diff --git a/configure.ac b/configure.ac index a6765405c..ab54cd664 100644 --- a/configure.ac +++ b/configure.ac @@ -2849,6 +2849,51 @@ AC_ARG_WITH([cryptoauthlib], ] ) + +# TropicSquare TROPIC01 +# Example: "./configure --with-tropic01=/home/pi/libtropic" +ENABLED_TROPIC01="no" +trylibtropicdir="" +AC_ARG_WITH([tropic01], + [AS_HELP_STRING([--with-tropic01=PATH],[PATH to install (default /usr/)])], + [ + AC_MSG_CHECKING([for tropic01]) + CPPFLAGS="$CPPFLAGS -DWOLFSSL_TROPIC01" + LIBS="$LIBS -llibtropic" + + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ lt_init(0); ]])],[ libtropic_linked=yes ],[ libtropic_linked=no ]) + + if test "x$libtropic_linked" = "xno" ; then + if test "x$withval" != "xno" ; then + trylibtropicdir=$withval + fi + if test "x$withval" = "xyes" ; then + trylibtropicdir="/usr" + fi + + LDFLAGS="$LDFLAGS -L$trylibtropicdir/lib" + CPPFLAGS="$CPPFLAGS -I$trylibtropicdir/lib" + + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ lt_init(0); ]])],[ libtropic_linked=yes ],[ libtropic_linked=no ]) + + if test "x$libtropic_linked" = "xno" ; then + AC_MSG_ERROR([libtropic isn't found. + If it's already installed, specify its path using --with-tropic01=/dir/]) + fi + + AM_LDFLAGS="$AM_LDFLAGS -L$trylibtropicdir/lib" + AM_CFLAGS="$AM_CFLAGS -I$trylibtropicdir/lib" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([yes]) + fi + + ENABLED_TROPIC01="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TROPIC01" + ] +) + + # NXP SE050 # Example: "./configure --with-se050=/home/pi/simw_top" ENABLED_SE050="no" @@ -10702,6 +10747,7 @@ AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM_QNX" = "xyes"]) AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"]) AM_CONDITIONAL([BUILD_IOTSAFE_HWRNG],[test "x$ENABLED_IOTSAFE_HWRNG" = "xyes"]) AM_CONDITIONAL([BUILD_SE050],[test "x$ENABLED_SE050" = "xyes"]) +AM_CONDITIONAL([BUILD_TROPIC01],[test "x$ENABLED_TROPIC01" = "xyes"]) AM_CONDITIONAL([BUILD_KDF],[test "x$ENABLED_KDF" = "xyes"]) AM_CONDITIONAL([BUILD_HMAC],[test "x$ENABLED_HMAC" = "xyes"]) AM_CONDITIONAL([BUILD_ERROR_STRINGS],[test "x$ENABLED_ERROR_STRINGS" = "xyes"]) @@ -11230,6 +11276,7 @@ echo " * i.MX CAAM: $ENABLED_CAAM" echo " * IoT-Safe: $ENABLED_IOTSAFE" echo " * IoT-Safe HWRNG: $ENABLED_IOTSAFE_HWRNG" echo " * NXP SE050: $ENABLED_SE050" +echo " * TROPIC01: $ENABLED_TROPIC01" echo " * Maxim Integrated MAXQ10XX: $ENABLED_MAXQ10XX" echo " * PSA: $ENABLED_PSA" echo " * System CA certs: $ENABLED_SYS_CA_CERTS" diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 151245120..f1bfd526a 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -105,6 +105,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/st/README.md \ wolfcrypt/src/port/st/STM32MP13.md \ wolfcrypt/src/port/st/STM32MP25.md \ + wolfcrypt/src/port/tropicsquare/tropic01.c \ wolfcrypt/src/port/af_alg/afalg_aes.c \ wolfcrypt/src/port/af_alg/afalg_hash.c \ wolfcrypt/src/port/kcapi/kcapi_aes.c \ @@ -221,6 +222,10 @@ if BUILD_SE050 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/nxp/se050_port.c endif +if BUILD_TROPIC01 +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/tropicsquare/tropic01.c +endif + if BUILD_PSA src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/psa/psa.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/psa/psa_hash.c diff --git a/wolfcrypt/src/port/tropicsquare/tropic01.c b/wolfcrypt/src/port/tropicsquare/tropic01.c new file mode 100644 index 000000000..0f0be4e62 --- /dev/null +++ b/wolfcrypt/src/port/tropicsquare/tropic01.c @@ -0,0 +1,355 @@ +/* tropic01.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * +*/ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include +#include +#include +#include + +#include + +/* + * TROPIC01 hardware RNG implementation + */ +static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx) +{ + int ret = 0; + // Default factory pairing keys + byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0; + // Engineering samples 01 keys: + byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b}; + byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54}; + lt_handle_t h; + lt_ret_t rett; + WOLFSSL_MSG_EX("TROPIC01: GetRandom: Requesting %u bytes", sz); + + if (out == NULL || ctx == NULL || !ctx->initialized || sz == 0) + return BAD_FUNC_ARG; + + /* Call TROPIC01 TRNG API to get random data */ + + + rett = lt_init(&h); + if(rett != LT_OK) { + //printf("Error lt_init(): %s", lt_ret_verbose(ret)); + return rett; + } + ret = verify_chip_and_start_secure_session(&h, sh0priv, sh0pub, pkey_index_0); + if(ret != LT_OK) { + //printf("Error sec channel: %s", lt_ret_verbose(ret)); + lt_deinit(&h); + return ret; + } + ret = lt_random_get(&h, out, sz); + if(ret != LT_OK) { + //printf("Error l3 cmd: %s", lt_ret_verbose(ret)); + lt_deinit(&h); + return ret; + } + ret = lt_deinit(&h); + if(ret != LT_OK) { + //printf("Error lt_deinit(): %s", lt_ret_verbose(ret)); + return ret; + } + WOLFSSL_MSG_EX("TROPIC01: GetRandom: Completed with ret=%d", ret); + return ret; +} + +/* + * Retrive the AES key from the secure memory of TROPIC01 + */ + +static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz, Tropic01CryptoDevCtx* ctx) +{ + int ret; + // Default factory pairing keys + byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0; + // Engineering samples 01 keys: + byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b}; + byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54}; + lt_handle_t h; + lt_ret_t rett; + WOLFSSL_MSG_EX("TROPIC01: GetKey: Retrieving key from slot %d", keySlot); + + if (aes == NULL || ctx == NULL || !ctx->initialized || keySlot < 0 || keySlot >= 511) + return BAD_FUNC_ARG; + + /* Check key size */ + if (keySz != 16 && keySz != 24 && keySz != 32) { + WOLFSSL_MSG_EX("TROPIC01: GetKey: Unsupported key size %u", keySz); + return BAD_FUNC_ARG; + } + + /* Retrieve key from TROPIC01 */ + rett = lt_init(&h); + if(rett != LT_OK) { + //printf("Error lt_init(): %s", lt_ret_verbose(ret)); + return rett; + } + ret = verify_chip_and_start_secure_session(&h, sh0priv, sh0pub, pkey_index_0); + if(ret != LT_OK) { + //printf("Error sec channel: %s", lt_ret_verbose(ret)); + lt_deinit(&h); + return ret; + } + ret = lt_r_mem_data_read(&h, keySlot, (byte*)aes->key, keySz); + if(ret != LT_OK) { + //printf("Error l3 cmd: %s", lt_ret_verbose(ret)); + lt_deinit(&h); + return 1; + } + ret = lt_deinit(&h); + if(ret != LT_OK) { + //printf("Error lt_deinit(): %s", lt_ret_verbose(ret)); + return ret; + } + + if (ret != 0) { + WOLFSSL_MSG_EX("TROPIC01: GetKey: Failed to retrieve key, ret=%d", ret); + return ret; + } + + WOLFSSL_MSG_EX("TROPIC01: GetKey: Key retrieved successfully"); + return 0; +} + +/** + * Find an available key slot in the TROPIC01 + */ +static int Tropic01_FindFreeKeySlot(Tropic01CryptoDevCtx* ctx) +{ + int i; + + WOLFSSL_MSG("TROPIC01: FindFreeKeySlot: Searching for available slot"); + + for (i = 0; i < 8; i++) { + if (ctx->keySlotUsage[i] == 0) { + ctx->keySlotUsage[i] = 1; + WOLFSSL_MSG_EX("TROPIC01: FindFreeKeySlot: Found slot %d", i); + return i; + } + } + + WOLFSSL_MSG("TROPIC01: FindFreeKeySlot: No free slots available"); + return -1; +} + +/** + * Store AES key in TROPIC01 secure memory + */ +static int Tropic01_StoreKey(Aes* aes, const byte* key, word32 keySz, Tropic01CryptoDevCtx* ctx) +{ + int ret; + int keySlot; + Tropic01KeyRef* keyRef; + + WOLFSSL_MSG_EX("TROPIC01: StoreKey: Storing key of size %u bytes", keySz); + + if (aes == NULL || key == NULL || ctx == NULL || !ctx->initialized) + return BAD_FUNC_ARG; + + /* Check key size */ + if (keySz != 16 && keySz != 24 && keySz != 32) { + WOLFSSL_MSG_EX("TROPIC01: StoreKey: Unsupported key size %u", keySz); + return BAD_FUNC_ARG; + } + + /* Find available key slot */ + keySlot = Tropic01_FindFreeKeySlot(ctx); + if (keySlot < 0) { + WOLFSSL_MSG("TROPIC01: StoreKey: No free key slots available"); + return MEMORY_E; + } + + /* Allocate key reference */ + keyRef = (Tropic01KeyRef*)XMALLOC(sizeof(Tropic01KeyRef), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (keyRef == NULL) { + ctx->keySlotUsage[keySlot] = 0; + return MEMORY_E; + } + + /* Store key in TROPIC01 */ + /* Example TROPIC01_StoreKey call */ + ret = 0; /* Replace with actual implementation */ + + if (ret != 0) { + WOLFSSL_MSG_EX("TROPIC01: StoreKey: Failed to store key in slot %d, ret=%d", keySlot, ret); + XFREE(keyRef, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ctx->keySlotUsage[keySlot] = 0; + return ret; + } + + /* Initialize key reference */ + keyRef->keySlot = keySlot; + keyRef->keySize = keySz; + keyRef->keyType = 0; + keyRef->isValid = 1; + + /* Store reference in AES structure */ + //aes->devKey = keySlot; + //aes->devCtx = keyRef; + + WOLFSSL_MSG_EX("TROPIC01: StoreKey: Key stored successfully in slot %d", keySlot); + return 0; +} + +/** + * Crypto Callback function for TROPIC01 + */ +int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) +{ + int ret = CRYPTOCB_UNAVAILABLE; + Tropic01CryptoDevCtx* tropicCtx = (Tropic01CryptoDevCtx*)ctx; + + + if (info == NULL || tropicCtx == NULL || !tropicCtx->initialized || devId == -2) + return BAD_FUNC_ARG; + + switch (info->algo_type) { + case WC_ALGO_TYPE_RNG: + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: RNG generation request (%u bytes)", info->rng.sz); + ret = Tropic01_GetRandom(info->rng.out, info->rng.sz, tropicCtx); + break; + case WC_ALGO_TYPE_SEED: + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: SEED generation request (%u bytes)", info->seed.sz); + ret = Tropic01_GetRandom(info->seed.seed, info->seed.sz, tropicCtx); + break; + case WC_ALGO_TYPE_CIPHER: + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: AES request (%u bytes)", info->aes_setkey.keySz); + ret = Tropic01_StoreKey(NULL, NULL, 32, tropicCtx); + //ret = Tropic01_GetKey(NULL, NULL, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); +#if !defined(NO_AES) || !defined(NO_DES3) + #ifdef HAVE_AESGCM + if (info->cipher.type == WC_CIPHER_AES_GCM) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; + ret = Tropic01_GetKey(info->cipher.aesgcm_enc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); + if (ret != 0) { + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM encryption, ret=%d", ret); + return ret; + } + ret = wc_AesGcmEncrypt( + info->cipher.aesgcm_enc.aes, + info->cipher.aesgcm_enc.out, + info->cipher.aesgcm_enc.in, + info->cipher.aesgcm_enc.sz, + info->cipher.aesgcm_enc.iv, + info->cipher.aesgcm_enc.ivSz, + info->cipher.aesgcm_enc.authTag, + info->cipher.aesgcm_enc.authTagSz, + info->cipher.aesgcm_enc.authIn, + info->cipher.aesgcm_enc.authInSz); + + /* reset devId */ + info->cipher.aesgcm_enc.aes->devId = devId; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID; + ret = Tropic01_GetKey(info->cipher.aesgcm_dec.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); + if (ret != 0) { + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM decryption, ret=%d", ret); + return ret; + } + ret = wc_AesGcmDecrypt( + info->cipher.aesgcm_dec.aes, + info->cipher.aesgcm_dec.out, + info->cipher.aesgcm_dec.in, + info->cipher.aesgcm_dec.sz, + info->cipher.aesgcm_dec.iv, + info->cipher.aesgcm_dec.ivSz, + info->cipher.aesgcm_dec.authTag, + info->cipher.aesgcm_dec.authTagSz, + info->cipher.aesgcm_dec.authIn, + info->cipher.aesgcm_dec.authInSz); + + /* reset devId */ + info->cipher.aesgcm_dec.aes->devId = devId; + } + } +#endif /* HAVE_AESGCM */ + #ifdef HAVE_AES_CBC + if (info->cipher.type == WC_CIPHER_AES_CBC) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aescbc.aes->devId = INVALID_DEVID; + ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); + if (ret != 0) { + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC encryption, ret=%d", ret); + return ret; + } + ret = wc_AesCbcEncrypt( + info->cipher.aescbc.aes, + info->cipher.aescbc.out, + info->cipher.aescbc.in, + info->cipher.aescbc.sz); + + /* reset devId */ + info->cipher.aescbc.aes->devId = devId; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aescbc.aes->devId = INVALID_DEVID; + ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); + if (ret != 0) { + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC decryption, ret=%d", ret); + return ret; + } + ret = wc_AesCbcDecrypt( + info->cipher.aescbc.aes, + info->cipher.aescbc.out, + info->cipher.aescbc.in, + info->cipher.aescbc.sz); + + /* reset devId */ + info->cipher.aescbc.aes->devId = devId; + } + } + #endif /* HAVE_AES_CBC */ +#endif /* !NO_AES || !NO_DES3 */ + break; + + default: + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Unsupported algorithm type %d", info->algo_type); + break; + } + + return ret; +} + +int Tropic01_Init(Tropic01CryptoDevCtx* ctx) +{ + if (ctx == NULL) + return BAD_FUNC_ARG; + + ctx->initialized = 1; + XMEMSET(ctx->keySlotUsage, 0, sizeof(ctx->keySlotUsage)); + + return 0; +} diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 6abc118b5..f31093ec1 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -69,6 +69,10 @@ #include #endif +#if defined(WOLFSSL_TROPIC01) + #include +#endif + #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) \ && !defined(WOLFCRYPT_ONLY) #include @@ -294,7 +298,13 @@ int wolfCrypt_Init(void) #if defined(WOLFSSL_STSAFEA100) stsafe_interface_init(); #endif - + #if defined(WOLFSSL_TROPIC01) + ret = Tropic01_Init(NULL); + if (ret != 0) { + WOLFSSL_MSG("Tropic01 init failed"); + return ret; + } + #endif #if defined(WOLFSSL_PSOC6_CRYPTO) ret = psoc6_crypto_port_init(); if (ret != 0) { diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index f6fadde7f..bf798d366 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -109,6 +109,7 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/silabs/silabs_random.h \ wolfssl/wolfcrypt/port/st/stm32.h \ wolfssl/wolfcrypt/port/st/stsafe.h \ + wolfssl/wolfcrypt/port/tropicsquare/tropic01.h \ wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \ wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \ wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h \ @@ -229,6 +230,10 @@ if BUILD_SE050 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/nxp/se050_port.h endif +if BUILD_TROPIC01 +nobase_include_HEADERS+= wolfssl/wolfcrypt/port/tropicsquare/tropic01.h +endif + if BUILD_MAXQ10XX nobase_include_HEADERS+= wolfssl/wolfcrypt/port/maxim/maxq10xx.h endif diff --git a/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h b/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h new file mode 100644 index 000000000..08110e03d --- /dev/null +++ b/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h @@ -0,0 +1,82 @@ +/* tropic01.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLFPORT_TROPIC01_H_ +#define _WOLFPORT_TROPIC01_H_ + +#include +#include +#include +#include + +#ifdef WOLF_CRYPTO_CB +#include +#endif + + +#ifdef WOLFSSL_TROPIC01 + +/* The TROPIC01 interface layer */ +/* Please contact wolfSSL for the TROPIC01 port files */ +#define LT_USE_TREZOR_CRYPTO 1 +#define LT_HELPERS + +#include "libtropic.h" +#include "libtropic_common.h" + + +#ifdef WOLF_CRYPTO_CB + +/* Device ID that's unique and valid (not INVALID_DEVID -2) */ +#define WOLF_TROPIC01_DEVID 0x75757; /* TROPIC01 ID*/ + + +#define TROPIC01_AES_MAX_KEY_SIZE 32 +#define TROPIC01_AES_KEY_SLOT_DEFAULT 8 +#define PAIRING_KEY_SLOT_INDEX_0 0 + + + +typedef struct { + int keySlot; /* Slot ID in TROPIC01 secure memory */ + word32 keySize; /* Size of the key in bytes (16, 24, or 32) */ + byte keyType; /* Type of key (e.g., AES_CBC, AES_GCM) */ + byte isValid; /* Flag indicating if this reference is valid */ +} Tropic01KeyRef; + +/* Context for TROPIC01 secure element */ +typedef struct { + int initialized; + byte keySlotUsage[8]; +} Tropic01CryptoDevCtx; + + +int Tropic01_Init(Tropic01CryptoDevCtx* ctx); +int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx); + +//static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx); +//static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz, Tropic01CryptoDevCtx* ctx); + +#endif /* WOLF_CRYPTO_CB */ + +#endif /* WOLFSSL_TROPIC01*/ + +#endif /* _WOLFPORT_TROPIC01_H_ */