CmdLib_DeriveKey return value

Infineon / optiga-trust-x

OPTIGA™ Trust X Software Framework

MIT License

37 stars 19 forks source link

CmdLib_DeriveKey return value #10

Closed ozanoner closed 5 years ago

ozanoner commented 5 years ago

Hi, A call to the CmdLib_DeriveKey function returns the value of '0x80010001' I believe it might correspond to the CMD_LIB_NULL_PARAM. However, in the following line it is defined as '0x80001001'

https://github.com/Infineon/optiga-trust-x/blob/7ae1031b8b7fdc5ce21c0baae5dc377edbd9b3ef/optiga/include/optiga/cmd/CommandLib.h#L57

Can you check if it is bug or not?

Best regards, Vedat

ozanoner commented 5 years ago

@ayushev I appreciate if you can check this issue.

ayushev commented 5 years ago

This is a device error returned from the device, the base for all the device erros is here

https://github.com/Infineon/optiga-trust-x/wiki/Device-Error-Codes

Which parameters are you using for this command, so that the device error is returned? Can you provide a code snippet?

ozanoner commented 5 years ago

It is one of NordicSemi SDK examples. I shared here: https://gist.github.com/ozanoner/29cdbc72539f0fba39f21dd4fb0e07f0

This function makes a call to optiga_crypt_tls_prf_sha256 at line#43 and in this function, there is a call for CmdLib_DeriveKey. It is the line in which that function returns the value of 0x80010001 https://github.com/Infineon/optiga-trust-x/blob/95b37c8f4c98984bd4786bb9c45b423239b59cd3/optiga/crypt/optiga_crypt.c#L449

ayushev commented 5 years ago

I guess you had a look on this example where the shared secret is written directly to the data object. There are two nuances 1) It should be 32 bytes non 0x00 bytes long if you use NISTP256 key (by default) -> try using like in example a smaller array of non zero bytes 2) This wiki entry is a short reminder on how to use the function, if you want to see more or less full (and more secure) way to derive a shared secret you can refer to this file

ozanoner commented 5 years ago

Thanks for your reply! I will check those examples. I double-checked the documentation that you shared above and found that there is a comment for the value of CMD_DEV_ERROR and an example value of 0x80010001.

https://github.com/Infineon/optiga-trust-x/blob/7ae1031b8b7fdc5ce21c0baae5dc377edbd9b3ef/optiga/include/optiga/cmd/CommandLib.h#L50

So I got it now how it works :)

Thanks for your time & the help! Best regards.