WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

added support for Tropic01 crypto callbacks

pull/8812/head
Maxim Kostin 2025-05-19 21:41:49 +02:00
parent 05ff12969e
commit 385be1c08a
6 changed files with 505 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
configure.ac
View File

@ -2849,6 +2849,51 @@ AC_ARG_WITH([cryptoauthlib],
]
)
# TropicSquare TROPIC01
# Example: "./configure --with-tropic01=/home/pi/libtropic"
ENABLED_TROPIC01="no"
trylibtropicdir=""
AC_ARG_WITH([tropic01],
[AS_HELP_STRING([--with-tropic01=PATH],[PATH to install (default /usr/)])],
[
AC_MSG_CHECKING([for tropic01])
CPPFLAGS="$CPPFLAGS -DWOLFSSL_TROPIC01"
LIBS="$LIBS -llibtropic"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libtropic.h>]], [[ lt_init(0); ]])],[ libtropic_linked=yes ],[ libtropic_linked=no ])
if test "x$libtropic_linked" = "xno" ; then
if test "x$withval" != "xno" ; then
trylibtropicdir=$withval
fi
if test "x$withval" = "xyes" ; then
trylibtropicdir="/usr"
fi
LDFLAGS="$LDFLAGS -L$trylibtropicdir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibtropicdir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libtropic.h>]], [[ lt_init(0); ]])],[ libtropic_linked=yes ],[ libtropic_linked=no ])
if test "x$libtropic_linked" = "xno" ; then
AC_MSG_ERROR([libtropic isn't found.
If it's already installed, specify its path using --with-tropic01=/dir/])
fi
AM_LDFLAGS="$AM_LDFLAGS -L$trylibtropicdir/lib"
AM_CFLAGS="$AM_CFLAGS -I$trylibtropicdir/lib"
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
ENABLED_TROPIC01="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TROPIC01"
]
)
# NXP SE050
# Example: "./configure --with-se050=/home/pi/simw_top"
ENABLED_SE050="no"
@ -10702,6 +10747,7 @@ AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM_QNX" = "xyes"])
AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"])
AM_CONDITIONAL([BUILD_IOTSAFE_HWRNG],[test "x$ENABLED_IOTSAFE_HWRNG" = "xyes"])
AM_CONDITIONAL([BUILD_SE050],[test "x$ENABLED_SE050" = "xyes"])
AM_CONDITIONAL([BUILD_TROPIC01],[test "x$ENABLED_TROPIC01" = "xyes"])
AM_CONDITIONAL([BUILD_KDF],[test "x$ENABLED_KDF" = "xyes"])
AM_CONDITIONAL([BUILD_HMAC],[test "x$ENABLED_HMAC" = "xyes"])
AM_CONDITIONAL([BUILD_ERROR_STRINGS],[test "x$ENABLED_ERROR_STRINGS" = "xyes"])
@ -11230,6 +11276,7 @@ echo " * i.MX CAAM: $ENABLED_CAAM"
echo " * IoT-Safe: $ENABLED_IOTSAFE"
echo " * IoT-Safe HWRNG: $ENABLED_IOTSAFE_HWRNG"
echo " * NXP SE050: $ENABLED_SE050"
echo " * TROPIC01: $ENABLED_TROPIC01"
echo " * Maxim Integrated MAXQ10XX: $ENABLED_MAXQ10XX"
echo " * PSA: $ENABLED_PSA"
echo " * System CA certs: $ENABLED_SYS_CA_CERTS"

5
wolfcrypt/src/include.am
View File

@ -105,6 +105,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/st/README.md \
wolfcrypt/src/port/st/STM32MP13.md \
wolfcrypt/src/port/st/STM32MP25.md \
wolfcrypt/src/port/tropicsquare/tropic01.c \
wolfcrypt/src/port/af_alg/afalg_aes.c \
wolfcrypt/src/port/af_alg/afalg_hash.c \
wolfcrypt/src/port/kcapi/kcapi_aes.c \
@ -221,6 +222,10 @@ if BUILD_SE050
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/nxp/se050_port.c
endif
if BUILD_TROPIC01
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/tropicsquare/tropic01.c
endif
if BUILD_PSA
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/psa/psa.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/psa/psa_hash.c

355
wolfcrypt/src/port/tropicsquare/tropic01.c 100644
View File

@ -0,0 +1,355 @@
/* tropic01.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/cryptocb.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/port/tropicsquare/tropic01.h>
/*
* TROPIC01 hardware RNG implementation
*/
static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx)
{
int ret = 0;
// Default factory pairing keys
byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0;
// Engineering samples 01 keys:
byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b};
byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54};
lt_handle_t h;
lt_ret_t rett;
WOLFSSL_MSG_EX("TROPIC01: GetRandom: Requesting %u bytes", sz);
if (out == NULL || ctx == NULL || !ctx->initialized || sz == 0)
return BAD_FUNC_ARG;
/* Call TROPIC01 TRNG API to get random data */
rett = lt_init(&h);
if(rett != LT_OK) {
//printf("Error lt_init(): %s", lt_ret_verbose(ret));
return rett;
}
ret = verify_chip_and_start_secure_session(&h, sh0priv, sh0pub, pkey_index_0);
if(ret != LT_OK) {
//printf("Error sec channel: %s", lt_ret_verbose(ret));
lt_deinit(&h);
return ret;
}
ret = lt_random_get(&h, out, sz);
if(ret != LT_OK) {
//printf("Error l3 cmd: %s", lt_ret_verbose(ret));
lt_deinit(&h);
return ret;
}
ret = lt_deinit(&h);
if(ret != LT_OK) {
//printf("Error lt_deinit(): %s", lt_ret_verbose(ret));
return ret;
}
WOLFSSL_MSG_EX("TROPIC01: GetRandom: Completed with ret=%d", ret);
return ret;
}
/*
* Retrive the AES key from the secure memory of TROPIC01
*/
static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz, Tropic01CryptoDevCtx* ctx)
{
int ret;
// Default factory pairing keys
byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0;
// Engineering samples 01 keys:
byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b};
byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54};
lt_handle_t h;
lt_ret_t rett;
WOLFSSL_MSG_EX("TROPIC01: GetKey: Retrieving key from slot %d", keySlot);
if (aes == NULL || ctx == NULL || !ctx->initialized || keySlot < 0 || keySlot >= 511)
return BAD_FUNC_ARG;
/* Check key size */
if (keySz != 16 && keySz != 24 && keySz != 32) {
WOLFSSL_MSG_EX("TROPIC01: GetKey: Unsupported key size %u", keySz);
return BAD_FUNC_ARG;
}
/* Retrieve key from TROPIC01 */
rett = lt_init(&h);
if(rett != LT_OK) {
//printf("Error lt_init(): %s", lt_ret_verbose(ret));
return rett;
}
ret = verify_chip_and_start_secure_session(&h, sh0priv, sh0pub, pkey_index_0);
if(ret != LT_OK) {
//printf("Error sec channel: %s", lt_ret_verbose(ret));
lt_deinit(&h);
return ret;
}
ret = lt_r_mem_data_read(&h, keySlot, (byte*)aes->key, keySz);
if(ret != LT_OK) {
//printf("Error l3 cmd: %s", lt_ret_verbose(ret));
lt_deinit(&h);
return 1;
}
ret = lt_deinit(&h);
if(ret != LT_OK) {
//printf("Error lt_deinit(): %s", lt_ret_verbose(ret));
return ret;
}
if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: GetKey: Failed to retrieve key, ret=%d", ret);
return ret;
}
WOLFSSL_MSG_EX("TROPIC01: GetKey: Key retrieved successfully");
return 0;
}
/**
* Find an available key slot in the TROPIC01
*/
static int Tropic01_FindFreeKeySlot(Tropic01CryptoDevCtx* ctx)
{
int i;
WOLFSSL_MSG("TROPIC01: FindFreeKeySlot: Searching for available slot");
for (i = 0; i < 8; i++) {
if (ctx->keySlotUsage[i] == 0) {
ctx->keySlotUsage[i] = 1;
WOLFSSL_MSG_EX("TROPIC01: FindFreeKeySlot: Found slot %d", i);
return i;
}
}
WOLFSSL_MSG("TROPIC01: FindFreeKeySlot: No free slots available");
return -1;
}
/**
* Store AES key in TROPIC01 secure memory
*/
static int Tropic01_StoreKey(Aes* aes, const byte* key, word32 keySz, Tropic01CryptoDevCtx* ctx)
{
int ret;
int keySlot;
Tropic01KeyRef* keyRef;
WOLFSSL_MSG_EX("TROPIC01: StoreKey: Storing key of size %u bytes", keySz);
if (aes == NULL || key == NULL || ctx == NULL || !ctx->initialized)
return BAD_FUNC_ARG;
/* Check key size */
if (keySz != 16 && keySz != 24 && keySz != 32) {
WOLFSSL_MSG_EX("TROPIC01: StoreKey: Unsupported key size %u", keySz);
return BAD_FUNC_ARG;
}
/* Find available key slot */
keySlot = Tropic01_FindFreeKeySlot(ctx);
if (keySlot < 0) {
WOLFSSL_MSG("TROPIC01: StoreKey: No free key slots available");
return MEMORY_E;
}
/* Allocate key reference */
keyRef = (Tropic01KeyRef*)XMALLOC(sizeof(Tropic01KeyRef), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (keyRef == NULL) {
ctx->keySlotUsage[keySlot] = 0;
return MEMORY_E;
}
/* Store key in TROPIC01 */
/* Example TROPIC01_StoreKey call */
ret = 0; /* Replace with actual implementation */
if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: StoreKey: Failed to store key in slot %d, ret=%d", keySlot, ret);
XFREE(keyRef, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ctx->keySlotUsage[keySlot] = 0;
return ret;
}
/* Initialize key reference */
keyRef->keySlot = keySlot;
keyRef->keySize = keySz;
keyRef->keyType = 0;
keyRef->isValid = 1;
/* Store reference in AES structure */
//aes->devKey = keySlot;
//aes->devCtx = keyRef;
WOLFSSL_MSG_EX("TROPIC01: StoreKey: Key stored successfully in slot %d", keySlot);
return 0;
}
/**
* Crypto Callback function for TROPIC01
*/
int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
{
int ret = CRYPTOCB_UNAVAILABLE;
Tropic01CryptoDevCtx* tropicCtx = (Tropic01CryptoDevCtx*)ctx;
if (info == NULL || tropicCtx == NULL || !tropicCtx->initialized || devId == -2)
return BAD_FUNC_ARG;
switch (info->algo_type) {
case WC_ALGO_TYPE_RNG:
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: RNG generation request (%u bytes)", info->rng.sz);
ret = Tropic01_GetRandom(info->rng.out, info->rng.sz, tropicCtx);
break;
case WC_ALGO_TYPE_SEED:
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: SEED generation request (%u bytes)", info->seed.sz);
ret = Tropic01_GetRandom(info->seed.seed, info->seed.sz, tropicCtx);
break;
case WC_ALGO_TYPE_CIPHER:
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: AES request (%u bytes)", info->aes_setkey.keySz);
ret = Tropic01_StoreKey(NULL, NULL, 32, tropicCtx);
//ret = Tropic01_GetKey(NULL, NULL, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx);
#if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc) {
/* set devId to invalid, so software is used */
info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
ret = Tropic01_GetKey(info->cipher.aesgcm_enc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx);
if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM encryption, ret=%d", ret);
return ret;
}
ret = wc_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
info->cipher.aesgcm_enc.out,
info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz);
/* reset devId */
info->cipher.aesgcm_enc.aes->devId = devId;
}
else {
/* set devId to invalid, so software is used */
info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
ret = Tropic01_GetKey(info->cipher.aesgcm_dec.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx);
if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM decryption, ret=%d", ret);
return ret;
}
ret = wc_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
info->cipher.aesgcm_dec.out,
info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz);
/* reset devId */
info->cipher.aesgcm_dec.aes->devId = devId;
}
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC) {
if (info->cipher.enc) {
/* set devId to invalid, so software is used */
info->cipher.aescbc.aes->devId = INVALID_DEVID;
ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx);
if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC encryption, ret=%d", ret);
return ret;
}
ret = wc_AesCbcEncrypt(
info->cipher.aescbc.aes,
info->cipher.aescbc.out,
info->cipher.aescbc.in,
info->cipher.aescbc.sz);
/* reset devId */
info->cipher.aescbc.aes->devId = devId;
}
else {
/* set devId to invalid, so software is used */
info->cipher.aescbc.aes->devId = INVALID_DEVID;
ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx);
if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC decryption, ret=%d", ret);
return ret;
}
ret = wc_AesCbcDecrypt(
info->cipher.aescbc.aes,
info->cipher.aescbc.out,
info->cipher.aescbc.in,
info->cipher.aescbc.sz);
/* reset devId */
info->cipher.aescbc.aes->devId = devId;
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
break;
default:
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Unsupported algorithm type %d", info->algo_type);
break;
}
return ret;
}
int Tropic01_Init(Tropic01CryptoDevCtx* ctx)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
ctx->initialized = 1;
XMEMSET(ctx->keySlotUsage, 0, sizeof(ctx->keySlotUsage));
return 0;
}

12
wolfcrypt/src/wc_port.c
View File

@ -69,6 +69,10 @@
#include <wolfssl/wolfcrypt/port/st/stsafe.h>
#endif
#if defined(WOLFSSL_TROPIC01)
#include <wolfssl/wolfcrypt/port/tropicsquare/tropic01.h>
#endif
#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) \
&& !defined(WOLFCRYPT_ONLY)
#include <wolfssl/openssl/evp.h>
@ -294,7 +298,13 @@ int wolfCrypt_Init(void)
#if defined(WOLFSSL_STSAFEA100)
stsafe_interface_init();
#endif
#if defined(WOLFSSL_TROPIC01)
ret = Tropic01_Init(NULL);
if (ret != 0) {
WOLFSSL_MSG("Tropic01 init failed");
return ret;
}
#endif
#if defined(WOLFSSL_PSOC6_CRYPTO)
ret = psoc6_crypto_port_init();
if (ret != 0) {

5
wolfssl/wolfcrypt/include.am
View File

@ -109,6 +109,7 @@ noinst_HEADERS+= \
wolfssl/wolfcrypt/port/silabs/silabs_random.h \
wolfssl/wolfcrypt/port/st/stm32.h \
wolfssl/wolfcrypt/port/st/stsafe.h \
wolfssl/wolfcrypt/port/tropicsquare/tropic01.h \
wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \
wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h \
@ -229,6 +230,10 @@ if BUILD_SE050
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/nxp/se050_port.h
endif
if BUILD_TROPIC01
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/tropicsquare/tropic01.h
endif
if BUILD_MAXQ10XX
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/maxim/maxq10xx.h
endif

82
wolfssl/wolfcrypt/port/tropicsquare/tropic01.h 100644
View File

@ -0,0 +1,82 @@
/* tropic01.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _WOLFPORT_TROPIC01_H_
#define _WOLFPORT_TROPIC01_H_
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#ifdef WOLFSSL_TROPIC01
/* The TROPIC01 interface layer */
/* Please contact wolfSSL for the TROPIC01 port files */
#define LT_USE_TREZOR_CRYPTO 1
#define LT_HELPERS
#include "libtropic.h"
#include "libtropic_common.h"
#ifdef WOLF_CRYPTO_CB
/* Device ID that's unique and valid (not INVALID_DEVID -2) */
#define WOLF_TROPIC01_DEVID 0x75757; /* TROPIC01 ID*/
#define TROPIC01_AES_MAX_KEY_SIZE 32
#define TROPIC01_AES_KEY_SLOT_DEFAULT 8
#define PAIRING_KEY_SLOT_INDEX_0 0
typedef struct {
int keySlot; /* Slot ID in TROPIC01 secure memory */
word32 keySize; /* Size of the key in bytes (16, 24, or 32) */
byte keyType; /* Type of key (e.g., AES_CBC, AES_GCM) */
byte isValid; /* Flag indicating if this reference is valid */
} Tropic01KeyRef;
/* Context for TROPIC01 secure element */
typedef struct {
int initialized;
byte keySlotUsage[8];
} Tropic01CryptoDevCtx;
int Tropic01_Init(Tropic01CryptoDevCtx* ctx);
int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx);
//static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx);
//static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz, Tropic01CryptoDevCtx* ctx);
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_TROPIC01*/
#endif /* _WOLFPORT_TROPIC01_H_ */