in crypto/controlse/controlse_main.cxx [375:669]
static int process(int se05x_fd, FAR struct SSettings *settings)
{
int result = 0;
Controlse::CSecureElement se(se05x_fd);
if (settings->operation == KEYSTORE_GET_INFO)
{
struct se05x_info_s info;
result = se.GetInfo(info) ? 0 : -EPERM;
if (result == 0)
{
printf("OEF ID: %04x\n", info.oef_id);
}
}
else if (settings->operation == KEYSTORE_GET_UID)
{
struct se05x_uid_s uid;
result = se.GetUid(uid) ? 0 : -EPERM;
if (result == 0)
{
printf("UID: ");
for (size_t i = 0; i < SE05X_MODULE_UNIQUE_ID_LEN; i++)
{
printf("%02x", uid.uid[i]);
}
printf("\n");
}
}
else if (settings->operation == KEYSTORE_GENERATE)
{
struct se05x_generate_keypair_s args
= { .id = settings->key_id,
.cipher = SE05X_ASYM_CIPHER_EC_NIST_P_256 };
result = se.GenerateKey(args) ? 0 : -EPERM;
if (result == 0)
{
printf("Keypair generated successfully\n");
}
}
else if (settings->operation == KEYSTORE_WRITE)
{
char data[DEFAULT_BUFFER_SIZE];
FAR const char *prompt = settings->data_type == KEYSTORE_DATA_TYPE_STRING
? enter_data_raw
: enter_data_pem;
size_t data_size
= readFromFile(prompt, settings->input_filename, data, sizeof(data));
result = -EINVAL;
if (data_size != 0)
{
Controlse::ISecureElementObject *object = nullptr;
if (settings->data_type == KEYSTORE_DATA_TYPE_STRING)
{
object = new Controlse::CString(
data,
data_size - 1); // -1 because no zero termination character
// required
}
else if (settings->data_type == KEYSTORE_DATA_TYPE_KEY)
{
object = new Controlse::CPublicKey(data);
}
else if (settings->data_type == KEYSTORE_DATA_TYPE_CERT_OR_CSR)
{
object = new Controlse::CCertificate(
reinterpret_cast<uint8_t *>(data), data_size);
if (object)
{
if (!object->IsLoaded())
{
delete object;
object = new Controlse::CCsr(
reinterpret_cast<uint8_t *>(data), data_size);
}
}
}
result = -EPERM;
if (object)
{
if (object->IsLoaded())
{
result = object->StoreOnSecureElement(se, settings->key_id)
? 0
: -EPERM;
}
delete object;
}
}
if (result == 0)
{
printf("Data stored successfully\n");
}
}
else if (settings->operation == KEYSTORE_READ)
{
char *data = nullptr;
if (settings->data_type == KEYSTORE_DATA_TYPE_STRING)
{
Controlse::CString string(se, settings->key_id);
if (string.IsLoaded())
{
data = string.c_str();
}
}
else if (settings->data_type == KEYSTORE_DATA_TYPE_KEY)
{
Controlse::CPublicKey key(se, settings->key_id);
if (key.IsLoaded())
{
data = key.GetPem();
}
}
else if (settings->data_type == KEYSTORE_DATA_TYPE_CERT_OR_CSR)
{
Controlse::CCertificate cert(se, settings->key_id);
if (cert.IsLoaded())
{
data = cert.GetPem();
}
else
{
Controlse::CCsr csr(se, settings->key_id);
if (csr.IsLoaded())
{
data = csr.GetPem();
}
}
}
if (data)
{
puts(data);
delete[] data;
}
else
{
result = -EPERM;
}
}
else if (settings->operation == KEYSTORE_DELETE)
{
result = se.DeleteKey(settings->key_id) ? 0 : -EPERM;
if (result == 0)
{
printf("Deleted key successfully\n");
}
}
else if (settings->operation == KEYSTORE_DERIVE_SYMM_KEY)
{
uint8_t buffer[SYMM_KEY_BUFFER_SIZE];
struct se05x_derive_key_s args = {
.private_key_id = settings->private_key_id,
.public_key_id = settings->key_id,
.content = { .buffer = buffer, .buffer_size = sizeof(buffer) },
};
result = se.DeriveSymmetricalKey(args) ? 0 : -EPERM;
if (result == 0)
{
for (size_t i = 0; i < args.content.buffer_content_size; i++)
{
printf("%02x", args.content.buffer[i]);
}
printf("\n");
}
}
else if (settings->operation == KEYSTORE_CREATE_SIGNATURE)
{
uint8_t tbs_buffer[TBS_HASH_BUFFER_SIZE];
size_t tbs_content_size;
readFromFileAndConvert("Enter tbs(hex):", settings->input_filename,
tbs_buffer, sizeof(tbs_buffer),
&tbs_content_size);
uint8_t signature_buffer[SIGNATURE_BUFFER_SIZE];
size_t signature_content_len = 0;
if (result == 0)
{
struct se05x_signature_s args = {
.key_id = settings->key_id,
.algorithm = SE05X_ALGORITHM_SHA256,
.tbs = { .buffer = tbs_buffer,
.buffer_size = tbs_content_size,
.buffer_content_size = tbs_content_size },
.signature = { .buffer = signature_buffer,
.buffer_size = sizeof(signature_buffer) },
};
result = se.CreateSignature(args) ? 0 : -EPERM;
signature_content_len = args.signature.buffer_content_size;
}
if (result == 0)
{
for (size_t i = 0; i < signature_content_len; i++)
{
printf("%02x", signature_buffer[i]);
}
printf("\n");
}
}
else if (settings->operation == KEYSTORE_VERIFY_SIGNATURE)
{
uint8_t tbs_buffer[TBS_HASH_BUFFER_SIZE];
size_t tbs_content_size;
result = readFromFileAndConvert(
"Enter tbs(hex):", settings->input_filename, tbs_buffer,
sizeof(tbs_buffer), &tbs_content_size);
uint8_t signature_buffer[SIGNATURE_BUFFER_SIZE];
size_t signature_content_size;
if (result == 0)
{
result = readFromFileAndConvert(
"Enter signature(hex):", settings->signature_filename,
signature_buffer, sizeof(signature_buffer),
&signature_content_size);
}
if (result == 0)
{
struct se05x_signature_s args = {
.key_id = settings->key_id,
.algorithm = SE05X_ALGORITHM_SHA256,
.tbs = { .buffer = tbs_buffer,
.buffer_size = tbs_content_size,
.buffer_content_size = tbs_content_size },
.signature = { .buffer = signature_buffer,
.buffer_size = signature_content_size,
.buffer_content_size = signature_content_size },
};
result = se.Verify(args) ? 0 : -EPERM;
}
if (result == 0)
{
printf("Signature verified successfully\n");
}
}
else if (settings->operation == KEYSTORE_SIGN_CSR)
{
char csr_pem_buf[DEFAULT_BUFFER_SIZE];
size_t csr_pem_buf_content_size
= readFromFile("enter csr(pem)", settings->input_filename,
csr_pem_buf, sizeof(csr_pem_buf));
csr_pem_buf_content_size = addZeroTerminationCharacter(
csr_pem_buf, csr_pem_buf_content_size, sizeof(csr_pem_buf));
auto certificate = Controlse::CCertificate(
se, reinterpret_cast<uint8_t *>(csr_pem_buf),
csr_pem_buf_content_size, settings->key_id);
auto crt_pem = certificate.GetPem();
if (crt_pem)
{
puts(crt_pem);
delete[] crt_pem;
}
else
{
result = -EPERM;
}
}
else if (settings->operation == KEYSTORE_VERIFY_CERTIFICATE)
{
char pem_buf[DEFAULT_BUFFER_SIZE];
size_t pem_content_size
= readFromFile("enter crt(pem)", settings->input_filename, pem_buf,
sizeof(pem_buf));
pem_content_size = addZeroTerminationCharacter(pem_buf, pem_content_size,
sizeof(pem_buf));
auto certificate = Controlse::CCertificate(
reinterpret_cast<uint8_t *>(pem_buf), pem_content_size);
result = certificate.VerifyAgainst(se, settings->key_id) ? 0 : -EPERM;
if (result == 0)
{
printf("Signature verified successfully\n");
}
}
return result;
}