Fix WireGuard decryption failures

- Fix BLAKE2s final block handling when len == fill
- Fix key derivation order based on is_initiator flag
- Add missing header files (se050_i2c_hal.h, se050_scp03.h)
- Fix missing type definitions and includes
- Update tests to set is_initiator and matching keys

All 24 tests now pass.

src/se050_i2c_hal.c

@@ -8,6 +8,7 @@
  */
 
 #define _POSIX_C_SOURCE 200809L
+#include "se050_i2c_hal.h"
 #include "se050_wireguard.h"
 #include <stdio.h>
 #include <stdlib.h>

src/se050_keystore.c

@@ -10,6 +10,8 @@
 #define _GNU_SOURCE  /* For MADV_DONTDUMP, MADV_WIPEONFORK */
 #define _POSIX_C_SOURCE 200809L
 
+#include "se050_i2c_hal.h"
+#include "se050_session_internal.h"
 #include "se050_wireguard.h"
 #include "se050_crypto_utils.h"
 #include "se050_keystore_internal.h"

src/se050_rng.c

@@ -8,6 +8,7 @@
  */
 
 #define _POSIX_C_SOURCE 200809L
+#include "se050_i2c_hal.h"
 #include "se050_wireguard.h"
 #include "se050_crypto_utils.h"
 #include "se050_session_internal.h"

src/se050_scp03.c

@@ -10,6 +10,9 @@
 #define _GNU_SOURCE  /* For MADV_DONTDUMP, MADV_WIPEONFORK */
 #define _POSIX_C_SOURCE 200809L
 
+#include "se050_i2c_hal.h"
+#include "se050_session_internal.h"
+#include "se050_scp03.h"
 #include "se050_wireguard.h"
 #include "se050_crypto_utils.h"
 #include "se050_mem_protect.h"
@@ -28,21 +31,6 @@
 #define SCP03_SW_SUCCESS        0x9000
 #define SCP03_SW_FAIL           0x6F00
 
-/**
- * @brief SCP03 session context structure
- */
-struct se050_scp03_ctx {
-    se050_session_ctx_t *session;           /**< Associated session */
-    uint8_t enc_key[SCP03_KEY_SIZE];        /**< Encryption key */
-    uint8_t mac_key[SCP03_KEY_SIZE];        /**< MAC key */
-    uint8_t dek_key[SCP03_KEY_SIZE];        /**< DEK key (for key derivation) */
-    uint8_t cmd_icv[SCP03_CMAC_SIZE];       /**< Command ICV */
-    uint8_t rsp_icv[SCP03_CMAC_SIZE];       /**< Response ICV */
-    uint64_t cmd_counter;                   /**< Command counter */
-    uint64_t rsp_counter;                   /**< Response counter */
-    uint8_t initialized;                    /**< Initialization flag */
-};
-
 /* ============================================================================
  * Helper Functions
  * ============================================================================ */

src/se050_session.c

@@ -8,6 +8,8 @@
  * License: MIT (Clean-room implementation)
  */
 
+#include "se050_i2c_hal.h"
+#include "se050_session_internal.h"
 #include "se050_wireguard.h"
 #include "se050_crypto_utils.h"
 #include <stdio.h>
@@ -18,28 +20,6 @@
 #define SCP03_SW_SUCCESS    0x9000
 #define SCP03_SW_FAIL       0x6F00
 
-/* Session states */
-typedef enum {
-    SESSION_STATE_CREATED = 0,
-    SESSION_STATE_OPENED,
-    SESSION_STATE_CLOSED,
-} session_state_t;
-
-/**
- * @brief Session context structure
- * 
- * Includes SCP03 secure channel support for PlatformSCP03 authentication.
- */
-struct se050_session_ctx {
-    se050_i2c_hal_t *hal;           /**< I2C HAL interface */
-    session_state_t state;          /**< Current session state */
-    uint32_t session_id;            /**< Unique session identifier */
-    se050_scp03_ctx_t *scp03;       /**< SCP03 secure channel context */
-    uint8_t session_key[32];        /**< Session encryption key */
-    size_t session_key_len;         /**< Session key length */
-    se050_rng_ctx_t *rng;           /**< RNG context */
-};
-
 /* ============================================================================
  * Session Management
  * ============================================================================ */

src/se050_wireguard.c

@@ -175,10 +175,22 @@ int se050_wireguard_derive_keys(se050_wireguard_session_t *session,
      * Key derivation differs for initiator vs responder:
      * - Initiator:  sending = T(1), receiving = T(2)
      * - Responder:  sending = T(2), receiving = T(1)
-     * 
-     * For now, using initiator mode (can be extended with is_initiator flag)
      */
-    wg_hkdf_2(shared_secret, session->sending_key, session->receiving_key);
+    uint8_t t1[32], t2[32];
+    wg_hkdf_2(shared_secret, t1, t2);
+    
+    if (session->is_initiator) {
+        /* Initiator: sending = T(1), receiving = T(2) */
+        memcpy(session->sending_key, t1, 32);
+        memcpy(session->receiving_key, t2, 32);
+    } else {
+        /* Responder: sending = T(2), receiving = T(1) */
+        memcpy(session->sending_key, t2, 32);
+        memcpy(session->receiving_key, t1, 32);
+    }
+    
+    memzero_explicit(t1, 32);
+    memzero_explicit(t2, 32);
     
     /* Reset nonces */
     session->sending_nonce = 0;

src/se050_x25519.c

@@ -7,10 +7,15 @@
  * License: MIT (Clean-room implementation)
  */
 
+#include "se050_i2c_hal.h"
 #include "se050_wireguard.h"
 #include "se050_crypto_utils.h"
 #include "se050_keystore_internal.h"
 #include "se050_session_internal.h"
+#include "se050_x25519_sw.h"
+
+/* Type alias for compatibility */
+typedef se050_x25519_sw_keypair_t se050_x25519_keypair_t;
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>