diff --git a/wolfcrypt/src/port/tropicsquare/tropic01.c b/wolfcrypt/src/port/tropicsquare/tropic01.c index 0f0be4e62..e97e201f8 100644 --- a/wolfcrypt/src/port/tropicsquare/tropic01.c +++ b/wolfcrypt/src/port/tropicsquare/tropic01.c @@ -33,71 +33,60 @@ #include +static Tropic01CryptoDevCtx g_ctx = {0}; +static lt_handle_t g_h; + +// Default factory pairing keys +byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0; + // Engineering samples 01 keys: +byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b}; +byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54}; /* * TROPIC01 hardware RNG implementation */ -static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx) +static int Tropic01_GetRandom(byte* out, word32 sz) { int ret = 0; - // Default factory pairing keys - byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0; - // Engineering samples 01 keys: - byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b}; - byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54}; - lt_handle_t h; - lt_ret_t rett; + + WOLFSSL_MSG_EX("TROPIC01: GetRandom: Requesting %u bytes", sz); - if (out == NULL || ctx == NULL || !ctx->initialized || sz == 0) + if (out == NULL || sz == 0) return BAD_FUNC_ARG; + /* Call TROPIC01 TRNG API to get random data */ - rett = lt_init(&h); - if(rett != LT_OK) { - //printf("Error lt_init(): %s", lt_ret_verbose(ret)); - return rett; - } - ret = verify_chip_and_start_secure_session(&h, sh0priv, sh0pub, pkey_index_0); + ret = lt_random_get(&g_h, out, sz); if(ret != LT_OK) { - //printf("Error sec channel: %s", lt_ret_verbose(ret)); - lt_deinit(&h); - return ret; - } - ret = lt_random_get(&h, out, sz); - if(ret != LT_OK) { - //printf("Error l3 cmd: %s", lt_ret_verbose(ret)); - lt_deinit(&h); - return ret; - } - ret = lt_deinit(&h); - if(ret != LT_OK) { - //printf("Error lt_deinit(): %s", lt_ret_verbose(ret)); - return ret; + WOLFSSL_MSG_EX("TROPIC01: GetKey: Failed to retrieve key, ret=%d", ret); + Tropic01_Deinit(); + return WC_HW_E; } + WOLFSSL_MSG_EX("TROPIC01: GetRandom: Completed with ret=%d", ret); - return ret; + /* + for (word32 i = 0; i < sz; i++) { + WOLFSSL_MSG_EX("TROPIC01: GetRandom: out[%d] = 0x%02x", i, out[i]); + } + */ + return 0; } /* * Retrive the AES key from the secure memory of TROPIC01 */ -static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz, Tropic01CryptoDevCtx* ctx) +static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz) { - int ret; - // Default factory pairing keys - byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0; - // Engineering samples 01 keys: - byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b}; - byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54}; - lt_handle_t h; + lt_ret_t rett; WOLFSSL_MSG_EX("TROPIC01: GetKey: Retrieving key from slot %d", keySlot); - if (aes == NULL || ctx == NULL || !ctx->initialized || keySlot < 0 || keySlot >= 511) + if (aes == NULL || keySlot < 0 || keySlot >= 511) return BAD_FUNC_ARG; + /* Check key size */ if (keySz != 16 && keySz != 24 && keySz != 32) { @@ -106,117 +95,19 @@ static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz, Tropic01CryptoDe } /* Retrieve key from TROPIC01 */ - rett = lt_init(&h); + + rett = lt_r_mem_data_read(&g_h, keySlot, (byte*)aes->key, keySz); if(rett != LT_OK) { - //printf("Error lt_init(): %s", lt_ret_verbose(ret)); - return rett; - } - ret = verify_chip_and_start_secure_session(&h, sh0priv, sh0pub, pkey_index_0); - if(ret != LT_OK) { - //printf("Error sec channel: %s", lt_ret_verbose(ret)); - lt_deinit(&h); - return ret; - } - ret = lt_r_mem_data_read(&h, keySlot, (byte*)aes->key, keySz); - if(ret != LT_OK) { - //printf("Error l3 cmd: %s", lt_ret_verbose(ret)); - lt_deinit(&h); - return 1; - } - ret = lt_deinit(&h); - if(ret != LT_OK) { - //printf("Error lt_deinit(): %s", lt_ret_verbose(ret)); - return ret; + WOLFSSL_MSG_EX("TROPIC01: GetKey: Failed to retrieve key, ret=%d", rett); + Tropic01_Deinit(); + return WC_HW_E; } - if (ret != 0) { - WOLFSSL_MSG_EX("TROPIC01: GetKey: Failed to retrieve key, ret=%d", ret); - return ret; - } WOLFSSL_MSG_EX("TROPIC01: GetKey: Key retrieved successfully"); return 0; } -/** - * Find an available key slot in the TROPIC01 - */ -static int Tropic01_FindFreeKeySlot(Tropic01CryptoDevCtx* ctx) -{ - int i; - - WOLFSSL_MSG("TROPIC01: FindFreeKeySlot: Searching for available slot"); - - for (i = 0; i < 8; i++) { - if (ctx->keySlotUsage[i] == 0) { - ctx->keySlotUsage[i] = 1; - WOLFSSL_MSG_EX("TROPIC01: FindFreeKeySlot: Found slot %d", i); - return i; - } - } - - WOLFSSL_MSG("TROPIC01: FindFreeKeySlot: No free slots available"); - return -1; -} - -/** - * Store AES key in TROPIC01 secure memory - */ -static int Tropic01_StoreKey(Aes* aes, const byte* key, word32 keySz, Tropic01CryptoDevCtx* ctx) -{ - int ret; - int keySlot; - Tropic01KeyRef* keyRef; - - WOLFSSL_MSG_EX("TROPIC01: StoreKey: Storing key of size %u bytes", keySz); - - if (aes == NULL || key == NULL || ctx == NULL || !ctx->initialized) - return BAD_FUNC_ARG; - - /* Check key size */ - if (keySz != 16 && keySz != 24 && keySz != 32) { - WOLFSSL_MSG_EX("TROPIC01: StoreKey: Unsupported key size %u", keySz); - return BAD_FUNC_ARG; - } - - /* Find available key slot */ - keySlot = Tropic01_FindFreeKeySlot(ctx); - if (keySlot < 0) { - WOLFSSL_MSG("TROPIC01: StoreKey: No free key slots available"); - return MEMORY_E; - } - - /* Allocate key reference */ - keyRef = (Tropic01KeyRef*)XMALLOC(sizeof(Tropic01KeyRef), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (keyRef == NULL) { - ctx->keySlotUsage[keySlot] = 0; - return MEMORY_E; - } - - /* Store key in TROPIC01 */ - /* Example TROPIC01_StoreKey call */ - ret = 0; /* Replace with actual implementation */ - - if (ret != 0) { - WOLFSSL_MSG_EX("TROPIC01: StoreKey: Failed to store key in slot %d, ret=%d", keySlot, ret); - XFREE(keyRef, NULL, DYNAMIC_TYPE_TMP_BUFFER); - ctx->keySlotUsage[keySlot] = 0; - return ret; - } - - /* Initialize key reference */ - keyRef->keySlot = keySlot; - keyRef->keySize = keySz; - keyRef->keyType = 0; - keyRef->isValid = 1; - - /* Store reference in AES structure */ - //aes->devKey = keySlot; - //aes->devCtx = keyRef; - - WOLFSSL_MSG_EX("TROPIC01: StoreKey: Key stored successfully in slot %d", keySlot); - return 0; -} /** * Crypto Callback function for TROPIC01 @@ -224,24 +115,29 @@ static int Tropic01_StoreKey(Aes* aes, const byte* key, word32 keySz, Tropic01Cr int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) { int ret = CRYPTOCB_UNAVAILABLE; - Tropic01CryptoDevCtx* tropicCtx = (Tropic01CryptoDevCtx*)ctx; - if (info == NULL || tropicCtx == NULL || !tropicCtx->initialized || devId == -2) + if (info == NULL) return BAD_FUNC_ARG; + (void)ctx; + (void)devId; + if (g_ctx.initialized == 0) { + WOLFSSL_MSG("TROPIC01: CryptoCB: Device not initialized"); + return CRYPTOCB_UNAVAILABLE; + } switch (info->algo_type) { case WC_ALGO_TYPE_RNG: WOLFSSL_MSG_EX("TROPIC01: CryptoCB: RNG generation request (%u bytes)", info->rng.sz); - ret = Tropic01_GetRandom(info->rng.out, info->rng.sz, tropicCtx); + ret = Tropic01_GetRandom(info->rng.out, info->rng.sz); break; case WC_ALGO_TYPE_SEED: WOLFSSL_MSG_EX("TROPIC01: CryptoCB: SEED generation request (%u bytes)", info->seed.sz); - ret = Tropic01_GetRandom(info->seed.seed, info->seed.sz, tropicCtx); + ret = Tropic01_GetRandom(info->seed.seed, info->seed.sz); break; case WC_ALGO_TYPE_CIPHER: - WOLFSSL_MSG_EX("TROPIC01: CryptoCB: AES request (%u bytes)", info->aes_setkey.keySz); - ret = Tropic01_StoreKey(NULL, NULL, 32, tropicCtx); + WOLFSSL_MSG("TROPIC01: CryptoCB: AES request "); + //ret = Tropic01_StoreKey(NULL, NULL, 32); //ret = Tropic01_GetKey(NULL, NULL, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); #if !defined(NO_AES) || !defined(NO_DES3) #ifdef HAVE_AESGCM @@ -249,7 +145,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) if (info->cipher.enc) { /* set devId to invalid, so software is used */ info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; - ret = Tropic01_GetKey(info->cipher.aesgcm_enc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); + ret = Tropic01_GetKey(info->cipher.aesgcm_enc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE); if (ret != 0) { WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM encryption, ret=%d", ret); return ret; @@ -272,7 +168,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) else { /* set devId to invalid, so software is used */ info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID; - ret = Tropic01_GetKey(info->cipher.aesgcm_dec.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); + ret = Tropic01_GetKey(info->cipher.aesgcm_dec.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE); if (ret != 0) { WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM decryption, ret=%d", ret); return ret; @@ -299,7 +195,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) if (info->cipher.enc) { /* set devId to invalid, so software is used */ info->cipher.aescbc.aes->devId = INVALID_DEVID; - ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); + ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE); if (ret != 0) { WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC encryption, ret=%d", ret); return ret; @@ -316,7 +212,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) else { /* set devId to invalid, so software is used */ info->cipher.aescbc.aes->devId = INVALID_DEVID; - ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); + ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE); if (ret != 0) { WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC decryption, ret=%d", ret); return ret; @@ -330,26 +226,60 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) /* reset devId */ info->cipher.aescbc.aes->devId = devId; } + for (int i = 0; i < info->cipher.aescbc.aes->keylen; i++) { + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: aes->key[%d] = 0x%02x", i, info->cipher.aescbc.aes->key[i]); + } + for (word32 i = 0; i < info->cipher.aescbc.sz; i++) { + WOLFSSL_MSG_EX("TROPIC01: CryptoCB: out[%d] = 0x%02x", i, info->cipher.aescbc.out[i]); + } } #endif /* HAVE_AES_CBC */ #endif /* !NO_AES || !NO_DES3 */ break; default: - WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Unsupported algorithm type %d", info->algo_type); + //WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Unsupported algorithm type %d", info->algo_type); break; } return ret; } -int Tropic01_Init(Tropic01CryptoDevCtx* ctx) +int Tropic01_Init() { - if (ctx == NULL) - return BAD_FUNC_ARG; + lt_ret_t ret; - ctx->initialized = 1; - XMEMSET(ctx->keySlotUsage, 0, sizeof(ctx->keySlotUsage)); + g_ctx.initialized = 0; + ret = lt_init(&g_h); + if(ret != LT_OK) { + WOLFSSL_MSG_EX("TROPIC01: lt_init failed with a code %d", ret); + return WC_HW_E; + } + ret = verify_chip_and_start_secure_session(&g_h, sh0priv, sh0pub, pkey_index_0); + if(ret != LT_OK) { + WOLFSSL_MSG_EX("TROPIC01: secure session failed with a code %d", ret); + lt_deinit(&g_h); + return WC_HW_E; + } + g_ctx.initialized = 1; + WOLFSSL_MSG("TROPIC01: Crypto device initialized successfully"); return 0; } + +int Tropic01_Deinit() +{ + lt_ret_t ret; + + if (g_ctx.initialized) { + ret = lt_deinit(&g_h); + if(ret != LT_OK) { + WOLFSSL_MSG_EX("TROPIC01: lt_deinit failed with a code %d", ret); + return WC_HW_E; + } + g_ctx.initialized = 0; + WOLFSSL_MSG("TROPIC01: Crypto device deinitialized successfully"); + } + + return 0; +} diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index f31093ec1..72214d588 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -299,7 +299,7 @@ int wolfCrypt_Init(void) stsafe_interface_init(); #endif #if defined(WOLFSSL_TROPIC01) - ret = Tropic01_Init(NULL); + ret = Tropic01_Init(); if (ret != 0) { WOLFSSL_MSG("Tropic01 init failed"); return ret; diff --git a/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h b/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h index 08110e03d..61eeedfd0 100644 --- a/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h +++ b/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h @@ -39,18 +39,18 @@ #define LT_USE_TREZOR_CRYPTO 1 #define LT_HELPERS -#include "libtropic.h" -#include "libtropic_common.h" +#include +#include #ifdef WOLF_CRYPTO_CB /* Device ID that's unique and valid (not INVALID_DEVID -2) */ -#define WOLF_TROPIC01_DEVID 0x75757; /* TROPIC01 ID*/ +#define WOLF_TROPIC01_DEVID 0x75757 /* TROPIC01 ID*/ #define TROPIC01_AES_MAX_KEY_SIZE 32 -#define TROPIC01_AES_KEY_SLOT_DEFAULT 8 +#define TROPIC01_AES_KEY_SLOT_DEFAULT 1 #define PAIRING_KEY_SLOT_INDEX_0 0 @@ -69,7 +69,8 @@ typedef struct { } Tropic01CryptoDevCtx; -int Tropic01_Init(Tropic01CryptoDevCtx* ctx); +int Tropic01_Init(void); +int Tropic01_Deinit(void); int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx); //static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx);