From 356eeea5052767d997c4b40c5714498c270b10b9 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Wed, 10 Aug 2022 23:51:41 +0200
Subject: [PATCH] Added support for ECDH_XKEK.

Note that it is unfinished. ECDH_XKEK is utilized for deriving and setting the KEK, based on the calc DH secret. It should not return anything, just SW_OK (this is not what is happening right now).

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/sc_hsm.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c
index da0dadb..fa9e98b 100644
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@@ -1800,7 +1800,7 @@ static int cmd_decrypt_asym() {
         }
         mbedtls_rsa_free(&ctx);
     }
-    else if (p2 == ALGO_EC_DH) {
+    else if (p2 == ALGO_EC_DH || p2 == ALGO_EC_DH_XKEK) {
         mbedtls_ecdh_context ctx;
         if (wait_button() == true) //timeout
             return SW_SECURE_MESSAGE_EXEC_ERROR();
@@ -1827,7 +1827,20 @@ static int cmd_decrypt_asym() {
             return SW_DATA_INVALID();
         }
         free(kdata);
-        r = mbedtls_ecdh_read_public(&ctx, apdu.data-1, apdu.nc+1);
+        r = -1;
+        if (p2 == ALGO_EC_DH)
+            r = mbedtls_ecdh_read_public(&ctx, apdu.data-1, apdu.nc+1);
+        else if (p2 == ALGO_EC_DH_XKEK) {
+            size_t pub_len = 0;
+            const uint8_t *pub = cvc_get_pub(apdu.data, apdu.nc, &pub_len);
+            if (pub) {
+                size_t t86_len = 0;
+                const uint8_t *t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86);
+                if (t86) {
+                    r = mbedtls_ecdh_read_public(&ctx, t86-1, t86_len+1);
+                }
+            }
+        }
         if (r != 0) {
             mbedtls_ecdh_free(&ctx);
             return SW_DATA_INVALID();