } - - long diff = max - min; - - long r; - random((byte*)&r, sizeof(r)); - - if (r < 0) { - r = -r; - } - - r = (r % diff); - - return (r + min); -} - -int SE05XClass::random(byte data[], size_t length) -{ - sss_rng_context_t rng; - - if(kStatus_SSS_Success != sss_rng_context_init(&rng, &_boot_ctx.session)) { - return 0; - } - - if(kStatus_SSS_Success != sss_rng_get_random(&rng, data, length)) { - return 0; - } - - return 1; -} - -int SE05XClass::generatePrivateKey(int keyId, byte pubKeyDer[], size_t pubKeyDerMaxLen, size_t * pubKeyDerLen) -{ - sss_status_t status; - sss_object_t keyObject; - size_t derSzBits; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Pair, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - status = sss_key_store_generate_key(&_boot_ctx.ks, &keyObject, _key_size_bits, NULL); - - if (status == kStatus_SSS_Success) { - derSzBits = pubKeyDerMaxLen * 8; - * pubKeyDerLen = pubKeyDerMaxLen; - status = sss_key_store_get_key(&_boot_ctx.ks, &keyObject, pubKeyDer, pubKeyDerLen, &derSzBits); - } - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_key_store_get_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::generatePrivateKey(int slot, byte publicKey[]) -{ - byte publicKeyDer[SE05X_DER_BUFFER_SIZE]; - size_t publicKeyDerLen; - - if ((_cipher_type != kSSS_CipherType_EC_NIST_P) || (_algorithm_type != kAlgorithm_SSS_ECDSA_SHA256)) { - return 0; - } - - if (!generatePrivateKey(slot, publicKeyDer, sizeof(publicKeyDer), &publicKeyDerLen)) { - return 0; - } - - getECKeyXyValuesFromDER(publicKeyDer, publicKeyDerLen, publicKey); - return 1; -} - -int SE05XClass::generatePublicKey(int keyId, byte pubKeyDer[], size_t pubKeyDerMaxLen, size_t * pubKeyDerlen) -{ - sss_status_t status; - sss_object_t keyObject; - size_t derSzBits; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Pair, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - derSzBits = pubKeyDerMaxLen * 8; - * pubKeyDerlen = pubKeyDerMaxLen; - status = sss_key_store_get_key(&_boot_ctx.ks, &keyObject, pubKeyDer, pubKeyDerlen, &derSzBits); - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_key_store_get_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::generatePublicKey(int slot, byte publicKey[]) -{ - byte publicKeyDer[SE05X_DER_BUFFER_SIZE]; - size_t publicKeyDerLen; - - if ((_cipher_type != kSSS_CipherType_EC_NIST_P) || (_algorithm_type != kAlgorithm_SSS_ECDSA_SHA256)) { - return 0; - } - - if (!generatePublicKey(slot, publicKeyDer, sizeof(publicKeyDer), &publicKeyDerLen)) { - return 0; - } - - getECKeyXyValuesFromDER(publicKeyDer, publicKeyDerLen, publicKey); - return 1; -} - -int SE05XClass::importPublicKey(int keyId, const byte pubKeyDer[], size_t pubKeyDerLen) -{ - sss_status_t status; - sss_object_t keyObject; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Public, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - status = sss_key_store_set_key(&_boot_ctx.ks, &keyObject, pubKeyDer, pubKeyDerLen, _key_size_bits, NULL, 0); - - if(status != kStatus_SSS_Success ) { - SE05X_PRINT_ERROR("sss_key_store_set_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::beginSHA256() -{ - sss_status_t status; - - status = sss_digest_context_init(&_digest_ctx, &_boot_ctx.session, kAlgorithm_SSS_SHA256, kMode_SSS_Digest); - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_context_init Failed!!!"); - return 0; - } - - status = sss_digest_init(&_digest_ctx); - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_init Failed!!!"); - return 0; - } - - return 1; -} - -int SE05XClass::updateSHA256(const byte in[], size_t inLen) -{ - sss_status_t status; - - status = sss_digest_update(&_digest_ctx, in, inLen); - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_update Failed!!!"); - return 0; - } - - return 1; -} - -int SE05XClass::endSHA256(byte out[], size_t * outLen) -{ - sss_status_t status; - - status = sss_digest_finish(&_digest_ctx, out, outLen); - sss_digest_context_free(&_digest_ctx); - if (status != kStatus_SSS_Success) { - return 0; - } - - return 1; -} - -int SE05XClass::SHA256(const byte in[], size_t inLen, byte out[], size_t outMaxLen, size_t * outLen) -{ - sss_status_t status; - - status = sss_digest_context_init(&_digest_ctx, &_boot_ctx.session, kAlgorithm_SSS_SHA256, kMode_SSS_Digest); - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_context_init Failed!!!"); - return 0; - } - - * outLen = outMaxLen; - status = sss_digest_one_go(&_digest_ctx, in, inLen, out, outLen); - sss_digest_context_free(&_digest_ctx); - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_one_go Failed!!!"); - return 0; - } - - return 1; -} - -int SE05XClass::Sign(int keyId, const byte hash[], size_t hashLen, byte sig[], size_t sigMaxLen, size_t * sigLen) -{ - sss_status_t status; - sss_object_t keyObject; - sss_asymmetric_t ctx_asymm; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Private, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - status = sss_asymmetric_context_init(&ctx_asymm, - &_boot_ctx.session, - &keyObject, - _algorithm_type, - kMode_SSS_Sign); - - if(status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_asymmetric_context_init Failed"); - return 0; - } - - * sigLen = sigMaxLen; - if(kStatus_SSS_Success != sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t *)hash, hashLen, (uint8_t *)sig, sigLen)) { - SE05X_PRINT_ERROR("sss_asymmetric_sign_digest Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::ecSign(int slot, const byte message[], byte signature[]) -{ - byte signatureDer[SE05X_DER_BUFFER_SIZE]; - size_t signatureDerLen; - - if ((_cipher_type != kSSS_CipherType_EC_NIST_P) || (_algorithm_type != kAlgorithm_SSS_ECDSA_SHA256)) { - return 0; - } - - if (!Sign(slot, message, SE05X_SHA256_LENGTH, signatureDer, sizeof(signatureDer), &signatureDerLen)) { - return 0; - } - - /* Get r s values from DER buffer */ - getECSignatureRsValuesFromDER(signatureDer, signatureDerLen, signature); - return 1; -} - -int SE05XClass::Verify(int keyId, const byte hash[], size_t hashLen, const byte sig[], size_t sigLen) -{ - sss_status_t status; - sss_object_t keyObject; - sss_asymmetric_t ctx_asymm; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Public, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - status = sss_asymmetric_context_init(&ctx_asymm, - &_boot_ctx.session, - &keyObject, - _algorithm_type, - kMode_SSS_Verify); - - if(status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_asymmetric_context_init Failed"); - return 0; - } - - if(kStatus_SSS_Success != sss_asymmetric_verify_digest(&ctx_asymm, (uint8_t *)hash, hashLen, (uint8_t *)sig, sigLen)) { - SE05X_PRINT_ERROR("sss_asymmetric_verify_digest Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::ecdsaVerify(const byte message[], const byte signature[], const byte pubkey[]) -{ - byte pubKeyDER[SE05X_EC_KEY_DER_LENGTH]; - byte signatureDER[SE05X_EC_SIGNATURE_DER_LENGTH]; - int result; - - if ((_cipher_type != kSSS_CipherType_EC_NIST_P) || (_algorithm_type != kAlgorithm_SSS_ECDSA_SHA256)) { - return 0; - } - - setECKeyXyVauesInDER(pubkey, pubKeyDER); - if (!importPublicKey(SE05X_TEMP_OBJECT, pubKeyDER, sizeof(pubKeyDER))) { - return 0; - } - - setECSignatureRsValuesInDER(signature, signatureDER); - - result = Verify(SE05X_TEMP_OBJECT, message, SE05X_SHA256_LENGTH, signatureDER, SE05X_EC_SIGNATURE_DER_LENGTH); - - if (!deleteBinaryObject(SE05X_TEMP_OBJECT)) { - return 0; - } - return result; -} - -int SE05XClass::readBinaryObject(int objectId, byte data[], size_t dataMaxLen, size_t * length) -{ - sss_status_t status; - sss_object_t binObject; - size_t binSizeBits; - - if(!initObject(objectId, &binObject, kSSS_KeyPart_Default, kKeyObject_Mode_Persistent, kSSS_CipherType_Binary)) { - return 0; - } - - * length = dataMaxLen; - status = sss_key_store_get_key(&_boot_ctx.ks, &binObject, data, length, &binSizeBits); - if(status != kStatus_SSS_Success ) { - SE05X_PRINT_ERROR("sss_key_store_get_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::readSlot(int slot, byte data[], int length) -{ - size_t binSizeBits; - return readBinaryObject(slot, data, length, &binSizeBits); -} - -int SE05XClass::writeBinaryObject(int objectId, const byte data[], size_t length) -{ - sss_status_t status; - sss_object_t binObject; - - if(!initObject(objectId, &binObject, kSSS_KeyPart_Default, kKeyObject_Mode_Persistent, kSSS_CipherType_Binary)) { - return 0; - } - - status = sss_key_store_set_key(&_boot_ctx.ks, &binObject, data, length, length * 8, NULL, 0); - if(status != kStatus_SSS_Success ) { - SE05X_PRINT_ERROR("sss_key_store_set_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::writeSlot(int slot, const byte data[], int length) -{ - if (existsBinaryObject(slot)) { - if (!deleteBinaryObject(slot)) { - return 0; - } - } - return writeBinaryObject(slot, data, length); -} - -int SE05XClass::existsBinaryObject(int objectId) -{ - sss_object_t binObject; - - if(!getObjectHandle(objectId, &binObject)) { - return 0; - } - - return 1; -} - -int SE05XClass::deleteBinaryObject(int objectId) -{ - sss_status_t status; - sss_object_t binObject; - - if(!initObject(objectId, &binObject, kSSS_KeyPart_Default, kKeyObject_Mode_Persistent, kSSS_CipherType_Binary)) { - return 0; - } - - status = sss_key_store_erase_key(&_boot_ctx.ks, &binObject); - if(status != kStatus_SSS_Success ) { - SE05X_PRINT_ERROR("sss_key_store_erase_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::deleteAllObjects(void) -{ - sss_se05x_session_t *pSession = (sss_se05x_session_t *)&_boot_ctx.session; - - if(SW_OK != Se05x_API_DeleteAll_Iterative(&pSession->s_ctx)) { - return 0; - } - - return 1; -} - -int SE05XClass::getObjectHandle(int objectId, sss_object_t * object) -{ - if(kStatus_SSS_Success != sss_key_object_init(object, &_boot_ctx.ks)) { - SE05X_PRINT_ERROR("sss_key_object_init Failed"); - return 0; - } - - if(kStatus_SSS_Success != sss_key_object_get_handle(object, objectId)) { - SE05X_PRINT_ERROR("sss_key_object_get_handle Failed"); - return 0; - } - - return 1; -} - -ex_sss_boot_ctx_t* SE05XClass::getDeviceCtx(void) { - return &_boot_ctx; -} - -int SE05XClass::initObject(size_t objectId, sss_object_t * object, sss_key_part_t objectPart, sss_key_object_mode_t objectMode, sss_cipher_type_t objectChiper) -{ - if (getObjectHandle(objectId, object)) { - return 1; - } - - if(kStatus_SSS_Success != sss_key_object_allocate_handle(object, objectId, objectPart, objectChiper, 0, objectMode)) { - SE05X_PRINT_ERROR("sss_key_object_allocate_handle Failed"); - return 0; - } - return 1; -} - - -SE05XClass SE05X; diff --git a/libraries/SE05X/src/SE05X.h b/libraries/SE05X/src/SE05X.h deleted file mode 100644 index e955491ba..000000000 --- a/libraries/SE05X/src/SE05X.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - SE05X.h - Copyright (c) 2022 Arduino SA. All right reserved. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#ifndef _SE05X_H_ -#define _SE05X_H_ - -#include -#include "ex_sss_boot.h" -#include "fsl_sss_api.h" -#include "se05x_apis.h" -#include "se05x_APDU.h" - -#if defined SE05X_PRINT_ERROR_ENABLE -#define SE05X_PRINT_ERROR(x) Serial.println(x) -#else -#define SE05X_PRINT_ERROR(x) -#endif - -#define SE05X_SN_LENGTH 18 - -class SE05XClass -{ -public: - SE05XClass(); - virtual ~SE05XClass(); - - int begin(); - void end(); - - int serialNumber(byte sn[]); - int serialNumber(byte sn[], size_t length); - String serialNumber(); - - long random(long max); - long random(long min, long max); - int random(byte data[], size_t length); - - int generatePrivateKey(int keyId, byte pubKeyDer[], size_t pubKeyDerMaxLen, size_t * pubKeyDerLen); - int generatePublicKey(int keyId, byte pubKeyDer[], size_t pubKeyDerMaxLen, size_t * pubKeyDerLen); - int importPublicKey(int keyId, const byte pubKeyDer[], size_t pubKeyDerLen); - - int beginSHA256(); - int updateSHA256(const byte in[], size_t inLen); - int endSHA256(byte out[], size_t * outLen); - int SHA256(const byte in[], size_t inLen, byte out[], size_t outMaxLen, size_t * outLen); - - int Sign(int keyId, const byte hash[], size_t hashLen, byte sig[], size_t maxSigLen, size_t * sigLen); - int Verify(int keyId, const byte hash[], size_t hashLen, const byte sig[],size_t sigLen); - - int readBinaryObject(int ObjectId, byte data[], size_t dataMaxLen, size_t * length); - int writeBinaryObject(int ObjectId, const byte data[], size_t length); - int existsBinaryObject(int objectId); - int deleteBinaryObject(int objectId); - int deleteAllObjects(); - - int getObjectHandle(int objectId, sss_object_t * object); - - ex_sss_boot_ctx_t* getDeviceCtx(void); - - int generatePrivateKey(int slot, byte publicKey[]); - int generatePublicKey(int slot, byte publicKey[]); - int ecdsaVerify(const byte message[], const byte signature[], const byte pubkey[]); - int ecSign(int slot, const byte message[], byte signature[]); - int readSlot(int slot, byte data[], int length); - int writeSlot(int slot, const byte data[], int length); - inline int locked() { return 1; } - int writeConfiguration(const byte data[]); - int readConfiguration(byte data[]); - inline int lock() { return 1; } - -private: - int initObject(size_t objectId, sss_object_t * object, sss_key_part_t objectPart, sss_key_object_mode_t objectMode, sss_cipher_type_t objectChiper); - -private: - ex_sss_boot_ctx_t _boot_ctx; - sss_digest_t _digest_ctx; - sss_cipher_type_t _cipher_type; - sss_algorithm_t _algorithm_type; - size_t _key_size_bits; -}; - -extern SE05XClass SE05X; - -#endif diff --git a/libraries/SE05X/src/WiFiSSLSE050Client.cpp b/libraries/SE05X/src/WiFiSSLSE050Client.cpp deleted file mode 100644 index b5c43852e..000000000 --- a/libraries/SE05X/src/WiFiSSLSE050Client.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* - WiFiSSLSE050Client.h - Copyright (c) 2022 Arduino SA. All right reserved. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#include "WiFiSSLSE050Client.h" - -arduino::MbedSSLSE050Client::MbedSSLSE050Client() { - onBeforeConnect(mbed::callback(this, &MbedSSLSE050Client::setRootCAClientCertKey)); -}; - -void arduino::MbedSSLSE050Client::setEccSlot(int KeySlot, const byte cert[], int certLen) { - - _keySlot = KeySlot; - _certLen = certLen; - _cert = cert; -} - -void WiFiSSLSE050Client::setEccSlot(int KeySlot, const byte cert[], int certLen) { - if (!client) { - newMbedClient(); - } - static_cast(client.get())->setEccSlot(KeySlot, cert, certLen); -} - -void WiFiSSLSE050Client::newMbedClient() { - client.reset(new MbedSSLSE050Client()); - client->setNetwork(getNetwork()); -} diff --git a/libraries/SE05X/src/WiFiSSLSE050Client.h b/libraries/SE05X/src/WiFiSSLSE050Client.h deleted file mode 100644 index 3aed4f4e3..000000000 --- a/libraries/SE05X/src/WiFiSSLSE050Client.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - WiFiSSLSE050Client.h - Copyright (c) 2022 Arduino SA. All right reserved. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#ifndef WIFISSLSE050CLIENT_H -#define WIFISSLSE050CLIENT_H - - -#include "SE05X.h" -#include "WiFiSSLClient.h" -#include "MbedSSLClient.h" - -extern const char CA_CERTIFICATES[]; - -namespace arduino { - -class MbedSSLSE050Client : public arduino::MbedSSLClient { - -public: - MbedSSLSE050Client(); - - void setEccSlot(int KeySlot, const byte cert[], int certLen); - -private: - const byte* _cert; - int _certLen; - int _keySlot; - sss_object_t _keyObject; - - int setRootCAClientCertKey() { - int err = setRootCA(); - if (err != NSAPI_ERROR_OK) { - return err; - } - - if(SE05X.getObjectHandle(_keySlot, &_keyObject) != NSAPI_ERROR_OK) { - return NSAPI_ERROR_DEVICE_ERROR; - } - - if(((TLSSocket*)sock)->set_client_cert_key((void*)_cert, - (size_t)_certLen, - &_keyObject, - SE05X.getDeviceCtx()) != NSAPI_ERROR_OK) { - return NSAPI_ERROR_DEVICE_ERROR; - } - return NSAPI_ERROR_OK; - } -}; - -class WiFiSSLSE050Client : public arduino::WiFiSSLClient { - -public: - - void setEccSlot(int KeySlot, const byte cert[], int certLen); - -protected: - virtual void newMbedClient(); -}; - -} - -#endif /* WIFISSLSE050CLIENT_H */ diff --git a/patches/0266-SE05x-remove-support-for-crypto-from-mbedos.patch b/patches/0266-SE05x-remove-support-for-crypto-from-mbedos.patch new file mode 100644 index 000000000..5f4feb6c9 --- /dev/null +++ b/patches/0266-SE05x-remove-support-for-crypto-from-mbedos.patch @@ -0,0 +1,38 @@ +From b675aff2d931af574053bfc49da4433a0b2ba2b3 Mon Sep 17 00:00:00 2001 +From: Andrea Gilardoni +Date: Mon, 18 May 2026 16:13:48 +0200 +Subject: [PATCH] SE05x: remove support for crypto from mbedos + +in favor of external library for se05x crypto shared among all cores +--- + targets/targets.json | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/targets/targets.json b/targets/targets.json +index f69cbeef40..6cff815ec4 100644 +--- a/targets/targets.json ++++ b/targets/targets.json +@@ -3686,18 +3686,14 @@ + "QSPIF", + "WHD", + "4343W_FS", +- "CYW43XXX", +- "SE050" ++ "CYW43XXX" + ], + "macros_add": [ + "MBEDTLS_FS_IO", + "MBEDTLS_SHA1_C", + "CM4_BOOT_BY_APPLICATION", + "QSPI_NO_SAMPLE_SHIFT", +- "CYW43XXX_UNBUFFERED_UART", +- "T1oI2C", +- "T1oI2C_UM11225", +- "FLOW_SILENT" ++ "CYW43XXX_UNBUFFERED_UART" + ], + "device_has_add": [ + "USBDEVICE", +-- +2.53.0 + diff --git a/variants/ARDUINO_NANO33BLE/defines.txt b/variants/ARDUINO_NANO33BLE/defines.txt index cd703265d..325bc3687 100644 --- a/variants/ARDUINO_NANO33BLE/defines.txt +++ b/variants/ARDUINO_NANO33BLE/defines.txt @@ -34,7 +34,7 @@ -DFEATURE_STORAGE=1 -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751295810.7982233 +-DMBED_BUILD_TIMESTAMP=1779181204.2152987 -D__MBED_CMSIS_RTOS_CM -DMBED_MPU_CUSTOM -DMBED_TICKLESS diff --git a/variants/ARDUINO_NANO33BLE/libs/libmbed.a b/variants/ARDUINO_NANO33BLE/libs/libmbed.a index 709f5c1bd..5ebfa0194 100644 Binary files a/variants/ARDUINO_NANO33BLE/libs/libmbed.a and b/variants/ARDUINO_NANO33BLE/libs/libmbed.a differ diff --git a/variants/EDGE_CONTROL/defines.txt b/variants/EDGE_CONTROL/defines.txt index c8f7009b8..4cb913872 100644 --- a/variants/EDGE_CONTROL/defines.txt +++ b/variants/EDGE_CONTROL/defines.txt @@ -38,7 +38,7 @@ -DFEATURE_STORAGE=1 -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751295976.2142034 +-DMBED_BUILD_TIMESTAMP=1779181248.1702356 -D__MBED_CMSIS_RTOS_CM -DMBED_MPU_CUSTOM -DMBED_TICKLESS diff --git a/variants/EDGE_CONTROL/libs/libmbed.a b/variants/EDGE_CONTROL/libs/libmbed.a index 0b39e325b..8fea75d2a 100644 Binary files a/variants/EDGE_CONTROL/libs/libmbed.a and b/variants/EDGE_CONTROL/libs/libmbed.a differ diff --git a/variants/GENERIC_STM32H747_M4/defines.txt b/variants/GENERIC_STM32H747_M4/defines.txt index d5b9717bf..0dba0d2fa 100644 --- a/variants/GENERIC_STM32H747_M4/defines.txt +++ b/variants/GENERIC_STM32H747_M4/defines.txt @@ -42,7 +42,7 @@ -DFEATURE_BLE=1 -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751295923.2991855 +-DMBED_BUILD_TIMESTAMP=1779181300.923458 -D__MBED_CMSIS_RTOS_CM -DMBED_MPU_CUSTOM -DMBED_TICKLESS diff --git a/variants/GENERIC_STM32H747_M4/libs/libmbed.a b/variants/GENERIC_STM32H747_M4/libs/libmbed.a index 3d42847c7..bbd6e917f 100644 Binary files a/variants/GENERIC_STM32H747_M4/libs/libmbed.a and b/variants/GENERIC_STM32H747_M4/libs/libmbed.a differ diff --git a/variants/GIGA/defines.txt b/variants/GIGA/defines.txt index 136fb76db..cef5500b4 100644 --- a/variants/GIGA/defines.txt +++ b/variants/GIGA/defines.txt @@ -44,7 +44,7 @@ -DFEATURE_BLE=1 -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751296168.0928738 +-DMBED_BUILD_TIMESTAMP=1779181360.4514952 -D__MBED_CMSIS_RTOS_CM -DMBED_TICKLESS -DMBEDTLS_FS_IO diff --git a/variants/GIGA/libs/libmbed.a b/variants/GIGA/libs/libmbed.a index 79c8f413a..5eeb7b600 100644 Binary files a/variants/GIGA/libs/libmbed.a and b/variants/GIGA/libs/libmbed.a differ diff --git a/variants/NANO_RP2040_CONNECT/defines.txt b/variants/NANO_RP2040_CONNECT/defines.txt index a6602e69a..87c09ec94 100644 --- a/variants/NANO_RP2040_CONNECT/defines.txt +++ b/variants/NANO_RP2040_CONNECT/defines.txt @@ -21,7 +21,7 @@ -DDEVICE_USTICKER=1 -DDEVICE_WATCHDOG=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751295788.6373296 +-DMBED_BUILD_TIMESTAMP=1779181422.660762 -D__MBED_CMSIS_RTOS_CM -DMBED_MPU_CUSTOM -DMBEDTLS_ENTROPY_NV_SEED diff --git a/variants/NANO_RP2040_CONNECT/libs/libmbed.a b/variants/NANO_RP2040_CONNECT/libs/libmbed.a index 0ededd88e..65da008c4 100644 Binary files a/variants/NANO_RP2040_CONNECT/libs/libmbed.a and b/variants/NANO_RP2040_CONNECT/libs/libmbed.a differ diff --git a/variants/NICLA/defines.txt b/variants/NICLA/defines.txt index 070856ff6..7a365618d 100644 --- a/variants/NICLA/defines.txt +++ b/variants/NICLA/defines.txt @@ -33,7 +33,7 @@ -DFEATURE_BLE=1 -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751296019.4294596 +-DMBED_BUILD_TIMESTAMP=1779181463.1376967 -D__MBED_CMSIS_RTOS_CM -DMBED_MPU_CUSTOM -DMBED_TICKLESS diff --git a/variants/NICLA/libs/libmbed.a b/variants/NICLA/libs/libmbed.a index 0f5cfdad2..1e33240f2 100644 Binary files a/variants/NICLA/libs/libmbed.a and b/variants/NICLA/libs/libmbed.a differ diff --git a/variants/NICLA_VISION/conf/custom_mbedtls_config.h b/variants/NICLA_VISION/conf/custom_mbedtls_config.h deleted file mode 100644 index c2a399cc2..000000000 --- a/variants/NICLA_VISION/conf/custom_mbedtls_config.h +++ /dev/null @@ -1,3368 +0,0 @@ -/** - * \file sss_mbedtls_x86_config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - */ -/* - * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved - * Copyright 2020 NXP - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef MBEDTLS_CONFIG_X86_H -#define MBEDTLS_CONFIG_X86_H - -/* clang-format off */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#ifdef CHECK_MEMORY - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#define MBEDTLS_PLATFORM_MEMORY - -void tstDoTraceAndFree( - const char * szWhat, - const char * szFunction, const unsigned int line, - void * pWhat ); - -void * tstDoTraceAndCalloc( - const char * szNUM, const char * szSize, - const char * szFunction, const unsigned int line, - const unsigned int num, const unsigned int size ); - -#define MBEDTLS_PLATFORM_FREE_MACRO(WHAT) \ - tstDoTraceAndFree(#WHAT, __FUNCTION__, __LINE__, WHAT ) -#define MBEDTLS_PLATFORM_CALLOC_MACRO(NUM, SIZE) \ - tstDoTraceAndCalloc(#NUM, #SIZE, __FUNCTION__, __LINE__, NUM, SIZE ) - -#define MBEDTLS_MEMORY_DEBUG -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -#endif /* CHECK_MEMORY */ - -/** - * \name SECTION: System support - * - * This section sets system specific settings. - * \{ - */ - -/** - * \def MBEDTLS_HAVE_ASM - * - * The compiler has support for asm(). - * - * Requires support for asm() in compiler. - * - * Used in: - * library/aria.c - * library/timing.c - * include/mbedtls/bn_mul.h - * - * Required by: - * MBEDTLS_AESNI_C - * MBEDTLS_PADLOCK_C - * - * Comment to disable the use of assembly code. - */ -#define MBEDTLS_HAVE_ASM - -/** - * \def MBEDTLS_NO_UDBL_DIVISION - * - * The platform lacks support for double-width integer division (64-bit - * division on a 32-bit platform, 128-bit division on a 64-bit platform). - * - * Used in: - * include/mbedtls/bignum.h - * library/bignum.c - * - * The bignum code uses double-width division to speed up some operations. - * Double-width division is often implemented in software that needs to - * be linked with the program. The presence of a double-width integer - * type is usually detected automatically through preprocessor macros, - * but the automatic detection cannot know whether the code needs to - * and can be linked with an implementation of division for that type. - * By default division is assumed to be usable if the type is present. - * Uncomment this option to prevent the use of double-width division. - * - * Note that division for the native integer type is always required. - * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. In some - * cases it is also desirable to disable some double-width operations. For - * example, if double-width division is implemented in software, disabling - * it can reduce code size in some embedded targets. - */ -//#define MBEDTLS_NO_UDBL_DIVISION - -/** - * \def MBEDTLS_NO_64BIT_MULTIPLICATION - * - * The platform lacks support for 32x32 -> 64-bit multiplication. - * - * Used in: - * library/poly1305.c - * - * Some parts of the library may use multiplication of two unsigned 32-bit - * operands with a 64-bit result in order to speed up computations. On some - * platforms, this is not available in hardware and has to be implemented in - * software, usually in a library provided by the toolchain. - * - * Sometimes it is not desirable to have to link to that library. This option - * removes the dependency of that library on platforms that lack a hardware - * 64-bit multiplier by embedding a software implementation in Mbed TLS. - * - * Note that depending on the compiler, this may decrease performance compared - * to using the library function provided by the toolchain. - */ -//#define MBEDTLS_NO_64BIT_MULTIPLICATION - -/** - * \def MBEDTLS_HAVE_SSE2 - * - * CPU supports SSE2 instruction set. - * - * Uncomment if the CPU supports SSE2 (IA-32 specific). - */ -//#define MBEDTLS_HAVE_SSE2 - -/** - * \def MBEDTLS_HAVE_TIME - * - * System has time.h and time(). - * The time does not need to be correct, only time differences are used, - * by contrast with MBEDTLS_HAVE_TIME_DATE - * - * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, - * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and - * MBEDTLS_PLATFORM_STD_TIME. - * - * Comment if your system does not support time functions - */ -#define MBEDTLS_HAVE_TIME - -/** - * \def MBEDTLS_HAVE_TIME_DATE - * - * System has time.h, time(), and an implementation for - * mbedtls_platform_gmtime_r() (see below). - * The time needs to be correct (not necesarily very accurate, but at least - * the date should be correct). This is used to verify the validity period of - * X.509 certificates. - * - * Comment if your system does not have a correct clock. - * - * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that - * behaves similarly to the gmtime_r() function from the C standard. Refer to - * the documentation for mbedtls_platform_gmtime_r() for more information. - * - * \note It is possible to configure an implementation for - * mbedtls_platform_gmtime_r() at compile-time by using the macro - * MBEDTLS_PLATFORM_GMTIME_R_ALT. - */ -//#define MBEDTLS_HAVE_TIME_DATE - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -//#define MBEDTLS_PLATFORM_MEMORY - -/** - * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - * - * Do not assign standard functions in the platform layer (e.g. calloc() to - * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) - * - * This makes sure there are no linking errors on platforms that do not support - * these functions. You will HAVE to provide alternatives, either at runtime - * via the platform_set_xxx() functions or at compile time by setting - * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a - * MBEDTLS_PLATFORM_XXX_MACRO. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Uncomment to prevent default assignment of standard functions in the - * platform layer. - */ -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - -/** - * \def MBEDTLS_PLATFORM_EXIT_ALT - * - * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the - * function in the platform abstraction layer. - * - * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will - * provide a function "mbedtls_platform_set_printf()" that allows you to set an - * alternative printf function pointer. - * - * All these define require MBEDTLS_PLATFORM_C to be defined! - * - * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; - * it will be enabled automatically by check_config.h - * - * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as - * MBEDTLS_PLATFORM_XXX_MACRO! - * - * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME - * - * Uncomment a macro to enable alternate implementation of specific base - * platform function - */ -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_TIME_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT -//#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT - -/** - * \def MBEDTLS_DEPRECATED_WARNING - * - * Mark deprecated functions so that they generate a warning if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * This only works with GCC and Clang. With other compilers, you may want to - * use MBEDTLS_DEPRECATED_REMOVED - * - * Uncomment to get warnings on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_WARNING - -/** - * \def MBEDTLS_DEPRECATED_REMOVED - * - * Remove deprecated functions so that they generate an error if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * Uncomment to get errors on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_REMOVED - -/** - * \def MBEDTLS_CHECK_PARAMS - * - * This configuration option controls whether the library validates more of - * the parameters passed to it. - * - * When this flag is not defined, the library only attempts to validate an - * input parameter if: (1) they may come from the outside world (such as the - * network, the filesystem, etc.) or (2) not validating them could result in - * internal memory errors such as overflowing a buffer controlled by the - * library. On the other hand, it doesn't attempt to validate parameters whose - * values are fully controlled by the application (such as pointers). - * - * When this flag is defined, the library additionally attempts to validate - * parameters that are fully controlled by the application, and should always - * be valid if the application code is fully correct and trusted. - * - * For example, when a function accepts as input a pointer to a buffer that may - * contain untrusted data, and its documentation mentions that this pointer - * must not be NULL: - * - the pointer is checked to be non-NULL only if this option is enabled - * - the content of the buffer is always validated - * - * When this flag is defined, if a library function receives a parameter that - * is invalid, it will: - * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a - * call to the function mbedtls_param_failed() - * - immediately return (with a specific error code unless the function - * returns void and can't communicate an error). - * - * When defining this flag, you also need to: - * - either provide a definition of the function mbedtls_param_failed() in - * your application (see platform_util.h for its prototype) as the library - * calls that function, but does not provide a default definition for it, - * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() - * below if the above mechanism is not flexible enough to suit your needs. - * See the documentation of this macro later in this file. - * - * Uncomment to enable validation of application-controlled parameters. - */ -//#define MBEDTLS_CHECK_PARAMS - -/* \} name SECTION: System support */ - -/** - * \name SECTION: mbed TLS feature support - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/** - * \def MBEDTLS_TIMING_ALT - * - * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), - * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() - * - * Only works if you have MBEDTLS_TIMING_C enabled. - * - * You will need to provide a header "timing_alt.h" and an implementation at - * compile time. - */ -//#define MBEDTLS_TIMING_ALT - -/** - * \def MBEDTLS_AES_ALT - * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternate core implementation of a symmetric crypto, an arithmetic or hash - * module (e.g. platform specific assembly optimized implementations). Keep - * in mind that the function prototypes should remain the same. - * - * This replaces the whole module. If you only want to replace one of the - * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer - * provide the "struct mbedtls_aes_context" definition and omit the base - * function declarations and implementations. "aes_alt.h" will be included from - * "aes.h" to include the new function definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * module. - * - * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their - * use constitutes a security risk. If possible, we recommend - * avoiding dependencies on them, and considering stronger message - * digests and ciphers instead. - * - */ -//#define MBEDTLS_AES_ALT -//#define MBEDTLS_ARC4_ALT -//#define MBEDTLS_ARIA_ALT -//#define MBEDTLS_BLOWFISH_ALT -//#define MBEDTLS_CAMELLIA_ALT -//#define MBEDTLS_CCM_ALT -//#define MBEDTLS_CHACHA20_ALT -//#define MBEDTLS_CHACHAPOLY_ALT -//#define MBEDTLS_CMAC_ALT -//#define MBEDTLS_DES_ALT -//#define MBEDTLS_DHM_ALT -//#define MBEDTLS_ECJPAKE_ALT -//#define MBEDTLS_GCM_ALT -//#define MBEDTLS_NIST_KW_ALT -//#define MBEDTLS_MD2_ALT -//#define MBEDTLS_MD4_ALT -//#define MBEDTLS_MD5_ALT -//#define MBEDTLS_POLY1305_ALT -//#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_RSA_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT -//#define MBEDTLS_XTEA_ALT - -/* - * When replacing the elliptic curve module, pleace consider, that it is - * implemented with two .c files: - * - ecp.c - * - ecp_curves.c - * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT - * macros as described above. The only difference is that you have to make sure - * that you provide functionality for both .c files. - */ - -#if defined(SSS_HAVE_ALT) && (SSS_HAVE_ALT) -# define MBEDTLS_ECP_ALT -# define MBEDTLS_RSA_ALT -#endif /* SSS_HAVE_ALT */ -//#define MBEDTLS_ECP_ALT - - -/** - * - MBEDTLS_ECDSA_VERIFY_ALT - * To use SE for all public key ecdsa verify operation, enable MBEDTLS_ECDSA_VERIFY_ALT - */ - -#if defined(SSS_HAVE_ALT) && (SSS_HAVE_ALT) -# define MBEDTLS_ECDH_ALT -# define MBEDTLS_ECDH_GEN_PUBLIC_ALT -# define MBEDTLS_ECDH_COMPUTE_SHARED_ALT -//# define MBEDTLS_ECDSA_VERIFY_ALT -#endif /* SSS_HAVE_ALT */ -//#define MBEDTLS_ECDH_ALT - -/** - * \def MBEDTLS_MD2_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * must stay untouched. - * - * \note If you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - * - * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use - * constitutes a security risk. If possible, we recommend avoiding - * dependencies on them, and considering stronger message digests - * and ciphers instead. - * - */ -//#define MBEDTLS_MD2_PROCESS_ALT -//#define MBEDTLS_MD4_PROCESS_ALT -//#define MBEDTLS_MD5_PROCESS_ALT -//#define MBEDTLS_RIPEMD160_PROCESS_ALT -//#define MBEDTLS_SHA1_PROCESS_ALT -//#define MBEDTLS_SHA256_PROCESS_ALT -//#define MBEDTLS_SHA512_PROCESS_ALT -//#define MBEDTLS_DES_SETKEY_ALT -//#define MBEDTLS_DES_CRYPT_ECB_ALT -//#define MBEDTLS_DES3_CRYPT_ECB_ALT -//#define MBEDTLS_AES_SETKEY_ENC_ALT -//#define MBEDTLS_AES_SETKEY_DEC_ALT -//#define MBEDTLS_AES_ENCRYPT_ALT -//#define MBEDTLS_AES_DECRYPT_ALT -//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT -//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT -//#define MBEDTLS_ECDSA_VERIFY_ALT -//#define MBEDTLS_ECDSA_SIGN_ALT -//#define MBEDTLS_ECDSA_GENKEY_ALT - -/** - * \def MBEDTLS_ECP_INTERNAL_ALT - * - * Expose a part of the internal interface of the Elliptic Curve Point module. - * - * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternative core implementation of elliptic curve arithmetic. Keep in mind - * that function prototypes should remain the same. - * - * This partially replaces one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation - * is still present and it is used for group structures not supported by the - * alternative. - * - * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT - * and implementing the following functions: - * unsigned char mbedtls_internal_ecp_grp_capable( - * const mbedtls_ecp_group *grp ) - * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) - * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) - * The mbedtls_internal_ecp_grp_capable function should return 1 if the - * replacement functions implement arithmetic for the given group and 0 - * otherwise. - * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are - * called before and after each point operation and provide an opportunity to - * implement optimized set up and tear down instructions. - * - * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and - * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac - * function, but will use your mbedtls_internal_ecp_double_jac if the group is - * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when - * receives it as an argument). If the group is not supported then the original - * implementation is used. The other functions and the definition of - * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your - * implementation of mbedtls_internal_ecp_double_jac and - * mbedtls_internal_ecp_grp_capable must be compatible with this definition. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - */ -/* Required for all the functions in this section */ -//#define MBEDTLS_ECP_INTERNAL_ALT -/* Support for Weierstrass curves with Jacobi representation */ -//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT -//#define MBEDTLS_ECP_ADD_MIXED_ALT -//#define MBEDTLS_ECP_DOUBLE_JAC_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT -/* Support for curves with Montgomery arithmetic */ -//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT -//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT -//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT - -/** - * \def MBEDTLS_TEST_NULL_ENTROPY - * - * Enables testing and use of mbed TLS without any configured entropy sources. - * This permits use of the library on platforms before an entropy source has - * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the - * MBEDTLS_ENTROPY_NV_SEED switches). - * - * WARNING! This switch MUST be disabled in production builds, and is suitable - * only for development. - * Enabling the switch negates any security provided by the library. - * - * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - */ -//#define MBEDTLS_TEST_NULL_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_HARDWARE_ALT - * - * Uncomment this macro to let mbed TLS use your own implementation of a - * hardware entropy collector. - * - * Your function must be called \c mbedtls_hardware_poll(), have the same - * prototype as declared in entropy_poll.h, and accept NULL as first argument. - * - * Uncomment to use your own hardware entropy collector. - */ -//#define MBEDTLS_ENTROPY_HARDWARE_ALT - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Use precomputed AES tables stored in ROM. - * - * Uncomment this macro to use precomputed AES tables stored in ROM. - * Comment this macro to generate AES tables in RAM at runtime. - * - * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb - * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the - * initialization time before the first AES operation can be performed. - * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c - * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded - * performance if ROM access is slower than RAM access. - * - * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. - * - */ -//#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_AES_FEWER_TABLES - * - * Use less ROM/RAM for AES tables. - * - * Uncommenting this macro omits 75% of the AES tables from - * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) - * by computing their values on the fly during operations - * (the tables are entry-wise rotations of one another). - * - * Tradeoff: Uncommenting this reduces the RAM / ROM footprint - * by ~6kb but at the cost of more arithmetic operations during - * runtime. Specifically, one has to compare 4 accesses within - * different tables to 4 accesses with additional arithmetic - * operations within the same table. The performance gain/loss - * depends on the system and memory details. - * - * This option is independent of \c MBEDTLS_AES_ROM_TABLES. - * - */ -//#define MBEDTLS_AES_FEWER_TABLES - -/** - * \def MBEDTLS_CAMELLIA_SMALL_MEMORY - * - * Use less ROM for the Camellia implementation (saves about 768 bytes). - * - * Uncomment this macro to use less memory for Camellia. - */ -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY - -/** - * \def MBEDTLS_CIPHER_MODE_CBC - * - * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CBC - -/** - * \def MBEDTLS_CIPHER_MODE_CFB - * - * Enable Cipher Feedback mode (CFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CFB - -/** - * \def MBEDTLS_CIPHER_MODE_CTR - * - * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CTR - -/** - * \def MBEDTLS_CIPHER_MODE_OFB - * - * Enable Output Feedback mode (OFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_OFB - -/** - * \def MBEDTLS_CIPHER_MODE_XTS - * - * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. - */ -#define MBEDTLS_CIPHER_MODE_XTS - -/** - * \def MBEDTLS_CIPHER_NULL_CIPHER - * - * Enable NULL cipher. - * Warning: Only do so when you know what you are doing. This allows for - * encryption or channels without any security! - * - * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable - * the following ciphersuites: - * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA - * - * Uncomment this macro to enable the NULL cipher and ciphersuites - */ -//#define MBEDTLS_CIPHER_NULL_CIPHER - -/** - * \def MBEDTLS_CIPHER_PADDING_PKCS7 - * - * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for - * specific padding modes in the cipher layer with cipher modes that support - * padding (e.g. CBC) - * - * If you disable all padding modes, only full blocks can be used with CBC. - * - * Enable padding modes in the cipher layer. - */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS - -/** - * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES - * - * Enable weak ciphersuites in SSL / TLS. - * Warning: Only do so when you know what you are doing. This allows for - * channels with virtually no security at all! - * - * This enables the following ciphersuites: - * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA - * - * Uncomment this macro to enable weak ciphersuites - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - */ -//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES - -/** - * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES - * - * Remove RC4 ciphersuites by default in SSL / TLS. - * This flag removes the ciphersuites based on RC4 from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to - * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them - * explicitly. - * - * Uncomment this macro to remove RC4 ciphersuites by default. - */ -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES - -/** - * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES - * - * Remove 3DES ciphersuites by default in SSL / TLS. - * This flag removes the ciphersuites based on 3DES from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible - * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including - * them explicitly. - * - * A man-in-the-browser attacker can recover authentication tokens sent through - * a TLS connection using a 3DES based cipher suite (see "On the Practical - * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Ga�tan - * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls - * in your threat model or you are unsure, then you should keep this option - * enabled to remove 3DES based cipher suites. - * - * Comment this macro to keep 3DES in the default ciphersuite list. - */ -#define MBEDTLS_REMOVE_3DES_CIPHERSUITES - -/** - * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED - * - * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve - * module. By default all supported curves are enabled. - * - * Comment macros to disable the curve and functions for it - */ -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED - -#ifdef TGT_A71CH -# undef MBEDTLS_ECP_DP_SECP192R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP224R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP384R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP521R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP192K1_ENABLED -# undef MBEDTLS_ECP_DP_SECP224K1_ENABLED -# undef MBEDTLS_ECP_DP_SECP256K1_ENABLED -# undef MBEDTLS_ECP_DP_BP256R1_ENABLED -# undef MBEDTLS_ECP_DP_BP384R1_ENABLED -# undef MBEDTLS_ECP_DP_BP512R1_ENABLED -# undef MBEDTLS_ECP_DP_CURVE25519_ENABLED -# undef MBEDTLS_ECP_DP_CURVE448_ENABLED -#endif - - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#define MBEDTLS_ECP_NIST_OPTIM - -/** - * \def MBEDTLS_ECP_RESTARTABLE - * - * Enable "non-blocking" ECC operations that can return early and be resumed. - * - * This allows various functions to pause by returning - * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in - * order to further progress and eventually complete their operation. This is - * controlled through mbedtls_ecp_set_max_ops() which limits the maximum - * number of ECC operations a function may perform before pausing; see - * mbedtls_ecp_set_max_ops() for more information. - * - * This is useful in non-threaded environments if you want to avoid blocking - * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. - * - * Uncomment this macro to enable restartable ECC computations. - * - * \note This option only works with the default software implementation of - * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. - */ -//#define MBEDTLS_ECP_RESTARTABLE - -/** - * \def MBEDTLS_ECDSA_DETERMINISTIC - * - * Enable deterministic ECDSA (RFC 6979). - * Standard ECDSA is "fragile" in the sense that lack of entropy when signing - * may result in a compromise of the long-term signing key. This is avoided by - * the deterministic variant. - * - * Requires: MBEDTLS_HMAC_DRBG_C - * - * Comment this macro to disable deterministic ECDSA. - */ -#define MBEDTLS_ECDSA_DETERMINISTIC - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - * - * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Requires: MBEDTLS_ECJPAKE_C - * MBEDTLS_SHA256_C - * MBEDTLS_ECP_DP_SECP256R1_ENABLED - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_GENPRIME - * - * Enable the prime-number generation code. - * - * Requires: MBEDTLS_BIGNUM_C - */ -#define MBEDTLS_GENPRIME - -/** - * \def MBEDTLS_FS_IO - * - * Enable functions that use the filesystem. - */ -//#define MBEDTLS_FS_IO - -/** - * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - * Do not add default entropy sources. These are the platform specific, - * mbedtls_timing_hardclock and HAVEGE based poll functions. - * - * This is useful to have more control over the added entropy sources in an - * application. - * - * Uncomment this macro to prevent loading of default entropy functions. - */ -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -//#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_FORCE_SHA256 - * - * Force the entropy accumulator to use a SHA-256 accumulator instead of the - * default SHA-512 based one (if both are available). - * - * Requires: MBEDTLS_SHA256_C - * - * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option - * if you have performance concerns. - * - * This option is only useful if both MBEDTLS_SHA256_C and - * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. - */ -//#define MBEDTLS_ENTROPY_FORCE_SHA256 - -/** - * \def MBEDTLS_ENTROPY_NV_SEED - * - * Enable the non-volatile (NV) seed file-based entropy source. - * (Also enables the NV seed read/write functions in the platform layer) - * - * This is crucial (if not required) on systems that do not have a - * cryptographic entropy source (in hardware or kernel) available. - * - * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C - * - * \note The read/write functions that are used by the entropy source are - * determined in the platform layer, and can be modified at runtime and/or - * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. - * - * \note If you use the default implementation functions that read a seedfile - * with regular fopen(), please make sure you make a seedfile with the - * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at - * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from - * and written to or you will get an entropy source error! The default - * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE - * bytes from the file. - * - * \note The entropy collector will write to the seed file before entropy is - * given to an external source, to update it. - */ -//#define MBEDTLS_ENTROPY_NV_SEED - -/** - * \def MBEDTLS_MEMORY_DEBUG - * - * Enable debugging of buffer allocator memory issues. Automatically prints - * (to stderr) all (fatal) messages on memory allocation issues. Enables - * function for 'debug output' of allocated memory. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Uncomment this macro to let the buffer allocator print out error messages. - */ -//#define MBEDTLS_MEMORY_DEBUG - -/** - * \def MBEDTLS_MEMORY_BACKTRACE - * - * Include backtrace information with each allocated block. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * GLIBC-compatible backtrace() an backtrace_symbols() support - * - * Uncomment this macro to include backtrace information - */ -//#define MBEDTLS_MEMORY_BACKTRACE - -/** - * \def MBEDTLS_PK_RSA_ALT_SUPPORT - * - * Support external private RSA keys (eg from a HSM) in the PK layer. - * - * Comment this macro to disable support for external private RSA keys. - */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT - -/** - * \def MBEDTLS_PKCS1_V15 - * - * Enable support for PKCS#1 v1.5 encoding. - * - * Requires: MBEDTLS_RSA_C - * - * This enables support for PKCS#1 v1.5 operations. - */ -#define MBEDTLS_PKCS1_V15 - -/** - * \def MBEDTLS_PKCS1_V21 - * - * Enable support for PKCS#1 v2.1 encoding. - * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C - * - * This enables support for RSAES-OAEP and RSASSA-PSS operations. - */ -#define MBEDTLS_PKCS1_V21 - -/** - * \def MBEDTLS_RSA_NO_CRT - * - * Do not use the Chinese Remainder Theorem - * for the RSA private operation. - * - * Uncomment this macro to disable the use of CRT in RSA. - * - */ -//#define MBEDTLS_RSA_NO_CRT - -/** - * \def MBEDTLS_SELF_TEST - * - * Enable the checkup functions (*_self_test). - */ -//#define MBEDTLS_SELF_TEST - -/** - * \def MBEDTLS_SHA256_SMALLER - * - * Enable an implementation of SHA-256 that has lower ROM footprint but also - * lower performance. - * - * The default implementation is meant to be a reasonnable compromise between - * performance and size. This version optimizes more aggressively for size at - * the expense of performance. Eg on Cortex-M4 it reduces the size of - * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about - * 30%. - * - * Uncomment to enable the smaller implementation of SHA256. - */ -//#define MBEDTLS_SHA256_SMALLER - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** - * \def MBEDTLS_SSL_ASYNC_PRIVATE - * - * Enable asynchronous external private key operations in SSL. This allows - * you to configure an SSL connection to call an external cryptographic - * module to perform private key operations instead of performing the - * operation inside the library. - * - */ -//#define MBEDTLS_SSL_ASYNC_PRIVATE - -/** - * \def MBEDTLS_SSL_DEBUG_ALL - * - * Enable the debug messages in SSL module for all issues. - * Debug messages have been disabled in some places to prevent timing - * attacks due to (unbalanced) debugging function calls. - * - * If you need all error reporting you should enable this during debugging, - * but remove this for production servers that should log as well. - * - * Uncomment this macro to report all debug messages on errors introducing - * a timing side-channel. - * - */ -//#define MBEDTLS_SSL_DEBUG_ALL - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for Extended Master Secret, aka Session Hash - * (draft-ietf-tls-session-hash-02). - * - * This was introduced as "the proper fix" to the Triple Handshake familiy of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET - -/** - * \def MBEDTLS_SSL_FALLBACK_SCSV - * - * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). - * - * For servers, it is recommended to always enable this, unless you support - * only one version of TLS, or know for sure that none of your clients - * implements a fallback strategy. - * - * For clients, you only need this if you're using a fallback strategy, which - * is not recommended in the first place, unless you absolutely need it to - * interoperate with buggy (version-intolerant) servers. - * - * Comment this macro to disable support for FALLBACK_SCSV - */ -#define MBEDTLS_SSL_FALLBACK_SCSV - -/** - * \def MBEDTLS_SSL_HW_RECORD_ACCEL - * - * Enable hooking functions in SSL module for hardware acceleration of - * individual records. - * - * Uncomment this macro to enable hooking functions. - */ -//#define MBEDTLS_SSL_HW_RECORD_ACCEL - -/** - * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING - * - * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. - * - * This is a countermeasure to the BEAST attack, which also minimizes the risk - * of interoperability issues compared to sending 0-length records. - * - * Comment this macro to disable 1/n-1 record splitting. - */ -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Enable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Comment this to disable support for renegotiation. - * - * \note Even if this option is disabled, both client and server are aware - * of the Renegotiation Indication Extension (RFC 5746) used to - * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). - * (See \c mbedtls_ssl_conf_legacy_renegotiation for the - * configuration of this extension). - * - */ -#define MBEDTLS_SSL_RENEGOTIATION - -/** - * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - * - * Enable support for receiving and parsing SSLv2 Client Hello messages for the - * SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to enable support for SSLv2 Client Hello messages. - */ -//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - -/** - * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - * - * Pick the ciphersuite according to the client's preferences rather than ours - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to respect client's ciphersuite order - */ -//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_SSL3 - * - * Enable support for SSL 3.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for SSL 3.0 - */ -//#define MBEDTLS_SSL_PROTO_SSL3 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1 - * - * Enable support for TLS 1.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.0 - */ -#define MBEDTLS_SSL_PROTO_TLS1 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_1 - * - * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 - */ -#define MBEDTLS_SSL_PROTO_TLS1_1 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C - * (Depends on ciphersuites) - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, - * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_1 - * or MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#define MBEDTLS_SSL_PROTO_DTLS - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#define MBEDTLS_SSL_ALPN - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can ba a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - -/** - * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT - * - * Enable support for a limit of records with bad MAC. - * - * See mbedtls_ssl_conf_dtls_badmac_limit(). - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - */ -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintainance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#define MBEDTLS_SSL_SESSION_TICKETS - -/** - * \def MBEDTLS_SSL_EXPORT_KEYS - * - * Enable support for exporting key block and master secret. - * This is required for certain users of TLS, e.g. EAP-TLS. - * - * Comment this macro to disable support for key export - */ -#define MBEDTLS_SSL_EXPORT_KEYS - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT - * - * Fallback to old (pre-2.7), non-conforming implementation of the truncated - * HMAC extension which also truncates the HMAC key. Note that this option is - * only meant for a transitory upgrade period and is likely to be removed in - * a future version of the library. - * - * \warning The old implementation is non-compliant and has a security weakness - * (2^80 brute force attack on the HMAC key used for a single, - * uninterrupted connection). This should only be enabled temporarily - * when (1) the use of truncated HMAC is essential in order to save - * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use - * the fixed implementation yet (pre-2.7). - * - * \deprecated This option is deprecated and will likely be removed in a - * future version of Mbed TLS. - * - * Uncomment to fallback to old, non-compliant truncated HMAC implementation. - * - * Requires: MBEDTLS_SSL_TRUNCATED_HMAC - */ -//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT - -/** - * \def MBEDTLS_THREADING_ALT - * - * Provide your own alternate threading implementation. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to allow your own alternate threading implementation. - */ -//#define MBEDTLS_THREADING_ALT - -/** - * \def MBEDTLS_THREADING_PTHREAD - * - * Enable the pthread wrapper layer for the threading layer. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to enable pthread mutexes. - */ -//#define MBEDTLS_THREADING_PTHREAD - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an extension in a v1 or v2 certificate. - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - -/** - * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an unknown critical extension. - * - * \warning Depending on your PKI use, enabling this can be a security risk! - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT - -/** - * \def MBEDTLS_ZLIB_SUPPORT - * - * If set, the SSL/TLS module uses ZLIB to support compression and - * decompression of packet data. - * - * \warning TLS-level compression MAY REDUCE SECURITY! See for example the - * CRIME attack. Before enabling this option, you should examine with care if - * CRIME or similar exploits may be a applicable to your use case. - * - * \note Currently compression can't be used with DTLS. - * - * \deprecated This feature is deprecated and will be removed - * in the next major revision of the library. - * - * Used in: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This feature requires zlib library and headers to be present. - * - * Uncomment to enable use of ZLIB - */ -//#define MBEDTLS_ZLIB_SUPPORT -/* \} name SECTION: mbed TLS feature support */ - -/** - * \name SECTION: mbed TLS modules - * - * This section enables or disables entire modules in mbed TLS - * \{ - */ - -/** - * \def MBEDTLS_AESNI_C - * - * Enable AES-NI support on x86-64. - * - * Module: library/aesni.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the AES-NI instructions on x86-64 - */ -#define MBEDTLS_AESNI_C - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/cipher.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#define MBEDTLS_AES_C - -/** - * \def MBEDTLS_ARC4_C - * - * Enable the ARCFOUR stream cipher. - * - * Module: library/arc4.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. If possible, we recommend avoidng dependencies on - * it, and considering stronger ciphers instead. - * - */ -#define MBEDTLS_ARC4_C - -/** - * \def MBEDTLS_ASN1_PARSE_C - * - * Enable the generic ASN1 parser. - * - * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c - * library/pkcs12.c - * library/pkcs5.c - * library/pkparse.c - */ -#define MBEDTLS_ASN1_PARSE_C - -/** - * \def MBEDTLS_ASN1_WRITE_C - * - * Enable the generic ASN1 writer. - * - * Module: library/asn1write.c - * Caller: library/ecdsa.c - * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/x509write_csr.c - */ -#define MBEDTLS_ASN1_WRITE_C - -/** - * \def MBEDTLS_BASE64_C - * - * Enable the Base64 module. - * - * Module: library/base64.c - * Caller: library/pem.c - * - * This module is required for PEM support (required by X.509). - */ -#define MBEDTLS_BASE64_C - -/** - * \def MBEDTLS_BIGNUM_C - * - * Enable the multi-precision integer library. - * - * Module: library/bignum.c - * Caller: library/dhm.c - * library/ecp.c - * library/ecdsa.c - * library/rsa.c - * library/rsa_internal.c - * library/ssl_tls.c - * - * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. - */ -#define MBEDTLS_BIGNUM_C - -/** - * \def MBEDTLS_BLOWFISH_C - * - * Enable the Blowfish block cipher. - * - * Module: library/blowfish.c - */ -#define MBEDTLS_BLOWFISH_C - -/** - * \def MBEDTLS_CAMELLIA_C - * - * Enable the Camellia block cipher. - * - * Module: library/camellia.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_CAMELLIA_C - -/** - * \def MBEDTLS_ARIA_C - * - * Enable the ARIA block cipher. - * - * Module: library/aria.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * - * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 - */ -//#define MBEDTLS_ARIA_C - -/** - * \def MBEDTLS_CCM_C - * - * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. - * - * Module: library/ccm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-CCM ciphersuites, if other requisites are - * enabled as well. - */ -#define MBEDTLS_CCM_C - -/** - * \def MBEDTLS_CERTS_C - * - * Enable the test certificates. - * - * Module: library/certs.c - * Caller: - * - * This module is used for testing (ssl_client/server). - */ -#define MBEDTLS_CERTS_C - -/** - * \def MBEDTLS_CHACHA20_C - * - * Enable the ChaCha20 stream cipher. - * - * Module: library/chacha20.c - */ -#define MBEDTLS_CHACHA20_C - -/** - * \def MBEDTLS_CHACHAPOLY_C - * - * Enable the ChaCha20-Poly1305 AEAD algorithm. - * - * Module: library/chachapoly.c - * - * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C - */ -#define MBEDTLS_CHACHAPOLY_C - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ssl_tls.c - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CMAC_C - * - * Enable the CMAC (Cipher-based Message Authentication Code) mode for block - * ciphers. - * - * Module: library/cmac.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C - * - */ -#define MBEDTLS_CMAC_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-based random generator. - * The CTR_DRBG generator uses AES-256 by default. - * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C - * - * This module provides the CTR_DRBG AES random number generator. - */ -#define MBEDTLS_CTR_DRBG_C - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module provides debugging functions. - */ -#define MBEDTLS_DEBUG_C - -/** - * \def MBEDTLS_DES_C - * - * Enable the DES block cipher. - * - * Module: library/des.c - * Caller: library/pem.c - * library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * - * PEM_PARSE uses DES/3DES for decrypting encrypted keys. - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - */ -#define MBEDTLS_DES_C - -/** - * \def MBEDTLS_DHM_C - * - * Enable the Diffie-Hellman-Merkle module. - * - * Module: library/dhm.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * DHE-RSA, DHE-PSK - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_DHM_C - -/** - * \def MBEDTLS_ECDH_C - * - * Enable the elliptic curve Diffie-Hellman library. - * - * Module: library/ecdh.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK - * - * Requires: MBEDTLS_ECP_C - */ -#define MBEDTLS_ECDH_C - -/** - * \def MBEDTLS_ECDSA_C - * - * Enable the elliptic curve DSA library. - * - * Module: library/ecdsa.c - * Caller: - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C - */ -#define MBEDTLS_ECDSA_C - -/** - * \def MBEDTLS_ECJPAKE_C - * - * Enable the elliptic curve J-PAKE library. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Module: library/ecjpake.c - * Caller: - * - * This module is used by the following key exchanges: - * ECJPAKE - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C - */ -//#define MBEDTLS_ECJPAKE_C - -/** - * \def MBEDTLS_ECP_C - * - * Enable the elliptic curve over GF(p) library. - * - * Module: library/ecp.c - * Caller: library/ecdh.c - * library/ecdsa.c - * library/ecjpake.c - * - * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED - */ -#define MBEDTLS_ECP_C - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_GCM_C - * - * Enable the Galois/Counter Mode (GCM) for AES. - * - * Module: library/gcm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other - * requisites are enabled as well. - */ -#define MBEDTLS_GCM_C - -/** - * \def MBEDTLS_HAVEGE_C - * - * Enable the HAVEGE random generator. - * - * Warning: the HAVEGE random generator is not suitable for virtualized - * environments - * - * Warning: the HAVEGE random generator is dependent on timing and specific - * processor traits. It is therefore not advised to use HAVEGE as - * your applications primary random generator or primary entropy pool - * input. As a secondary input to your entropy pool, it IS able add - * the (limited) extra entropy it provides. - * - * Module: library/havege.c - * Caller: - * - * Requires: MBEDTLS_TIMING_C - * - * Uncomment to enable the HAVEGE random generator. - */ -//#define MBEDTLS_HAVEGE_C - -/** - * \def MBEDTLS_HKDF_C - * - * Enable the HKDF algorithm (RFC 5869). - * - * Module: library/hkdf.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the Hashed Message Authentication Code - * (HMAC)-based key derivation function (HKDF). - */ -#define MBEDTLS_HKDF_C - -/** - * \def MBEDTLS_HMAC_DRBG_C - * - * Enable the HMAC_DRBG random generator. - * - * Module: library/hmac_drbg.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * Uncomment to enable the HMAC_DRBG random number geerator. - */ -#define MBEDTLS_HMAC_DRBG_C - -/** - * \def MBEDTLS_NIST_KW_C - * - * Enable the Key Wrapping mode for 128-bit block ciphers, - * as defined in NIST SP 800-38F. Only KW and KWP modes - * are supported. At the moment, only AES is approved by NIST. - * - * Module: library/nist_kw.c - * - * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C - */ -//#define MBEDTLS_NIST_KW_C - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic message digest layer. - * - * Module: library/md.c - * Caller: - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C - -/** - * \def MBEDTLS_MD2_C - * - * Enable the MD2 hash algorithm. - * - * Module: library/md2.c - * Caller: - * - * Uncomment to enable support for (rare) MD2-signed X.509 certs. - * - * \warning MD2 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_MD2_C - -/** - * \def MBEDTLS_MD4_C - * - * Enable the MD4 hash algorithm. - * - * Module: library/md4.c - * Caller: - * - * Uncomment to enable support for (rare) MD4-signed X.509 certs. - * - * \warning MD4 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_MD4_C - -/** - * \def MBEDTLS_MD5_C - * - * Enable the MD5 hash algorithm. - * - * Module: library/md5.c - * Caller: library/md.c - * library/pem.c - * library/ssl_tls.c - * - * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2 - * depending on the handshake parameters. Further, it is used for checking - * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded - * encrypted keys. - * - * \warning MD5 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_MD5_C - -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP and UDP over IPv6/IPv4 networking routines. - * - * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) - * and Windows. For other platforms, you'll want to disable it, and write your - * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/net_sockets.c - * - * This module provides networking routines. - */ -//#define MBEDTLS_NET_C - -/** - * \def MBEDTLS_OID_C - * - * Enable the OID database. - * - * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * This modules translates between OIDs and internal values. - */ -#define MBEDTLS_OID_C - -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - -/** - * \def MBEDTLS_PEM_PARSE_C - * - * Enable PEM decoding / parsing. - * - * Module: library/pem.c - * Caller: library/dhm.c - * library/pkparse.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for decoding / parsing PEM files. - */ -#define MBEDTLS_PEM_PARSE_C - -/** - * \def MBEDTLS_PEM_WRITE_C - * - * Enable PEM encoding / writing. - * - * Module: library/pem.c - * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for encoding / writing PEM files. - */ -#define MBEDTLS_PEM_WRITE_C - -/** - * \def MBEDTLS_PK_C - * - * Enable the generic public (asymetric) key layer. - * - * Module: library/pk.c - * Caller: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C - * - * Uncomment to enable generic public key wrappers. - */ -#define MBEDTLS_PK_C - -/** - * \def MBEDTLS_PK_PARSE_C - * - * Enable the generic public (asymetric) key parser. - * - * Module: library/pkparse.c - * Caller: library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key parse functions. - */ -#define MBEDTLS_PK_PARSE_C - -/** - * \def MBEDTLS_PK_WRITE_C - * - * Enable the generic public (asymetric) key writer. - * - * Module: library/pkwrite.c - * Caller: library/x509write.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key write functions. - */ -#define MBEDTLS_PK_WRITE_C - -/** - * \def MBEDTLS_PKCS5_C - * - * Enable PKCS#5 functions. - * - * Module: library/pkcs5.c - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the PKCS#5 functions. - */ -#define MBEDTLS_PKCS5_C - -/** - * \def MBEDTLS_PKCS11_C - * - * Enable wrapper for PKCS#11 smartcard support. - * - * Module: library/pkcs11.c - * Caller: library/pk.c - * - * Requires: MBEDTLS_PK_C - * - * This module enables SSL/TLS PKCS #11 smartcard support. - * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) - */ -//#define MBEDTLS_PKCS11_C - -/** - * \def MBEDTLS_PKCS12_C - * - * Enable PKCS#12 PBE functions. - * Adds algorithms for parsing PKCS#8 encrypted private keys - * - * Module: library/pkcs12.c - * Caller: library/pkparse.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * Can use: MBEDTLS_ARC4_C - * - * This module enables PKCS#12 functions. - */ -#define MBEDTLS_PKCS12_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_POLY1305_C - * - * Enable the Poly1305 MAC algorithm. - * - * Module: library/poly1305.c - * Caller: library/chachapoly.c - */ -#define MBEDTLS_POLY1305_C - -/** - * \def MBEDTLS_RIPEMD160_C - * - * Enable the RIPEMD-160 hash algorithm. - * - * Module: library/ripemd160.c - * Caller: library/md.c - * - */ -#define MBEDTLS_RIPEMD160_C - -/** - * \def MBEDTLS_RSA_C - * - * Enable the RSA public-key cryptosystem. - * - * Module: library/rsa.c - * library/rsa_internal.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509.c - * - * This module is used by the following key exchanges: - * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C - */ -#define MBEDTLS_RSA_C - -/** - * \def MBEDTLS_SHA1_C - * - * Enable the SHA1 cryptographic hash algorithm. - * - * Module: library/sha1.c - * Caller: library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509write_crt.c - * - * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 - * depending on the handshake parameters, and for SHA1-signed certificates. - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_SHA1_C - -/** - * \def MBEDTLS_SHA256_C - * - * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. - * - * Module: library/sha256.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module adds support for SHA-224 and SHA-256. - * This module is required for the SSL/TLS 1.2 PRF function. - */ -#define MBEDTLS_SHA256_C - -/** - * \def MBEDTLS_SHA512_C - * - * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. - * - * Module: library/sha512.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This module adds support for SHA-384 and SHA-512. - */ -#define MBEDTLS_SHA512_C - -#if (SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM) -#undef MBEDTLS_SHA512_C -#endif - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: MBEDTLS_CIPHER_C - */ -#define MBEDTLS_SSL_TICKET_C - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl_cli.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS client support. - */ -#define MBEDTLS_SSL_CLI_C - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl_srv.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS server support. - */ -#define MBEDTLS_SSL_SRV_C - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#define MBEDTLS_SSL_TLS_C - -/** - * \def MBEDTLS_THREADING_C - * - * Enable the threading abstraction layer. - * By default mbed TLS assumes it is used in a non-threaded environment or that - * contexts are not shared between threads. If you do intend to use contexts - * between threads, you will need to enable this layer to prevent race - * conditions. See also our Knowledge Base article about threading: - * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading - * - * Module: library/threading.c - * - * This allows different threading implementations (self-implemented or - * provided). - * - * You will have to enable either MBEDTLS_THREADING_ALT or - * MBEDTLS_THREADING_PTHREAD. - * - * Enable this layer to allow use of mutexes within mbed TLS - */ -//#define MBEDTLS_THREADING_C - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the semi-portable timing interface. - * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/timing.c - * Caller: library/havege.c - * - * This module is used by the HAVEGE random number generator. - */ -//#define MBEDTLS_TIMING_C - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/x509_crl.c - * Caller: library/x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/** - * \def MBEDTLS_XTEA_C - * - * Enable the XTEA block cipher. - * - * Module: library/xtea.c - * Caller: - */ -#define MBEDTLS_XTEA_C - -/* \} name SECTION: mbed TLS modules */ - -/** - * \name SECTION: Module configuration options - * - * This section allows for the setting of module specific sizes and - * configuration options. The default values are already present in the - * relevant header files and should suffice for the regular use cases. - * - * Our advice is to enable options and change their values here - * only if you have a good reason and know the consequences. - * - * Please check the respective header file for documentation on these - * parameters (to prevent duplicate documentation). - * \{ - */ - -/* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ -//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ - -/* CTR_DRBG options */ -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ -//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */ - -/* HMAC_DRBG options */ -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ -//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ - -/* Entropy options */ -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ -//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ - -/* Memory buffer allocator options */ -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ - -/* Platform options */ -//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ - -/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ -/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ - -/** - * \brief This macro is invoked by the library when an invalid parameter - * is detected that is only checked with MBEDTLS_CHECK_PARAMS - * (see the documentation of that option for context). - * - * When you leave this undefined here, a default definition is - * provided that invokes the function mbedtls_param_failed(), - * which is declared in platform_util.h for the benefit of the - * library, but that you need to define in your application. - * - * When you define this here, this replaces the default - * definition in platform_util.h (which no longer declares the - * function mbedtls_param_failed()) and it is your responsibility - * to make sure this macro expands to something suitable (in - * particular, that all the necessary declarations are visible - * from within the library - you can ensure that by providing - * them in this file next to the macro definition). - * - * Note that you may define this macro to expand to nothing, in - * which case you don't have to worry about declarations or - * definitions. However, you will then be notified about invalid - * parameters only in non-void functions, and void function will - * just silently return early on invalid parameters, which - * partially negates the benefits of enabling - * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. - * - * \param cond The expression that should evaluate to true, but doesn't. - */ -//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) - -/* SSL Cache options */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ - -/* SSL options */ - -/** \def MBEDTLS_SSL_MAX_CONTENT_LEN - * - * Maximum length (in bytes) of incoming and outgoing plaintext fragments. - * - * This determines the size of both the incoming and outgoing TLS I/O buffers - * in such a way that both are capable of holding the specified amount of - * plaintext data, regardless of the protection mechanism used. - * - * To configure incoming and outgoing I/O buffers separately, use - * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN, - * which overwrite the value set by this option. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of both - * incoming and outgoing I/O buffers. - */ -//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_IN_CONTENT_LEN - * - * Maximum length (in bytes) of incoming plaintext fragments. - * - * This determines the size of the incoming TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * If this option is undefined, it inherits its value from - * #MBEDTLS_SSL_MAX_CONTENT_LEN. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of the incoming I/O buffer - * independently of the outgoing I/O buffer. - */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_OUT_CONTENT_LEN - * - * Maximum length (in bytes) of outgoing plaintext fragments. - * - * This determines the size of the outgoing TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * If this option undefined, it inherits its value from - * #MBEDTLS_SSL_MAX_CONTENT_LEN. - * - * It is possible to save RAM by setting a smaller outward buffer, while keeping - * the default inward 16384 byte buffer to conform to the TLS specification. - * - * The minimum required outward buffer size is determined by the handshake - * protocol's usage. Handshaking will fail if the outward buffer is too small. - * The specific size requirement depends on the configured ciphers and any - * certificate data which is sent during the handshake. - * - * Uncomment to set the maximum plaintext size of the outgoing I/O buffer - * independently of the incoming I/O buffer. - */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING - * - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - * - * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN - * to account for a reassembled handshake message of maximum size, - * together with its reassembly bitmap. - * - * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) - * should be sufficient for all practical situations as it allows - * to reassembly a large handshake message (such as a certificate) - * while buffering multiple smaller handshake messages. - * - */ -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 - -//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ - -/** - * Complete list of ciphersuites to use, in order of preference. - * - * \warning No dependency checking is done on that field! This option can only - * be used to restrict the set of available ciphersuites. It is your - * responsibility to make sure the needed modules are active. - * - * Use this to save a few hundred bytes of ROM (default ordering of all - * available ciphersuites) and a few to a few hundred bytes of RAM. - * - * The value below is only an example, not the default. - */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* X509 options */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ - -/** - * Allow SHA-1 in the default TLS configuration for certificate signing. - * Without this build-time option, SHA-1 support must be activated explicitly - * through mbedtls_ssl_conf_cert_profile. Turning on this option is not - * recommended because of it is possible to generate SHA-1 collisions, however - * this may be safe for legacy infrastructure where additional controls apply. - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES - -/** - * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake - * signature and ciphersuite selection. Without this build-time option, SHA-1 - * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. - * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by - * default. At the time of writing, there is no practical attack on the use - * of SHA-1 in handshake signatures, hence this option is turned on by default - * to preserve compatibility with existing peers, but the general - * warning applies nonetheless: - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE - -/** - * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_platform_zeroize(). This replaces the default implementation in - * platform_util.c. - * - * mbedtls_platform_zeroize() is a widely used function across the library to - * zero a block of memory. The implementation is expected to be secure in the - * sense that it has been written to prevent the compiler from removing calls - * to mbedtls_platform_zeroize() as part of redundant code elimination - * optimizations. However, it is difficult to guarantee that calls to - * mbedtls_platform_zeroize() will not be optimized by the compiler as older - * versions of the C language standards do not provide a secure implementation - * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to - * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from newer - * C standards (e.g using memset_s() in C11) or calling a secure memset() from - * their system (e.g explicit_bzero() in BSD). - */ -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT - -/** - * Uncomment the macro to let Mbed TLS use your alternate implementation of - * mbedtls_platform_gmtime_r(). This replaces the default implementation in - * platform_util.c. - * - * gmtime() is not a thread-safe function as defined in the C standard. The - * library will try to use safer implementations of this function, such as - * gmtime_r() when available. However, if Mbed TLS cannot identify the target - * system, the implementation of mbedtls_platform_gmtime_r() will default to - * using the standard gmtime(). In this case, calls from the library to - * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the - * library are also guarded with this mutex to avoid race conditions. However, - * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will - * unconditionally use the implementation for mbedtls_platform_gmtime_r() - * supplied at compile time. - */ -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT - -/* \} name SECTION: Customisation configuration options */ - -/* Target and application specific configurations - * - * Allow user to override any previous default. - * - */ -#if defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -#include "mbedtls/check_config.h" - -/* clang-format on */ - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/variants/NICLA_VISION/conf/mbed_app.json b/variants/NICLA_VISION/conf/mbed_app.json index f3227a71f..361a0ab94 100644 --- a/variants/NICLA_VISION/conf/mbed_app.json +++ b/variants/NICLA_VISION/conf/mbed_app.json @@ -1,5 +1,4 @@ { - "macros" : ["MBEDTLS_USER_CONFIG_FILE=\"custom_mbedtls_config.h\""], "target_overrides": { "*": { "target.printf_lib": "std", diff --git a/variants/NICLA_VISION/defines.txt b/variants/NICLA_VISION/defines.txt index 79ccdbfd8..f9fea0fc5 100644 --- a/variants/NICLA_VISION/defines.txt +++ b/variants/NICLA_VISION/defines.txt @@ -6,7 +6,6 @@ -DCOMPONENT_CYW43XXX=1 -DCOMPONENT_FLASHIAP=1 -DCOMPONENT_QSPIF=1 --DCOMPONENT_SE050=1 -DCOMPONENT_WHD=1 -DCORE_CM7 -D__CORTEX_M7 @@ -42,10 +41,9 @@ -DDEVICE_WATCHDOG=1 -DEXTRA_IDLE_STACK_REQUIRED -DFEATURE_BLE=1 --DFLOW_SILENT -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751296054.2534025 +-DMBED_BUILD_TIMESTAMP=1779182017.3223794 -D__MBED_CMSIS_RTOS_CM -DMBED_TICKLESS -DMBEDTLS_FS_IO @@ -56,8 +54,6 @@ -DQSPI_NO_SAMPLE_SHIFT -DRPMSG_BUFFER_SIZE=512 -DSTM32H747xx --DT1oI2C --DT1oI2C_UM11225 -DTARGET_CORDIO -DTARGET_CORTEX -DTARGET_CORTEX_M diff --git a/variants/NICLA_VISION/includes.txt b/variants/NICLA_VISION/includes.txt index 4bef4f58c..43eae847a 100644 --- a/variants/NICLA_VISION/includes.txt +++ b/variants/NICLA_VISION/includes.txt @@ -276,27 +276,6 @@ -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/STM32Cube_FW/CMSIS -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/STM32Cube_FW/STM32H7xx_HAL_Driver -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/STM32Cube_FW/STM32H7xx_HAL_Driver/Legacy --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050 --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/TARGET_NICLA_VISION -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/TARGET_NICLA_VISION/COMPONENT_WHD -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/TARGET_NICLA_VISION/COMPONENT_WHD/interface diff --git a/variants/NICLA_VISION/libs/libmbed.a b/variants/NICLA_VISION/libs/libmbed.a index 78b2cae39..0c5aaf983 100644 Binary files a/variants/NICLA_VISION/libs/libmbed.a and b/variants/NICLA_VISION/libs/libmbed.a differ diff --git a/variants/NICLA_VISION/mbed_config.h b/variants/NICLA_VISION/mbed_config.h index d4ec859a3..afe4586a9 100644 --- a/variants/NICLA_VISION/mbed_config.h +++ b/variants/NICLA_VISION/mbed_config.h @@ -431,7 +431,6 @@ #define WSF_TRACE_ENABLED 0 // set by library:cordio // Macros #define MBEDTLS_CIPHER_MODE_CTR // defined by library:SecureStore -#define MBEDTLS_USER_CONFIG_FILE "conf/custom_mbedtls_config.h" // defined by application #define NSAPI_PPP_AVAILABLE (MBED_CONF_PPP_ENABLED || MBED_CONF_LWIP_PPP_ENABLED) // defined by library:ppp #define NSDYNMEM_TRACKER_ENABLED MBED_CONF_NANOSTACK_LIBSERVICE_NSDYNMEM_TRACKER_ENABLED // defined by library:nanostack-libservice #define UNITY_INCLUDE_CONFIG_H // defined by library:utest diff --git a/variants/OPTA/defines.txt b/variants/OPTA/defines.txt index e2efa0d9a..44aa91907 100644 --- a/variants/OPTA/defines.txt +++ b/variants/OPTA/defines.txt @@ -44,7 +44,7 @@ -DFEATURE_BLE=1 -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751296112.1474662 +-DMBED_BUILD_TIMESTAMP=1779181573.8570766 -D__MBED_CMSIS_RTOS_CM -DMBED_TICKLESS -DMBEDTLS_FS_IO diff --git a/variants/OPTA/libs/libmbed.a b/variants/OPTA/libs/libmbed.a index bf4629098..6e8f95fcb 100644 Binary files a/variants/OPTA/libs/libmbed.a and b/variants/OPTA/libs/libmbed.a differ diff --git a/variants/OPTA/linker_script.ld b/variants/OPTA/linker_script.ld index a0fdb9fcd..06446aa41 100644 --- a/variants/OPTA/linker_script.ld +++ b/variants/OPTA/linker_script.ld @@ -103,6 +103,12 @@ SECTIONS *(.dtcm*) _edtcm = .; } > DTCMRAM + .plc_d3_section 0x3800F000 (NOLOAD): { + *(.plc_buffer) + } > RAM_D3 + .plc_d2_section 0x30000000 (NOLOAD): { + *(.plc_code) + } > RAM_D2 .heap (COPY): { __end__ = .; diff --git a/variants/PORTENTA_H7_M7/defines.txt b/variants/PORTENTA_H7_M7/defines.txt index 6296cba65..bc6be7493 100644 --- a/variants/PORTENTA_H7_M7/defines.txt +++ b/variants/PORTENTA_H7_M7/defines.txt @@ -46,7 +46,7 @@ -D__FPU_PRESENT=1 -DLSE_STARTUP_TIMEOUT=200 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751295869.6783228 +-DMBED_BUILD_TIMESTAMP=1779181635.7633138 -D__MBED_CMSIS_RTOS_CM -DMBED_TICKLESS -DMBEDTLS_FS_IO diff --git a/variants/PORTENTA_H7_M7/libs/libmbed.a b/variants/PORTENTA_H7_M7/libs/libmbed.a index 29612e1b2..85d1f875b 100644 Binary files a/variants/PORTENTA_H7_M7/libs/libmbed.a and b/variants/PORTENTA_H7_M7/libs/libmbed.a differ diff --git a/variants/PORTENTA_X8/defines.txt b/variants/PORTENTA_X8/defines.txt index c8bf9be16..0555d8a95 100644 --- a/variants/PORTENTA_X8/defines.txt +++ b/variants/PORTENTA_X8/defines.txt @@ -34,7 +34,7 @@ -DEXTRA_IDLE_STACK_REQUIRED -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751296223.5654757 +-DMBED_BUILD_TIMESTAMP=1779181699.2134275 -D__MBED_CMSIS_RTOS_CM -DMBED_MPU_CUSTOM -DMBED_TICKLESS diff --git a/variants/PORTENTA_X8/libs/libmbed.a b/variants/PORTENTA_X8/libs/libmbed.a index 6dc74d033..cefc01312 100644 Binary files a/variants/PORTENTA_X8/libs/libmbed.a and b/variants/PORTENTA_X8/libs/libmbed.a differ diff --git a/variants/RASPBERRY_PI_PICO/defines.txt b/variants/RASPBERRY_PI_PICO/defines.txt index 43f6f22d4..6cc7d41cf 100644 --- a/variants/RASPBERRY_PI_PICO/defines.txt +++ b/variants/RASPBERRY_PI_PICO/defines.txt @@ -21,7 +21,7 @@ -DDEVICE_USTICKER=1 -DDEVICE_WATCHDOG=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751295845.4641042 +-DMBED_BUILD_TIMESTAMP=1779181752.2690537 -D__MBED_CMSIS_RTOS_CM -DMBED_MPU_CUSTOM -DMBEDTLS_ENTROPY_NV_SEED diff --git a/variants/RASPBERRY_PI_PICO/libs/libmbed.a b/variants/RASPBERRY_PI_PICO/libs/libmbed.a index 2e2d98df1..261f60437 100644 Binary files a/variants/RASPBERRY_PI_PICO/libs/libmbed.a and b/variants/RASPBERRY_PI_PICO/libs/libmbed.a differ diff --git a/variants/STELLA/defines.txt b/variants/STELLA/defines.txt index 8199cf727..4a8029e52 100644 --- a/variants/STELLA/defines.txt +++ b/variants/STELLA/defines.txt @@ -34,7 +34,7 @@ -DFEATURE_STORAGE=1 -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751296267.721782 +-DMBED_BUILD_TIMESTAMP=1779181787.8582435 -D__MBED_CMSIS_RTOS_CM -DMBED_MPU_CUSTOM -DMBED_TICKLESS diff --git a/variants/STELLA/libs/libmbed.a b/variants/STELLA/libs/libmbed.a index de69bdf91..ee010339a 100644 Binary files a/variants/STELLA/libs/libmbed.a and b/variants/STELLA/libs/libmbed.a differ