Platform SCP03 セッション統合とテスト改善
- Session に SCP03 コンテキストを統合 (se050_session_scp03_* API) - PlatformSCP03 認証フロー実装 - テストを再記述 (42/42 パス) - API ドキュメント更新 - ビルドシステム改善
This commit is contained in:
km
+96
-4
@@ -3,6 +3,7 @@
|
||||
* @brief SE050 Session Management
|
||||
*
|
||||
* Clean-room implementation of SE050 session handling.
|
||||
* Supports Platform SCP03 secure channel.
|
||||
*
|
||||
* License: MIT (Clean-room implementation)
|
||||
*/
|
||||
@@ -13,6 +14,10 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
/* SCP03 status codes */
|
||||
#define SCP03_SW_SUCCESS 0x9000
|
||||
#define SCP03_SW_FAIL 0x6F00
|
||||
|
||||
/* Session states */
|
||||
typedef enum {
|
||||
SESSION_STATE_CREATED = 0,
|
||||
@@ -22,15 +27,16 @@ typedef enum {
|
||||
|
||||
/**
|
||||
* @brief Session context structure
|
||||
*
|
||||
* Includes SCP03 secure channel support for PlatformSCP03 authentication.
|
||||
*/
|
||||
struct se050_session_ctx {
|
||||
se050_i2c_hal_t *hal; /**< I2C HAL interface */
|
||||
session_state_t state; /**< Current session state */
|
||||
uint32_t session_id; /**< Unique session identifier */
|
||||
se050_scp03_ctx_t *scp03; /**< SCP03 secure channel context */
|
||||
uint8_t session_key[32]; /**< Session encryption key */
|
||||
size_t session_key_len; /**< Session key length */
|
||||
uint32_t cmd_counter; /**< Command counter for SCP03 */
|
||||
uint32_t resp_counter; /**< Response counter for SCP03 */
|
||||
se050_rng_ctx_t *rng; /**< RNG context */
|
||||
};
|
||||
|
||||
@@ -58,8 +64,7 @@ se050_status_t se050_session_create(se050_session_ctx_t **ctx, se050_i2c_hal_t *
|
||||
session->state = SESSION_STATE_CREATED;
|
||||
session->session_id = ++session_counter;
|
||||
session->session_key_len = 0;
|
||||
session->cmd_counter = 0;
|
||||
session->resp_counter = 0;
|
||||
session->scp03 = NULL;
|
||||
|
||||
/* Zeroize session key on allocation */
|
||||
memzero_explicit(session->session_key, sizeof(session->session_key));
|
||||
@@ -158,6 +163,12 @@ void se050_session_delete(se050_session_ctx_t *ctx)
|
||||
return;
|
||||
}
|
||||
|
||||
/* Close SCP03 secure channel if initialized */
|
||||
if (ctx->scp03) {
|
||||
se050_scp03_free(ctx->scp03);
|
||||
ctx->scp03 = NULL;
|
||||
}
|
||||
|
||||
/* Securely zeroize session key */
|
||||
if (ctx->session_key_len > 0) {
|
||||
memzero_explicit(ctx->session_key, ctx->session_key_len);
|
||||
@@ -167,3 +178,84 @@ void se050_session_delete(se050_session_ctx_t *ctx)
|
||||
/* Free session context */
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
/* ============================================================================
|
||||
* SCP03 Secure Channel Integration
|
||||
* ============================================================================ */
|
||||
|
||||
/**
|
||||
* @brief Initialize SCP03 secure channel for this session
|
||||
* @param ctx Session context
|
||||
* @return SE050_OK on success
|
||||
*/
|
||||
se050_status_t se050_session_scp03_init(se050_session_ctx_t *ctx)
|
||||
{
|
||||
if (!ctx) {
|
||||
return SE050_ERR_INVALID_ARG;
|
||||
}
|
||||
|
||||
if (ctx->state != SESSION_STATE_CREATED && ctx->state != SESSION_STATE_OPENED) {
|
||||
return SE050_ERR_SESSION;
|
||||
}
|
||||
|
||||
/* Create SCP03 context */
|
||||
return se050_scp03_init(&ctx->scp03, ctx);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Set SCP03 keys for PlatformSCP03 authentication
|
||||
* @param ctx Session context
|
||||
* @param enc_key Encryption key (16 bytes)
|
||||
* @param mac_key MAC key (16 bytes)
|
||||
* @param dek_key Data Encryption Key (16 bytes)
|
||||
* @return SE050_OK on success
|
||||
*/
|
||||
se050_status_t se050_session_scp03_set_keys(se050_session_ctx_t *ctx,
|
||||
const uint8_t *enc_key,
|
||||
const uint8_t *mac_key,
|
||||
const uint8_t *dek_key)
|
||||
{
|
||||
if (!ctx || !ctx->scp03) {
|
||||
return SE050_ERR_SESSION;
|
||||
}
|
||||
|
||||
return se050_scp03_set_keys(ctx->scp03, enc_key, mac_key, dek_key);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Encrypt command using SCP03
|
||||
* @param ctx Session context
|
||||
* @param cmd Command buffer
|
||||
* @param cmd_len Command length
|
||||
* @return SE050_OK on success
|
||||
*/
|
||||
se050_status_t se050_session_scp03_encrypt(se050_session_ctx_t *ctx,
|
||||
uint8_t *cmd,
|
||||
size_t *cmd_len)
|
||||
{
|
||||
if (!ctx || !ctx->scp03) {
|
||||
return SE050_ERR_SESSION;
|
||||
}
|
||||
|
||||
return se050_scp03_encrypt_command(ctx->scp03, cmd, cmd_len);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Decrypt response using SCP03
|
||||
* @param ctx Session context
|
||||
* @param cmd_len Original command length
|
||||
* @param rsp Response buffer
|
||||
* @param rsp_len Response length
|
||||
* @return Status word (0x9000 on success)
|
||||
*/
|
||||
uint16_t se050_session_scp03_decrypt(se050_session_ctx_t *ctx,
|
||||
size_t cmd_len,
|
||||
uint8_t *rsp,
|
||||
size_t *rsp_len)
|
||||
{
|
||||
if (!ctx || !ctx->scp03) {
|
||||
return SCP03_SW_FAIL;
|
||||
}
|
||||
|
||||
return se050_scp03_decrypt_response(ctx->scp03, cmd_len, rsp, rsp_len);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user