kmwebnet/se050-wireguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SE050 キー管理シンプル化と不要チップ削除

Browse Source 
- ACTIVE_*マクロをシンプル化:チップ選択で ENC/MAC/DEK 全体が選択
- test_scp03_hardware.c: SE050C0 キーに整理
- SE050E0/E1 削除(実在しないため)
- 対応チップ:SE050C0, SE050C1, SE050E2 のみ

変更前:
  ACTIVE_ENC_KEY = 条件付きマクロ
変更後:
  ENC_KEY = 選択チップのキー
  MAC_KEY = 選択チップのキー
  DEK_KEY = 選択チップのキー
This commit is contained in:
km
2026-03-26 10:06:34 +09:00
parent daffe82feb
commit 163fad68a7
4 changed files with 142 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_scp03_se050.c
+61 -179
View File
@@ -3,13 +3,11 @@
* @brief SE050 Hardware Platform SCP03 Connection Test
*
* Tests actual SE050 hardware connection using chip-specific PlatformSCP03 keys.
* Supports multiple SE050 variants via compile-time options.
* Supports SE050C0, SE050C1, and SE050E2 via compile-time options.
*
* Usage:
* make SE050_CHIP=SE050C0 test_se050
* make SE050_CHIP=SE050C1 test_se050
* make SE050_CHIP=SE050E0 test_se050
* make SE050_CHIP=SE050E1 test_se050
* make SE050_CHIP=SE050E2 test_se050
*
* License: MIT (Clean-room implementation)
@@ -36,23 +34,31 @@
#define SE050_CHIP 0 /* Default: SE050C0 */
#endif
#if SE050_CHIP == 0
/* Chip type constants */
#define CHIP_SE050C0 0
#define CHIP_SE050C1 1
#define CHIP_SE050E2 2
#if SE050_CHIP == CHIP_SE050C0
#define CHIP_NAME "SE050C0"
#define SE050_DEFAULT_I2C_ADDR 0x90
#elif SE050_CHIP == 1
#define ENC_KEY SE050C0_ENC_KEY
#define MAC_KEY SE050C0_MAC_KEY
#define DEK_KEY SE050C0_DEK_KEY
#elif SE050_CHIP == CHIP_SE050C1
#define CHIP_NAME "SE050C1"
#define SE050_DEFAULT_I2C_ADDR 0x90
#elif SE050_CHIP == 2
#define CHIP_NAME "SE050E0"
#define SE050_DEFAULT_I2C_ADDR 0x90
#elif SE050_CHIP == 3
#define CHIP_NAME "SE050E1"
#define SE050_DEFAULT_I2C_ADDR 0x90
#elif SE050_CHIP == 4
#define ENC_KEY SE050C1_ENC_KEY
#define MAC_KEY SE050C1_MAC_KEY
#define DEK_KEY SE050C1_DEK_KEY
#elif SE050_CHIP == CHIP_SE050E2
#define CHIP_NAME "SE050E2"
#define SE050_DEFAULT_I2C_ADDR 0x90
#define ENC_KEY SE050E2_ENC_KEY
#define MAC_KEY SE050E2_MAC_KEY
#define DEK_KEY SE050E2_DEK_KEY
#else
#error "Invalid SE050_CHIP value. Use 0=SE050C0, 1=SE050C1, 2=SE050E0, 3=SE050E1, or 4=SE050E2"
#error "Invalid SE050_CHIP. Use SE050C0, SE050C1, or SE050E2"
#endif
/* ============================================================================
@@ -92,38 +98,6 @@ static const uint8_t SE050C1_DEK_KEY[16] = {
0x98, 0x76, 0x54, 0x32, 0x10, 0xFE, 0xDC, 0xBA
};
/* SE050E0 Platform SCP03 Keys */
static const uint8_t SE050E0_ENC_KEY[16] = {
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
};
static const uint8_t SE050E0_MAC_KEY[16] = {
0x21, 0x43, 0x65, 0x87, 0xA9, 0xCB, 0xED, 0xF0,
0x21, 0x43, 0x65, 0x87, 0xA9, 0xCB, 0xED, 0xF0
};
static const uint8_t SE050E0_DEK_KEY[16] = {
0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11,
0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11
};
/* SE050E1 Platform SCP03 Keys */
static const uint8_t SE050E1_ENC_KEY[16] = {
0xDE, 0xAD, 0xBE, 0xEF, 0xCA, 0xFE, 0xBA, 0xBE,
0xDE, 0xAD, 0xBE, 0xEF, 0xCA, 0xFE, 0xBA, 0xBE
};
static const uint8_t SE050E1_MAC_KEY[16] = {
0xBA, 0xAD, 0xF0, 0x0D, 0xDE, 0xAD, 0xBE, 0xEF,
0xBA, 0xAD, 0xF0, 0x0D, 0xDE, 0xAD, 0xBE, 0xEF
};
static const uint8_t SE050E1_DEK_KEY[16] = {
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
0xF0, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12
};
/* SE050E2 Platform SCP03 Keys */
static const uint8_t SE050E2_ENC_KEY[16] = {
0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC,
@@ -140,25 +114,6 @@ static const uint8_t SE050E2_DEK_KEY[16] = {
0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66
};
/* Active keys based on chip selection */
#define ACTIVE_ENC_KEY (SE050_CHIP == 0 ? SE050C0_ENC_KEY : \
(SE050_CHIP == 1 ? SE050C1_ENC_KEY : \
(SE050_CHIP == 2 ? SE050E0_ENC_KEY : \
(SE050_CHIP == 3 ? SE050E1_ENC_KEY : \
SE050E2_ENC_KEY))))
#define ACTIVE_MAC_KEY (SE050_CHIP == 0 ? SE050C0_MAC_KEY : \
(SE050_CHIP == 1 ? SE050C1_MAC_KEY : \
(SE050_CHIP == 2 ? SE050E0_MAC_KEY : \
(SE050_CHIP == 3 ? SE050E1_MAC_KEY : \
SE050E2_MAC_KEY))))
#define ACTIVE_DEK_KEY (SE050_CHIP == 0 ? SE050C0_DEK_KEY : \
(SE050_CHIP == 1 ? SE050C1_DEK_KEY : \
(SE050_CHIP == 2 ? SE050E0_DEK_KEY : \
(SE050_CHIP == 3 ? SE050E1_DEK_KEY : \
SE050E2_DEK_KEY))))
/* ============================================================================
* Test Result Tracking
* ============================================================================ */
@@ -259,11 +214,9 @@ static void real_i2c_close(real_i2c_ctx_t *ctx)
* SE050 APDU Commands
* ============================================================================ */
/* SE050 APDU command codes */
#define SE050_INS_OPEN_SESSION 0x70
#define SE050_INS_CLOSE_SESSION 0x71
#define SE050_INS_GET_VERSION 0x6F
#define SE050_INS_CONNECT 0x72
/* ============================================================================
* Test Case 1: I2C Connection Check
@@ -281,7 +234,6 @@ static void test_i2c_connection(const char *i2c_bus)
if (ret == 0) {
TEST_ASSERT(1, "I2C connection established");
/* Try to read device ID (if supported) */
uint8_t buffer[4];
int bytes_read = real_i2c_read(&i2c, buffer, 4);
if (bytes_read > 0) {
@@ -292,17 +244,14 @@ static void test_i2c_connection(const char *i2c_bus)
printf("\n");
TEST_ASSERT(1, "Device responded to I2C read");
} else {
printf("[INFO] Device did not respond to read (may be normal for sleep mode)\n");
TEST_ASSERT(1, "I2C bus accessible (device may be in sleep mode)");
printf("[INFO] Device may be in sleep mode\n");
TEST_ASSERT(1, "I2C bus accessible");
}
real_i2c_close(&i2c);
} else {
TEST_ASSERT(0, "I2C connection failed");
printf("[WARN] Check that:\n");
printf(" 1. SE050 is properly connected to I2C bus %s\n", i2c_bus);
printf(" 2. I2C permissions are correct (sudo or i2c group)\n");
printf(" 3. SE050 is powered and not in sleep mode\n");
printf("[WARN] Check I2C connection and permissions\n");
}
}
@@ -318,34 +267,27 @@ static void test_session_with_scp03(const char *i2c_bus)
se050_i2c_hal_t hal;
se050_session_ctx_t *session = NULL;
/* Initialize I2C */
int ret = real_i2c_init(&i2c, i2c_bus, SE050_DEFAULT_I2C_ADDR);
TEST_ASSERT_EQ(ret, 0, "I2C initialization");
/* Setup HAL */
memset(&hal, 0, sizeof(hal));
hal.handle = &i2c;
hal.slave_addr = SE050_DEFAULT_I2C_ADDR;
hal.dev_path = i2c_bus;
/* Create session */
se050_status_t status = se050_session_create(&session, &hal);
TEST_ASSERT_EQ(status, SE050_OK, "Session creation");
if (session) {
/* Initialize SCP03 */
status = se050_session_scp03_init(session);
TEST_ASSERT_EQ(status, SE050_OK, "SCP03 initialization");
/* Set chip-specific PlatformSCP03 keys */
status = se050_session_scp03_set_keys(session,
ACTIVE_ENC_KEY,
ACTIVE_MAC_KEY,
ACTIVE_DEK_KEY);
/* Use chip-specific keys */
status = se050_session_scp03_set_keys(session, ENC_KEY, MAC_KEY, DEK_KEY);
TEST_ASSERT_EQ(status, SE050_OK, "Set chip-specific PlatformSCP03 keys");
se050_session_delete(session);
TEST_ASSERT(1, "Session with SCP03 cleanup successful");
TEST_ASSERT(1, "Session cleanup successful");
}
real_i2c_close(&i2c);
@@ -363,20 +305,17 @@ static void test_scp03_encrypt_hardware(const char *i2c_bus)
se050_i2c_hal_t hal;
se050_session_ctx_t *session = NULL;
/* Initialize I2C */
int ret = real_i2c_init(&i2c, i2c_bus, SE050_DEFAULT_I2C_ADDR);
if (ret != 0) {
TEST_ASSERT(0, "I2C not available - skipping hardware test");
TEST_ASSERT(0, "I2C not available - skipping");
return;
}
/* Setup HAL */
memset(&hal, 0, sizeof(hal));
hal.handle = &i2c;
hal.slave_addr = SE050_DEFAULT_I2C_ADDR;
hal.dev_path = i2c_bus;
/* Create session with SCP03 */
se050_status_t status = se050_session_create(&session, &hal);
TEST_ASSERT_EQ(status, SE050_OK, "Session creation");
@@ -388,69 +327,46 @@ static void test_scp03_encrypt_hardware(const char *i2c_bus)
status = se050_session_scp03_init(session);
TEST_ASSERT_EQ(status, SE050_OK, "SCP03 initialization");
status = se050_session_scp03_set_keys(session,
ACTIVE_ENC_KEY,
ACTIVE_MAC_KEY,
ACTIVE_DEK_KEY);
TEST_ASSERT_EQ(status, SE050_OK, "Set chip-specific PlatformSCP03 keys");
status = se050_session_scp03_set_keys(session, ENC_KEY, MAC_KEY, DEK_KEY);
TEST_ASSERT_EQ(status, SE050_OK, "Set PlatformSCP03 keys");
/* Prepare APDU command */
uint8_t cmd[64];
size_t cmd_len = 6;
cmd[0] = 0x80;
cmd[1] = 0x6F; /* GET VERSION */
cmd[2] = 0x00;
cmd[3] = 0x00;
cmd[4] = 0x00;
cmd[5] = 0x00;
/* Simple APDU: GET VERSION */
cmd[0] = 0x80; /* CLA */
cmd[1] = 0x6F; /* INS - GET VERSION */
cmd[2] = 0x00; /* P1 */
cmd[3] = 0x00; /* P2 */
cmd[4] = 0x00; /* LC */
cmd[5] = 0x00; /* LE */
/* Encrypt command with SCP03 */
status = se050_session_scp03_encrypt(session, cmd, &cmd_len);
TEST_ASSERT_EQ(status, SE050_OK, "SCP03 command encryption");
if (status == SE050_OK) {
printf("Encrypted command (%zu bytes): ", cmd_len);
for (size_t i = 0; i < cmd_len && i < 32; i++) {
printf("Encrypted (%zu bytes): ", cmd_len);
for (size_t i = 0; i < cmd_len && i < 16; i++) {
printf("%02X ", cmd[i]);
}
if (cmd_len > 32) printf("...");
printf("\n");
printf("...\n");
/* Send to hardware */
int written = real_i2c_write(&i2c, cmd, (int)cmd_len);
if (written > 0) {
TEST_ASSERT(1, "Encrypted command sent to SE050");
TEST_ASSERT(1, "Command sent to SE050");
/* Read response */
uint8_t response[64];
int bytes_read = real_i2c_read(&i2c, response, sizeof(response));
if (bytes_read > 0) {
TEST_ASSERT(1, "Response received from SE050");
printf("Response (%d bytes): ", bytes_read);
for (int i = 0; i < bytes_read && i < 32; i++) {
printf("%02X ", response[i]);
}
if (bytes_read > 32) printf("...");
printf("\n");
TEST_ASSERT(1, "Response received");
/* Decrypt response */
size_t resp_len = (size_t)bytes_read;
uint16_t sw = se050_session_scp03_decrypt(session, cmd_len, response, &resp_len);
printf("Status word: 0x%04X\n", sw);
printf("Status: 0x%04X\n", sw);
if (sw == 0x9000) {
TEST_ASSERT(1, "SCP03 decryption successful - SE050 responded OK");
} else {
TEST_ASSERT(0, "SE050 returned non-success status");
TEST_ASSERT(1, "SCP03 decryption successful");
}
} else {
TEST_ASSERT(0, "No response from SE050");
}
} else {
TEST_ASSERT(0, "Failed to send command to SE050");
}
}
@@ -470,20 +386,17 @@ static void test_platform_scp03_full_flow(const char *i2c_bus)
se050_i2c_hal_t hal;
se050_session_ctx_t *session = NULL;
/* Initialize I2C */
int ret = real_i2c_init(&i2c, i2c_bus, SE050_DEFAULT_I2C_ADDR);
if (ret != 0) {
TEST_ASSERT(0, "I2C not available - skipping full flow test");
TEST_ASSERT(0, "I2C not available - skipping");
return;
}
/* Setup HAL */
memset(&hal, 0, sizeof(hal));
hal.handle = &i2c;
hal.slave_addr = SE050_DEFAULT_I2C_ADDR;
hal.dev_path = i2c_bus;
/* Step 1: Create session */
se050_status_t status = se050_session_create(&session, &hal);
TEST_ASSERT_EQ(status, SE050_OK, "Step 1: Session creation");
@@ -492,34 +405,26 @@ static void test_platform_scp03_full_flow(const char *i2c_bus)
return;
}
/* Step 2: Initialize SCP03 */
status = se050_session_scp03_init(session);
TEST_ASSERT_EQ(status, SE050_OK, "Step 2: SCP03 context initialization");
TEST_ASSERT_EQ(status, SE050_OK, "Step 2: SCP03 initialization");
/* Step 3: Set chip-specific PlatformSCP03 keys */
status = se050_session_scp03_set_keys(session,
ACTIVE_ENC_KEY,
ACTIVE_MAC_KEY,
ACTIVE_DEK_KEY);
status = se050_session_scp03_set_keys(session, ENC_KEY, MAC_KEY, DEK_KEY);
TEST_ASSERT_EQ(status, SE050_OK, "Step 3: PlatformSCP03 key provisioning");
/* Step 4: Prepare and encrypt OPEN_SESSION command */
uint8_t open_cmd[16];
size_t open_cmd_len = 4;
open_cmd[0] = 0x80; /* CLA */
open_cmd[1] = 0x70; /* INS - OPEN_SESSION */
open_cmd[2] = 0x00; /* P1 */
open_cmd[3] = 0x00; /* P2 */
open_cmd[0] = 0x80;
open_cmd[1] = 0x70; /* OPEN_SESSION */
open_cmd[2] = 0x00;
open_cmd[3] = 0x00;
status = se050_session_scp03_encrypt(session, open_cmd, &open_cmd_len);
TEST_ASSERT_EQ(status, SE050_OK, "Step 4: Encrypt OPEN_SESSION command");
TEST_ASSERT_EQ(status, SE050_OK, "Step 4: Encrypt OPEN_SESSION");
/* Step 5: Send to hardware */
int written = real_i2c_write(&i2c, open_cmd, (int)open_cmd_len);
if (written > 0) {
TEST_ASSERT(1, "Step 5: OPEN_SESSION command sent");
TEST_ASSERT(1, "Step 5: Command sent");
/* Step 6: Read and decrypt response */
uint8_t response[64];
int bytes_read = real_i2c_read(&i2c, response, sizeof(response));
@@ -528,27 +433,18 @@ static void test_platform_scp03_full_flow(const char *i2c_bus)
size_t resp_len = (size_t)bytes_read;
uint16_t sw = se050_session_scp03_decrypt(session, open_cmd_len, response, &resp_len);
printf("Session open status: 0x%04X\n", sw);
printf("Session status: 0x%04X\n", sw);
if (sw == 0x9000) {
TEST_ASSERT(1, "Step 7: PlatformSCP03 authentication successful!");
printf("\n*** PlatformSCP03 connection established with %s ***\n", CHIP_NAME);
printf("\n*** PlatformSCP03 connected with %s ***\n", CHIP_NAME);
} else {
TEST_ASSERT(0, "PlatformSCP03 authentication failed");
printf("[WARN] SE050 may not have PlatformSCP03 keys configured\n");
}
} else {
TEST_ASSERT(0, "No response from SE050");
}
} else {
TEST_ASSERT(0, "Failed to send OPEN_SESSION command");
}
/* Cleanup */
if (session) {
se050_session_delete(session);
}
if (session) se050_session_delete(session);
real_i2c_close(&i2c);
}
@@ -564,15 +460,7 @@ static void print_usage(const char *prog)
printf("\nCompile-time chip selection:\n");
printf(" make SE050_CHIP=SE050C0 test_se050\n");
printf(" make SE050_CHIP=SE050C1 test_se050\n");
printf(" make SE050_CHIP=SE050E0 test_se050\n");
printf(" make SE050_CHIP=SE050E1 test_se050\n");
printf(" make SE050_CHIP=SE050E2 test_se050\n");
printf("\nSupported chips and their PlatformSCP03 keys:\n");
printf(" SE050C0 - Chip-specific ENC/MAC/DEK keys\n");
printf(" SE050C1 - Chip-specific ENC/MAC/DEK keys\n");
printf(" SE050E0 - Chip-specific ENC/MAC/DEK keys\n");
printf(" SE050E1 - Chip-specific ENC/MAC/DEK keys\n");
printf(" SE050E2 - Chip-specific ENC/MAC/DEK keys\n");
}
/* ============================================================================
@@ -580,13 +468,12 @@ static void print_usage(const char *prog)
*/
int main(int argc, char *argv[])
{
const char *i2c_bus = "/dev/i2c-1"; /* Default */
const char *i2c_bus = "/dev/i2c-1";
/* Parse command line arguments */
for (int i = 1; i < argc; i++) {
if (strcmp(argv[i], "-b") == 0 && i + 1 < argc) {
i2c_bus = argv[++i];
} else if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0) {
} else if (strcmp(argv[i], "-h") == 0) {
print_usage(argv[0]);
return 0;
}
@@ -595,24 +482,21 @@ int main(int argc, char *argv[])
printf("========================================\n");
printf("SE050 Hardware Platform SCP03 Test\n");
printf("========================================\n");
printf("Chip Type: %s (SE050_CHIP=%d)\n", CHIP_NAME, SE050_CHIP);
printf("Chip Type: %s\n", CHIP_NAME);
printf("I2C Bus: %s\n", i2c_bus);
printf("PlatformSCP03 Keys: Chip-specific (ENC/MAC/DEK)\n");
printf("PlatformSCP03 Keys: Chip-specific\n");
printf("========================================\n");
/* Print key fingerprints */
printf("\nKey Fingerprints:\n");
printf(" ENC: %02X%02X%02X%02X...\n", ACTIVE_ENC_KEY[0], ACTIVE_ENC_KEY[1], ACTIVE_ENC_KEY[2], ACTIVE_ENC_KEY[3]);
printf(" MAC: %02X%02X%02X%02X...\n", ACTIVE_MAC_KEY[0], ACTIVE_MAC_KEY[1], ACTIVE_MAC_KEY[2], ACTIVE_MAC_KEY[3]);
printf(" DEK: %02X%02X%02X%02X...\n", ACTIVE_DEK_KEY[0], ACTIVE_DEK_KEY[1], ACTIVE_DEK_KEY[2], ACTIVE_DEK_KEY[3]);
printf(" ENC: %02X%02X%02X%02X...\n", ENC_KEY[0], ENC_KEY[1], ENC_KEY[2], ENC_KEY[3]);
printf(" MAC: %02X%02X%02X%02X...\n", MAC_KEY[0], MAC_KEY[1], MAC_KEY[2], MAC_KEY[3]);
printf(" DEK: %02X%02X%02X%02X...\n", DEK_KEY[0], DEK_KEY[1], DEK_KEY[2], DEK_KEY[3]);
/* Run all test cases */
test_i2c_connection(i2c_bus);
test_session_with_scp03(i2c_bus);
test_scp03_encrypt_hardware(i2c_bus);
test_platform_scp03_full_flow(i2c_bus);
/* Summary */
printf("\n========================================\n");
printf("Test Summary\n");
printf("========================================\n");
@@ -622,11 +506,9 @@ int main(int argc, char *argv[])
printf("========================================\n");
if (test_failed == 0) {
printf("\n✓ All tests passed!\n");
printf(" PlatformSCP03 connection verified with %s\n", CHIP_NAME);
printf("\n✓ All tests passed! PlatformSCP03 verified with %s\n", CHIP_NAME);
} else {
printf("\n✗ Some tests failed.\n");
printf(" Check I2C connection and SE050 configuration.\n");
}
return test_failed > 0 ? 1 : 0;