Rename CCID_ codes to PICOKEY_

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

pico-keys-sdk

@@ -1 +1 @@
-Subproject commit 62c3d0c3603e673ac4a338450db27fd3356468ac
+Subproject commit 6625678c3059554ef9fc38c1fd0ff16fa4dbad3e

src/hsm/cmd_bip_slip.c

@@ -38,7 +38,7 @@ int node_derive_bip_child(const mbedtls_ecp_keypair *parent,
     mbedtls_mpi_init(&kchild);
     if (i[0] >= 0x80) {
         if (mbedtls_mpi_cmp_int(&parent->d, 0) == 0) {
-            return CCID_ERR_NULL_PARAM;
+            return PICOKEY_ERR_NULL_PARAM;
         }
         data[0] = 0x00;
         mbedtls_mpi_write_binary(&parent->d, data + 1, 32);
@@ -72,19 +72,19 @@ int node_derive_bip_child(const mbedtls_ecp_keypair *parent,
     memcpy(cchild, iR, 32);
     mbedtls_mpi_free(&il);
     mbedtls_mpi_free(&kchild);
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int sha256_ripemd160(const uint8_t *buffer, size_t buffer_len, uint8_t *output) {
     mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buffer, buffer_len, output);
     mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160), output, 32, output);
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int sha256_sha256(const uint8_t *buffer, size_t buffer_len, uint8_t *output) {
     mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buffer, buffer_len, output);
     mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), output, 32, output);
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int node_fingerprint_bip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
@@ -98,7 +98,7 @@ int node_fingerprint_bip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
                                    sizeof(buffer));
     sha256_ripemd160(buffer, sizeof(buffer), buffer);
     memcpy(fingerprint, buffer, 4);
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
@@ -106,7 +106,7 @@ int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
     mbedtls_mpi_write_binary(&ctx->d, buffer, sizeof(buffer));
     sha256_ripemd160(buffer, sizeof(buffer), buffer);
     memcpy(fingerprint, buffer, 4);
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
@@ -115,13 +115,13 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
     mbedtls_ecp_keypair_init(ctx);
     file_t *ef = search_file(EF_MASTER_SEED | mid);
     if (!file_has_data(ef)) {
-        return CCID_ERR_FILE_NOT_FOUND;
+        return PICOKEY_ERR_FILE_NOT_FOUND;
     }
     memcpy(mkey, file_get_data(ef), sizeof(mkey));
     int r = mkek_decrypt(mkey + 1,
                          sizeof(mkey) - 1);
-    if (r != CCID_OK) {
-        return CCID_EXEC_ERROR;
+    if (r != PICOKEY_OK) {
+        return PICOKEY_EXEC_ERROR;
     }
     if (mkey[0] == 0x1 || mkey[0] == 0x2) {
         if (mkey[0] == 0x1) {
@@ -131,7 +131,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
             mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1);
         }
         else {
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
 
         mbedtls_mpi_read_binary(&ctx->d, mkey + 1, 32);
@@ -143,7 +143,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
         memcpy(chain, mkey + 1, 32);
     }
     key_type[0] = mkey[0];
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int node_derive_path(const uint8_t *path,
@@ -166,16 +166,16 @@ int node_derive_path(const uint8_t *path,
     for (; walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data); node++) {
         if (tag == 0x02) {
             if ((node == 0 && tag_len != 1) || (node != 0 && tag_len != 4)) {
-                return CCID_WRONG_DATA;
+                return PICOKEY_WRONG_DATA;
             }
             if (node == 0) {
-                if ((r = load_master_bip(tag_data[0], ctx, chain, key_type)) != CCID_OK) {
+                if ((r = load_master_bip(tag_data[0], ctx, chain, key_type)) != PICOKEY_OK) {
                     return r;
                 }
             }
             else if (node > 0) {
                 node_fingerprint_bip(ctx, fingerprint);
-                if ((r = node_derive_bip_child(ctx, chain, tag_data, ctx, chain)) != CCID_OK) {
+                if ((r = node_derive_bip_child(ctx, chain, tag_data, ctx, chain)) != PICOKEY_OK) {
                     return r;
                 }
                 memcpy(last_node, tag_data, 4);
@@ -183,7 +183,7 @@ int node_derive_path(const uint8_t *path,
         }
         else if (tag == 0x04) {
             if (node == 0) {
-                return CCID_WRONG_DATA;
+                return PICOKEY_WRONG_DATA;
             }
             else if (node > 0) {
                 node_fingerprint_slip(ctx, fingerprint);
@@ -202,7 +202,7 @@ int node_derive_path(const uint8_t *path,
     if (nodes) {
         *nodes = node;
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int cmd_bip_slip() {
@@ -253,11 +253,11 @@ int cmd_bip_slip() {
         mkey[0] = p1;
         file_t *ef = file_new(EF_MASTER_SEED | p2);
         int r = mkek_encrypt(mkey + 1, sizeof(mkey) - 1);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
         r = file_put_data(ef, mkey, sizeof(mkey));
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
         low_flash_available();
@@ -271,7 +271,7 @@ int cmd_bip_slip() {
         size_t olen = 0;
         int r =
             node_derive_path(apdu.data, (uint16_t)apdu.nc, &ctx, chain, fgpt, &nodes, last_node, &key_type);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_ecp_keypair_free(&ctx);
             return SW_EXEC_ERROR();
         }
@@ -317,7 +317,7 @@ int cmd_bip_slip() {
                                  &nodes,
                                  last_node,
                                  &hd_keytype);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_ecp_keypair_free(&hd_context);
             return SW_EXEC_ERROR();
         }

src/hsm/cmd_change_pin.c

@@ -42,7 +42,7 @@ int cmd_change_pin() {
             }
             uint8_t mkek[MKEK_SIZE];
             r = load_mkek(mkek); //loads the MKEK with old pin
-            if (r != CCID_OK) {
+            if (r != PICOKEY_OK) {
                 return SW_EXEC_ERROR();
             }
             //encrypt MKEK with new pin
@@ -57,7 +57,7 @@ int cmd_change_pin() {
             }
             r = store_mkek(mkek);
             release_mkek(mkek);
-            if (r != CCID_OK) {
+            if (r != PICOKEY_OK) {
                 return SW_EXEC_ERROR();
             }
             uint8_t dhash[33];

src/hsm/cmd_decrypt_asym.c

@@ -48,9 +48,9 @@ int cmd_decrypt_asym() {
             mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
         }
         int r = load_private_key_rsa(&ctx, ef);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_rsa_free(&ctx);
-            if (r == CCID_VERIFICATION_FAILED) {
+            if (r == PICOKEY_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
             return SW_EXEC_ERROR();
@@ -178,7 +178,7 @@ int cmd_decrypt_asym() {
                     if (file_get_size(tf) == kdom_uid.len &&
                         memcmp(file_get_data(tf), kdom_uid.data, kdom_uid.len) == 0) {
                         file_new(EF_DKEK + n);
-                        if (store_dkek_key(n, res_APDU + 1) != CCID_OK) {
+                        if (store_dkek_key(n, res_APDU + 1) != PICOKEY_OK) {
                             return SW_EXEC_ERROR();
                         }
                         mbedtls_platform_zeroize(res_APDU, 32);

src/hsm/cmd_delete_file.c

@@ -38,7 +38,7 @@ int cmd_delete_file() {
     if (!authenticate_action(ef, ACL_OP_DELETE_SELF)) {
         return SW_SECURITY_STATUS_NOT_SATISFIED();
     }
-    if (delete_file(ef) != CCID_OK) {
+    if (delete_file(ef) != PICOKEY_OK) {
         return SW_EXEC_ERROR();
     }
     return SW_OK();

src/hsm/cmd_derive_asym.c

@@ -57,9 +57,9 @@ int cmd_derive_asym() {
 
         int r;
         r = load_private_key_ecdsa(&ctx, fkey);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_ecdsa_free(&ctx);
-            if (r == CCID_VERIFICATION_FAILED) {
+            if (r == PICOKEY_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
             return SW_EXEC_ERROR();
@@ -88,7 +88,7 @@ int cmd_derive_asym() {
             return SW_EXEC_ERROR();
         }
         r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_ecdsa_free(&ctx);
             return SW_EXEC_ERROR();
         }

src/hsm/cmd_extras.c

@@ -209,47 +209,38 @@ int cmd_extras() {
             }
         }
         else {
-            uint8_t tmp[PHY_MAX_SIZE];
-            memset(tmp, 0, sizeof(tmp));
-            uint16_t opts = 0;
-            if (file_has_data(ef_phy)) {
-                memcpy(tmp, file_get_data(ef_phy), MIN(sizeof(tmp), file_get_size(ef_phy)));
-                if (file_get_size(ef_phy) >= 8) {
-                    opts = (tmp[PHY_OPTS] << 8) | tmp[PHY_OPTS + 1];
-                }
-            }
-            if (P2(apdu) == PHY_VID) { // VIDPID
+            if (P2(apdu) == PHY_VIDPID) { // VIDPID
                 if (apdu.nc != 4) {
                     return SW_WRONG_LENGTH();
                 }
-                memcpy(tmp + PHY_VID, apdu.data, 4);
-                opts |= PHY_OPT_VPID;
+                phy_data.vid = (apdu.data[0] << 8) | apdu.data[1];
+                phy_data.pid = (apdu.data[2] << 8) | apdu.data[3];
+                phy_data.vidpid_present = true;
             }
-            else if (P2(apdu) == PHY_LED_GPIO || P2(apdu) == PHY_LED_BTNESS) {
-                if (apdu.nc != 1) {
-                    return SW_WRONG_LENGTH();
-                }
-                tmp[P2(apdu)] = apdu.data[0];
-                if (P2(apdu) == PHY_LED_GPIO) {
-                    opts |= PHY_OPT_GPIO;
-                }
-                else if (P2(apdu) == PHY_LED_BTNESS) {
-                    opts |= PHY_OPT_BTNESS;
-                }
+            else if (P2(apdu) == PHY_LED_GPIO) {
+                phy_data.led_gpio = apdu.data[0];
+                phy_data.led_gpio_present = true;
+            }
+            else if (P2(apdu) == PHY_LED_BTNESS) {
+                phy_data.led_brightness = apdu.data[0];
+                phy_data.led_brightness_present = true;
             }
             else if (P2(apdu) == PHY_OPTS) {
                 if (apdu.nc != 2) {
                     return SW_WRONG_LENGTH();
                 }
-                uint16_t opt = (apdu.data[0] << 8) | apdu.data[1];
-                opts = (opts & ~PHY_OPT_MASK) | (opt & PHY_OPT_MASK);
+                phy_data.opts = (apdu.data[0] << 8) | apdu.data[1];
             }
             else {
                 return SW_INCORRECT_P1P2();
             }
-            tmp[PHY_OPTS] = opts >> 8;
-            tmp[PHY_OPTS + 1] = opts & 0xff;
-            file_put_data(ef_phy, tmp, sizeof(tmp));
+            uint8_t tmp[PHY_MAX_SIZE];
+            uint16_t tmp_len = 0;
+            memset(tmp, 0, sizeof(tmp));
+            if (phy_serialize_data(&phy_data, tmp, &tmp_len) != PICOKEY_OK) {
+                return SW_EXEC_ERROR();
+            }
+            file_put_data(ef_phy, tmp, tmp_len);
             low_flash_available();
         }
     }

src/hsm/cmd_general_authenticate.c

@@ -47,7 +47,7 @@ int cmd_general_authenticate() {
             mbedtls_ecdsa_context ectx;
             mbedtls_ecdsa_init(&ectx);
             r = load_private_key_ecdsa(&ectx, fkey);
-            if (r != CCID_OK) {
+            if (r != PICOKEY_OK) {
                 mbedtls_ecdsa_free(&ectx);
                 return SW_EXEC_ERROR();
             }
@@ -106,7 +106,7 @@ int cmd_general_authenticate() {
             r = sm_sign(t, pubkey_len + 16, res_APDU + res_APDU_size);
 
             free(t);
-            if (r != CCID_OK) {
+            if (r != PICOKEY_OK) {
                 return SW_EXEC_ERROR();
             }
             res_APDU_size += 8;

src/hsm/cmd_initialize.c

@@ -132,10 +132,10 @@ int cmd_initialize() {
             release_mkek(mkek);
             return SW_EXEC_ERROR();
         }
-        if (ret_mkek != CCID_OK) {
+        if (ret_mkek != PICOKEY_OK) {
             ret_mkek = load_mkek(mkek); //Try again with new PIN/SO-PIN just in case some is the same
         }
-        if (store_mkek(ret_mkek == CCID_OK ? mkek : NULL) != CCID_OK) {
+        if (store_mkek(ret_mkek == PICOKEY_OK ? mkek : NULL) != PICOKEY_OK) {
             release_mkek(mkek);
             return SW_EXEC_ERROR();
         }
@@ -143,31 +143,31 @@ int cmd_initialize() {
         if (dkeks) {
             if (*dkeks > 0) {
                 uint16_t d = *dkeks;
-                if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
+                if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
                     return SW_EXEC_ERROR();
                 }
             }
             else {
                 int r = save_dkek_key(0, random_bytes_get(32));
-                if (r != CCID_OK) {
+                if (r != PICOKEY_OK) {
                     return SW_EXEC_ERROR();
                 }
                 uint16_t d = 0x0101;
-                if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
+                if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
                     return SW_EXEC_ERROR();
                 }
             }
         }
         else {
             uint16_t d = 0x0000;
-            if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
+            if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
                 return SW_EXEC_ERROR();
             }
         }
         if (kds) {
             uint8_t t[MAX_KEY_DOMAINS * 2], k = MIN(*kds, MAX_KEY_DOMAINS);
             memset(t, 0xff, 2 * k);
-            if (file_put_data(tf_kd, t, 2 * k) != CCID_OK) {
+            if (file_put_data(tf_kd, t, 2 * k) != PICOKEY_OK) {
                 return SW_EXEC_ERROR();
             }
         }
@@ -179,7 +179,7 @@ int cmd_initialize() {
             return SW_EXEC_ERROR();
         }
         int ret = 0;
-        if (ret_mkek != CCID_OK || !file_has_data(fdkey)) {
+        if (ret_mkek != PICOKEY_OK || !file_has_data(fdkey)) {
             mbedtls_ecdsa_context ecdsa;
             mbedtls_ecdsa_init(&ecdsa);
             mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
@@ -190,7 +190,7 @@ int cmd_initialize() {
                 return SW_EXEC_ERROR();
             }
             ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
-            if (ret != CCID_OK) {
+            if (ret != PICOKEY_OK) {
                 mbedtls_ecdsa_free(&ecdsa);
                 return SW_EXEC_ERROR();
             }

src/hsm/cmd_key_domain.c

@@ -72,8 +72,8 @@ int cmd_key_domain() {
             import_dkek_share(p2, apdu.data);
             if (++current_dkeks >= dkeks) {
                 int r = save_dkek_key(p2, NULL);
-                if (r != CCID_OK) {
-                    if (r == CCID_NO_LOGIN) {
+                if (r != PICOKEY_OK) {
+                    if (r == PICOKEY_NO_LOGIN) {
                         pending_save_dkek = p2;
                     }
                     else {
@@ -86,7 +86,7 @@ int cmd_key_domain() {
             uint8_t t[MAX_KEY_DOMAINS * 2];
             memcpy(t, kdata, tf_kd_size);
             t[2 * p2 + 1] = current_dkeks;
-            if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
+            if (file_put_data(tf_kd, t, tf_kd_size) != PICOKEY_OK) {
                 return SW_EXEC_ERROR();
             }
             low_flash_available();
@@ -129,17 +129,17 @@ int cmd_key_domain() {
         else if (p1 == 0x4) {
             t[2 * p2 + 1] = current_dkeks = 0;
         }
-        if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
+        if (file_put_data(tf_kd, t, tf_kd_size) != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
         file_t *tf = NULL;
         if ((tf = search_file(EF_DKEK + p2))) {
-            if (delete_file(tf) != CCID_OK) {
+            if (delete_file(tf) != PICOKEY_OK) {
                 return SW_EXEC_ERROR();
             }
         }
         if (p1 == 0x3 && (tf = search_file(EF_XKEK + p2))) {
-            if (delete_file(tf) != CCID_OK) {
+            if (delete_file(tf) != PICOKEY_OK) {
                 return SW_EXEC_ERROR();
             }
         }

src/hsm/cmd_key_gen.c

@@ -56,10 +56,10 @@ int cmd_key_gen() {
         aes_type = PICO_KEYS_KEY_AES_512;
     }
     r = store_keys(aes_key, aes_type, key_id);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return SW_MEMORY_FAILURE();
     }
-    if (find_and_store_meta_key(key_id) != CCID_OK) {
+    if (find_and_store_meta_key(key_id) != PICOKEY_OK) {
         return SW_EXEC_ERROR();
     }
     low_flash_available();

src/hsm/cmd_key_unwrap.c

@@ -51,8 +51,8 @@ int cmd_key_unwrap() {
         mbedtls_rsa_init(&ctx);
         do {
             r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
-        } while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
-        if (r != CCID_OK) {
+        } while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
+        if (r != PICOKEY_OK) {
             mbedtls_rsa_free(&ctx);
             return SW_EXEC_ERROR();
         }
@@ -62,7 +62,7 @@ int cmd_key_unwrap() {
             return SW_EXEC_ERROR();
         }
         mbedtls_rsa_free(&ctx);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
     }
@@ -71,8 +71,8 @@ int cmd_key_unwrap() {
         mbedtls_ecdsa_init(&ctx);
         do {
             r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
-        } while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
-        if (r != CCID_OK) {
+        } while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
+        if (r != PICOKEY_OK) {
             mbedtls_ecdsa_free(&ctx);
             return SW_EXEC_ERROR();
         }
@@ -82,7 +82,7 @@ int cmd_key_unwrap() {
             return SW_EXEC_ERROR();
         }
         mbedtls_ecdsa_free(&ctx);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
     }
@@ -97,8 +97,8 @@ int cmd_key_unwrap() {
                                 &key_size,
                                 &allowed,
                                 &allowed_len);
-        } while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
-        if (r != CCID_OK) {
+        } while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
         if (key_size == 64) {
@@ -117,7 +117,7 @@ int cmd_key_unwrap() {
             return SW_EXEC_ERROR();
         }
         r = store_keys(aes_key, aes_type, key_id);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
     }
@@ -136,7 +136,7 @@ int cmd_key_unwrap() {
         }
         r = meta_add((KEY_PREFIX << 8) | key_id, meta, meta_len);
         free(meta);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return r;
         }
     }

src/hsm/cmd_key_wrap.c

@@ -60,9 +60,9 @@ int cmd_key_wrap() {
         mbedtls_rsa_context ctx;
         mbedtls_rsa_init(&ctx);
         r = load_private_key_rsa(&ctx, ef);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_rsa_free(&ctx);
-            if (r == CCID_VERIFICATION_FAILED) {
+            if (r == PICOKEY_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
             return SW_EXEC_ERROR();
@@ -74,9 +74,9 @@ int cmd_key_wrap() {
         mbedtls_ecdsa_context ctx;
         mbedtls_ecdsa_init(&ctx);
         r = load_private_key_ecdsa(&ctx, ef);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_ecdsa_free(&ctx);
-            if (r == CCID_VERIFICATION_FAILED) {
+            if (r == PICOKEY_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
             return SW_EXEC_ERROR();
@@ -110,7 +110,7 @@ int cmd_key_wrap() {
         r = dkek_encode_key(kdom, kdata_aes, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
         mbedtls_platform_zeroize(kdata_aes, sizeof(kdata_aes));
     }
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return SW_EXEC_ERROR();
     }
     res_APDU_size = wrap_len;

src/hsm/cmd_keypair_gen.c

@@ -63,7 +63,7 @@ int cmd_keypair_gen() {
                     return SW_EXEC_ERROR();
                 }
                 ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
-                if (ret != CCID_OK) {
+                if (ret != PICOKEY_OK) {
                     mbedtls_rsa_free(&rsa);
                     return SW_EXEC_ERROR();
                 }
@@ -131,7 +131,7 @@ int cmd_keypair_gen() {
                 }
                 ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
                 mbedtls_ecdsa_free(&ecdsa);
-                if (ret != CCID_OK) {
+                if (ret != PICOKEY_OK) {
                     return SW_EXEC_ERROR();
                 }
             }
@@ -141,7 +141,7 @@ int cmd_keypair_gen() {
     else {
         return SW_WRONG_DATA();
     }
-    if (find_and_store_meta_key(key_id) != CCID_OK) {
+    if (find_and_store_meta_key(key_id) != PICOKEY_OK) {
         return SW_EXEC_ERROR();
     }
     file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id);

src/hsm/cmd_mse.c

@@ -51,7 +51,7 @@ int cmd_mse() {
                 }
                 else {
                     if (p2 == 0xB6) {
-                        if (puk_store_select_chr(tag_data) == CCID_OK) {
+                        if (puk_store_select_chr(tag_data) == PICOKEY_OK) {
                             return SW_OK();
                         }
                     }

src/hsm/cmd_pso.c

@@ -40,11 +40,11 @@ int cmd_pso() {
             apdu.nc += tlv_len;
         }
         int r = cvc_verify(apdu.data, (uint16_t)apdu.nc, current_puk->cvcert, current_puk->cvcert_len);
-        if (r != CCID_OK) {
-            if (r == CCID_WRONG_DATA) {
+        if (r != PICOKEY_OK) {
+            if (r == PICOKEY_WRONG_DATA) {
                 return SW_DATA_INVALID();
             }
-            else if (r == CCID_WRONG_SIGNATURE) {
+            else if (r == PICOKEY_WRONG_SIGNATURE) {
                 return SW_CONDITIONS_NOT_SATISFIED();
             }
             return SW_EXEC_ERROR();
@@ -56,7 +56,7 @@ int cmd_pso() {
                 ca_ef = file_new(fid);
                 file_put_data(ca_ef, apdu.data, (uint16_t)apdu.nc);
                 if (add_cert_puk_store(file_get_data(ca_ef), file_get_size(ca_ef),
-                                       false) != CCID_OK) {
+                                       false) != PICOKEY_OK) {
                     return SW_FILE_FULL();
                 }
 

src/hsm/cmd_reset_retry.c

@@ -59,19 +59,19 @@ int cmd_reset_retry() {
         dhash[0] = newpin_len;
         double_hash_pin(apdu.data + (apdu.nc - newpin_len), newpin_len, dhash + 1);
         file_put_data(file_pin1, dhash, sizeof(dhash));
-        if (pin_reset_retries(file_pin1, true) != CCID_OK) {
+        if (pin_reset_retries(file_pin1, true) != PICOKEY_OK) {
             return SW_MEMORY_FAILURE();
         }
         uint8_t mkek[MKEK_SIZE];
         int r = load_mkek(mkek); //loads the MKEK with SO pin
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
         hash_multi(apdu.data + (apdu.nc - newpin_len), newpin_len, session_pin);
         has_session_pin = true;
         r = store_mkek(mkek);
         release_mkek(mkek);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
         low_flash_available();
@@ -99,7 +99,7 @@ int cmd_reset_retry() {
                 return SW_WRONG_LENGTH();
             }
         }
-        if (pin_reset_retries(file_pin1, true) != CCID_OK) {
+        if (pin_reset_retries(file_pin1, true) != PICOKEY_OK) {
             return SW_MEMORY_FAILURE();
         }
         return SW_OK();

src/hsm/cmd_signature.c

@@ -82,17 +82,17 @@ int pkcs1_strip_digest_info_prefix(mbedtls_md_type_t *algorithm,
                 *algorithm = digest_info_prefix[i].algorithm;
             }
             if (out_dat == NULL) {
-                return CCID_OK;
+                return PICOKEY_OK;
             }
             if (*out_len < hash_len) {
-                return CCID_WRONG_DATA;
+                return PICOKEY_WRONG_DATA;
             }
             memmove(out_dat, in_dat + hdr_len, hash_len);
             *out_len = hash_len;
-            return CCID_OK;
+            return PICOKEY_OK;
         }
     }
-    return CCID_EXEC_ERROR;
+    return PICOKEY_EXEC_ERROR;
 }
 //-----
 
@@ -142,9 +142,9 @@ int cmd_signature() {
         mbedtls_rsa_init(&ctx);
 
         int r = load_private_key_rsa(&ctx, fkey);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_rsa_free(&ctx);
-            if (r == CCID_VERIFICATION_FAILED) {
+            if (r == PICOKEY_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
             return SW_EXEC_ERROR();
@@ -153,7 +153,7 @@ int cmd_signature() {
         if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached
             uint16_t nc = (uint16_t)apdu.nc;
             if (pkcs1_strip_digest_info_prefix(&md, apdu.data, (uint16_t)apdu.nc, apdu.data,
-                                               &nc) != CCID_OK) {                                   //gets the MD algo id and strips it off
+                                               &nc) != PICOKEY_OK) {                                   //gets the MD algo id and strips it off
                 return SW_EXEC_ERROR();
             }
             apdu.nc = nc;
@@ -264,9 +264,9 @@ int cmd_signature() {
             md = MBEDTLS_MD_SHA512;
         }
         int r = load_private_key_ecdsa(&ctx, fkey);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_ecdsa_free(&ctx);
-            if (r == CCID_VERIFICATION_FAILED) {
+            if (r == PICOKEY_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
             return SW_EXEC_ERROR();

src/hsm/cmd_update_ef.c

@@ -78,7 +78,7 @@ int cmd_update_ef() {
         }
         if (offset == 0) {
             int r = file_put_data(ef, data, data_len);
-            if (r != CCID_OK) {
+            if (r != PICOKEY_OK) {
                 return SW_MEMORY_FAILURE();
             }
         }
@@ -92,7 +92,7 @@ int cmd_update_ef() {
             memcpy(data_merge + offset, data, data_len);
             int r = file_put_data(ef, data_merge, offset + data_len);
             free(data_merge);
-            if (r != CCID_OK) {
+            if (r != PICOKEY_OK) {
                 return SW_MEMORY_FAILURE();
             }
         }

src/hsm/cvc.c

@@ -328,7 +328,7 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
     }
     mbedtls_ecdsa_context ectx;
     mbedtls_ecdsa_init(&ectx);
-    if (load_private_key_ecdsa(&ectx, fkey) != CCID_OK) {
+    if (load_private_key_ecdsa(&ectx, fkey) != PICOKEY_OK) {
         mbedtls_ecdsa_free(&ectx);
         return 0;
     }
@@ -692,12 +692,12 @@ int puk_verify(const uint8_t *sig,
     uint16_t puk_len = 0;
     const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
     if (!puk) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     uint16_t oid_len = 0;
     const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
     if (!oid) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
         uint16_t t81_len = 0, t82_len = 0;
@@ -706,7 +706,7 @@ int puk_verify(const uint8_t *sig,
                                                                                                &t81_len,
                                                                                                0x82);
         if (!t81 || !t82) {
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
         mbedtls_rsa_context rsa;
         mbedtls_rsa_init(&rsa);
@@ -734,32 +734,32 @@ int puk_verify(const uint8_t *sig,
         }
         if (md == MBEDTLS_MD_NONE) {
             mbedtls_rsa_free(&rsa);
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
         int r = mbedtls_mpi_read_binary(&rsa.N, t81, t81_len);
         if (r != 0) {
             mbedtls_rsa_free(&rsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         r = mbedtls_mpi_read_binary(&rsa.E, t82, t82_len);
         if (r != 0) {
             mbedtls_rsa_free(&rsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         r = mbedtls_rsa_complete(&rsa);
         if (r != 0) {
             mbedtls_rsa_free(&rsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         r = mbedtls_rsa_check_pubkey(&rsa);
         if (r != 0) {
             mbedtls_rsa_free(&rsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         r = mbedtls_rsa_pkcs1_verify(&rsa, md, (unsigned int)hash_len, hash, sig);
         mbedtls_rsa_free(&rsa);
         if (r != 0) {
-            return CCID_WRONG_SIGNATURE;
+            return PICOKEY_WRONG_SIGNATURE;
         }
     }
     else if (memcmp(oid, OID_ID_TA_ECDSA, 9) == 0) {   //ECC
@@ -780,34 +780,34 @@ int puk_verify(const uint8_t *sig,
             md = MBEDTLS_MD_SHA512;
         }
         if (md == MBEDTLS_MD_NONE) {
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
 
         uint16_t t86_len = 0;
         const uint8_t *t86 = cvc_get_field(puk, puk_len, &t86_len, 0x86);
         if (!t86) {
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
         mbedtls_ecp_group_id ec_id = cvc_inherite_ec_group(ca, ca_len);
         if (ec_id == MBEDTLS_ECP_DP_NONE) {
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
         mbedtls_ecdsa_context ecdsa;
         mbedtls_ecdsa_init(&ecdsa);
         int ret = mbedtls_ecp_group_load(&ecdsa.grp, ec_id);
         if (ret != 0) {
             mbedtls_ecdsa_free(&ecdsa);
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
         ret = mbedtls_ecp_point_read_binary(&ecdsa.grp, &ecdsa.Q, t86, t86_len);
         if (ret != 0) {
             mbedtls_ecdsa_free(&ecdsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         ret = mbedtls_ecp_check_pubkey(&ecdsa.grp, &ecdsa.Q);
         if (ret != 0) {
             mbedtls_ecdsa_free(&ecdsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         mbedtls_mpi r, s;
         mbedtls_mpi_init(&r);
@@ -817,44 +817,44 @@ int puk_verify(const uint8_t *sig,
             mbedtls_mpi_free(&r);
             mbedtls_mpi_free(&s);
             mbedtls_ecdsa_free(&ecdsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         ret = mbedtls_mpi_read_binary(&s, sig + sig_len / 2, sig_len / 2);
         if (ret != 0) {
             mbedtls_mpi_free(&r);
             mbedtls_mpi_free(&s);
             mbedtls_ecdsa_free(&ecdsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         ret = mbedtls_ecdsa_verify(&ecdsa.grp, hash, hash_len, &ecdsa.Q, &r, &s);
         mbedtls_mpi_free(&r);
         mbedtls_mpi_free(&s);
         mbedtls_ecdsa_free(&ecdsa);
         if (ret != 0) {
-            return CCID_WRONG_SIGNATURE;
+            return PICOKEY_WRONG_SIGNATURE;
         }
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16_t ca_len) {
     uint16_t puk_len = 0;
     const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
     if (!puk) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     uint16_t oid_len = 0, cv_body_len = 0, sig_len = 0;
     const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
     const uint8_t *cv_body = cvc_get_body(cert, cert_len, &cv_body_len);
     const uint8_t *sig = cvc_get_sig(cert, cert_len, &sig_len);
     if (!sig) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     if (!cv_body) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     if (!oid) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     mbedtls_md_type_t md = MBEDTLS_MD_NONE;
     if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
@@ -895,18 +895,18 @@ int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16
         }
     }
     if (md == MBEDTLS_MD_NONE) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md);
     uint8_t hash[64], hash_len = mbedtls_md_get_size(md_info);
     uint8_t tlv_body = 2 + format_tlv_len(cv_body_len, NULL);
     int r = mbedtls_md(md_info, cv_body - tlv_body, cv_body_len + tlv_body, hash);
     if (r != 0) {
-        return CCID_EXEC_ERROR;
+        return PICOKEY_EXEC_ERROR;
     }
     r = puk_verify(sig, sig_len, hash, hash_len, ca, ca_len);
     if (r != 0) {
-        return CCID_WRONG_SIGNATURE;
+        return PICOKEY_WRONG_SIGNATURE;
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }

src/hsm/kek.c

@@ -52,7 +52,7 @@ uint32_t crc32c(const uint8_t *buf, size_t len) {
 
 int load_mkek(uint8_t *mkek) {
     if (has_session_pin == false && has_session_sopin == false) {
-        return CCID_NO_LOGIN;
+        return PICOKEY_NO_LOGIN;
     }
     const uint8_t *pin = NULL;
     if (pin == NULL && has_session_pin == true) {
@@ -70,15 +70,15 @@ int load_mkek(uint8_t *mkek) {
         }
     }
     if (pin == NULL) { //Should never happen
-        return CCID_EXEC_ERROR;
+        return PICOKEY_EXEC_ERROR;
     }
 
     int ret = aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
     if (ret != 0) {
-        return CCID_EXEC_ERROR;
+        return PICOKEY_EXEC_ERROR;
     }
     if (crc32c(MKEK_KEY(mkek), MKEK_KEY_SIZE) != *(uint32_t *) MKEK_CHECKSUM(mkek)) {
-        return CCID_WRONG_DKEK;
+        return PICOKEY_WRONG_DKEK;
     }
     if (has_mkek_mask || otp_key_1) {
         const uint8_t *mask = otp_key_1 ? otp_key_1 : mkek_mask;
@@ -86,7 +86,7 @@ int load_mkek(uint8_t *mkek) {
             MKEK_KEY(mkek)[i] ^= mask[i];
         }
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 mse_t mse = { .init = false };
@@ -103,7 +103,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
 int load_dkek(uint8_t id, uint8_t *dkek) {
     file_t *tf = search_file(EF_DKEK + id);
     if (!file_has_data(tf)) {
-        return CCID_ERR_FILE_NOT_FOUND;
+        return PICOKEY_ERR_FILE_NOT_FOUND;
     }
     memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
     return mkek_decrypt(dkek, DKEK_KEY_SIZE);
@@ -115,7 +115,7 @@ void release_mkek(uint8_t *mkek) {
 
 int store_mkek(const uint8_t *mkek) {
     if (has_session_pin == false && has_session_sopin == false) {
-        return CCID_NO_LOGIN;
+        return PICOKEY_NO_LOGIN;
     }
     uint8_t tmp_mkek[MKEK_SIZE];
     if (mkek == NULL) {
@@ -133,7 +133,7 @@ int store_mkek(const uint8_t *mkek) {
         if (!tf) {
             release_mkek(tmp_mkek);
             release_mkek(tmp_mkek_pin);
-            return CCID_ERR_FILE_NOT_FOUND;
+            return PICOKEY_ERR_FILE_NOT_FOUND;
         }
         aes_encrypt_cfb_256(session_pin, MKEK_IV(tmp_mkek_pin), MKEK_KEY(tmp_mkek_pin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
         file_put_data(tf, tmp_mkek_pin, MKEK_SIZE);
@@ -146,7 +146,7 @@ int store_mkek(const uint8_t *mkek) {
         if (!tf) {
             release_mkek(tmp_mkek);
             release_mkek(tmp_mkek_sopin);
-            return CCID_ERR_FILE_NOT_FOUND;
+            return PICOKEY_ERR_FILE_NOT_FOUND;
         }
         aes_encrypt_cfb_256(session_sopin, MKEK_IV(tmp_mkek_sopin), MKEK_KEY(tmp_mkek_sopin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
         file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE);
@@ -154,21 +154,21 @@ int store_mkek(const uint8_t *mkek) {
     }
     low_flash_available();
     release_mkek(tmp_mkek);
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int store_dkek_key(uint8_t id, uint8_t *dkek) {
     file_t *tf = search_file(EF_DKEK + id);
     if (!tf) {
-        return CCID_ERR_FILE_NOT_FOUND;
+        return PICOKEY_ERR_FILE_NOT_FOUND;
     }
     int r = mkek_encrypt(dkek, DKEK_KEY_SIZE);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
     file_put_data(tf, dkek, DKEK_KEY_SIZE);
     low_flash_available();
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int save_dkek_key(uint8_t id, const uint8_t *key) {
@@ -176,7 +176,7 @@ int save_dkek_key(uint8_t id, const uint8_t *key) {
     if (!key) {
         file_t *tf = search_file(EF_DKEK + id);
         if (!tf) {
-            return CCID_ERR_FILE_NOT_FOUND;
+            return PICOKEY_ERR_FILE_NOT_FOUND;
         }
         memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
     }
@@ -190,7 +190,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
     uint8_t tmp_dkek[DKEK_KEY_SIZE];
     file_t *tf = search_file(EF_DKEK + id);
     if (!tf) {
-        return CCID_ERR_FILE_NOT_FOUND;
+        return PICOKEY_ERR_FILE_NOT_FOUND;
     }
     memset(tmp_dkek, 0, sizeof(tmp_dkek));
     if (file_get_size(tf) == DKEK_KEY_SIZE) {
@@ -201,7 +201,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
     }
     file_put_data(tf, tmp_dkek, DKEK_KEY_SIZE);
     low_flash_available();
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
@@ -209,45 +209,45 @@ int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
     memset(kcv, 0, 8);
     memset(hsh, 0, sizeof(hsh));
     int r = load_dkek(id, dkek);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
     hash256(dkek, DKEK_KEY_SIZE, hsh);
     mbedtls_platform_zeroize(dkek, sizeof(dkek));
     memcpy(kcv, hsh, 8);
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int dkek_kenc(uint8_t id, uint8_t *kenc) { //kenc 32 bytes
     uint8_t dkek[DKEK_KEY_SIZE + 4];
     memset(kenc, 0, 32);
     int r = load_dkek(id, dkek);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
     memcpy(dkek + DKEK_KEY_SIZE, "\x0\x0\x0\x1", 4);
     hash256(dkek, sizeof(dkek), kenc);
     mbedtls_platform_zeroize(dkek, sizeof(dkek));
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int dkek_kmac(uint8_t id, uint8_t *kmac) { //kmac 32 bytes
     uint8_t dkek[DKEK_KEY_SIZE + 4];
     memset(kmac, 0, 32);
     int r = load_dkek(id, dkek);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
     memcpy(dkek + DKEK_KEY_SIZE, "\x0\x0\x0\x2", 4);
     hash256(dkek, DKEK_KEY_SIZE + 4, kmac);
     mbedtls_platform_zeroize(dkek, sizeof(dkek));
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int mkek_encrypt(uint8_t *data, uint16_t len) {
     int r;
     uint8_t mkek[MKEK_SIZE + 4];
-    if ((r = load_mkek(mkek)) != CCID_OK) {
+    if ((r = load_mkek(mkek)) != PICOKEY_OK) {
         return r;
     }
     r = aes_encrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
@@ -258,7 +258,7 @@ int mkek_encrypt(uint8_t *data, uint16_t len) {
 int mkek_decrypt(uint8_t *data, uint16_t len) {
     int r;
     uint8_t mkek[MKEK_SIZE + 4];
-    if ((r = load_mkek(mkek)) != CCID_OK) {
+    if ((r = load_mkek(mkek)) != PICOKEY_OK) {
         return r;
     }
     r = aes_decrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
@@ -268,7 +268,7 @@ int mkek_decrypt(uint8_t *data, uint16_t len) {
 
 int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint16_t *out_len, const uint8_t *allowed, uint16_t allowed_len) {
     if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
 
     uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096  (plus, 13 bytes padding)
@@ -280,21 +280,21 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
     uint8_t kenc[32];
     memset(kenc, 0, sizeof(kenc));
     r = dkek_kenc(id, kenc);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
 
     uint8_t kcv[8];
     memset(kcv, 0, sizeof(kcv));
     r = dkek_kcv(id, kcv);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
 
     uint8_t kmac[32];
     memset(kmac, 0, sizeof(kmac));
     r = dkek_kmac(id, kmac);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
 
@@ -313,10 +313,10 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
         }
 
         if (kb_len != 16 && kb_len != 24 && kb_len != 32 && kb_len != 64) {
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
         if (*out_len < 8 + 1 + 10 + 6 + (2 + 64 + 14) + 16) { // 14 bytes padding
-            return CCID_WRONG_LENGTH;
+            return PICOKEY_WRONG_LENGTH;
         }
 
         put_uint16_t(kb_len, kb + 8);
@@ -328,7 +328,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
     }
     else if (key_type & PICO_KEYS_KEY_RSA) {
         if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13) + 16) { //13 bytes pading
-            return CCID_WRONG_LENGTH;
+            return PICOKEY_WRONG_LENGTH;
         }
         mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
         kb_len = 0;
@@ -349,7 +349,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
     }
     else if (key_type & PICO_KEYS_KEY_EC) {
         if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 8 + 9 * 66 + 2 + 4) + 16) { //4 bytes pading
-            return CCID_WRONG_LENGTH;
+            return PICOKEY_WRONG_LENGTH;
         }
         mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
         kb_len = 0;
@@ -430,7 +430,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
         kb[kb_len] = 0x80;
     }
     r = aes_encrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, kb_len_pad);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
 
@@ -443,7 +443,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
     if (r != 0) {
         return r;
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int dkek_type_key(const uint8_t *in) {
@@ -464,54 +464,54 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
     int r = 0;
     memset(kcv, 0, sizeof(kcv));
     r = dkek_kcv(id, kcv);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
 
     uint8_t kmac[32];
     memset(kmac, 0, sizeof(kmac));
     r = dkek_kmac(id, kmac);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
 
     uint8_t kenc[32];
     memset(kenc, 0, sizeof(kenc));
     r = dkek_kenc(id, kenc);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
 
     if (memcmp(kcv, in, 8) != 0) {
-        return CCID_WRONG_DKEK;
+        return PICOKEY_WRONG_DKEK;
     }
 
     uint8_t signature[16];
     r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, in, in_len - 16, signature);
     if (r != 0) {
-        return CCID_WRONG_SIGNATURE;
+        return PICOKEY_WRONG_SIGNATURE;
     }
     if (memcmp(signature, in + in_len - 16, 16) != 0) {
-        return CCID_WRONG_SIGNATURE;
+        return PICOKEY_WRONG_SIGNATURE;
     }
 
     int key_type = in[8];
     if (key_type != 5 && key_type != 6 && key_type != 12 && key_type != 15) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
 
     if ((key_type == 5 || key_type == 6) &&
         memcmp(in + 9, "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x01\x02", 12) != 0) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
 
     if (key_type == 12 &&
         memcmp(in + 9, "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03", 12) != 0) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
 
     if (key_type == 15 && memcmp(in + 9, "\x00\x08\x60\x86\x48\x01\x65\x03\x04\x01", 10) != 0) {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
 
     uint16_t ofs = 9;
@@ -535,13 +535,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
     ofs += len + 2;
 
     if ((in_len - 16 - ofs) % 16 != 0) {
-        return CCID_WRONG_PADDING;
+        return PICOKEY_WRONG_PADDING;
     }
     uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096  (plus, 13 bytes padding)
     memset(kb, 0, sizeof(kb));
     memcpy(kb, in + ofs, in_len - 16 - ofs);
     r = aes_decrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, in_len - 16 - ofs);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
 
@@ -558,14 +558,14 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
             r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len;
             if (r != 0) {
                 mbedtls_rsa_free(rsa);
-                return CCID_WRONG_DATA;
+                return PICOKEY_WRONG_DATA;
             }
 
             len = get_uint16_t(kb, ofs); ofs += 2;
             r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len;
             if (r != 0) {
                 mbedtls_rsa_free(rsa);
-                return CCID_WRONG_DATA;
+                return PICOKEY_WRONG_DATA;
             }
         }
         else if (key_type == 6) {
@@ -579,7 +579,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
             r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len;
             if (r != 0) {
                 mbedtls_rsa_free(rsa);
-                return CCID_WRONG_DATA;
+                return PICOKEY_WRONG_DATA;
             }
 
             //PQ
@@ -589,7 +589,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
             r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len;
             if (r != 0) {
                 mbedtls_rsa_free(rsa);
-                return CCID_WRONG_DATA;
+                return PICOKEY_WRONG_DATA;
             }
             //N
             len = get_uint16_t(kb, ofs); ofs += len + 2;
@@ -599,33 +599,33 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
         r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len;
         if (r != 0) {
             mbedtls_rsa_free(rsa);
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
 
         if (key_type == 5) {
             r = mbedtls_rsa_import(rsa, &rsa->N, NULL, NULL, &rsa->D, &rsa->E);
             if (r != 0) {
                 mbedtls_rsa_free(rsa);
-                return CCID_EXEC_ERROR;
+                return PICOKEY_EXEC_ERROR;
             }
         }
         else if (key_type == 6) {
             r = mbedtls_rsa_import(rsa, NULL, &rsa->P, &rsa->Q, NULL, &rsa->E);
             if (r != 0) {
                 mbedtls_rsa_free(rsa);
-                return CCID_EXEC_ERROR;
+                return PICOKEY_EXEC_ERROR;
             }
         }
 
         r = mbedtls_rsa_complete(rsa);
         if (r != 0) {
             mbedtls_rsa_free(rsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         r = mbedtls_rsa_check_privkey(rsa);
         if (r != 0) {
             mbedtls_rsa_free(rsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
     }
     else if (key_type == 12) {
@@ -643,7 +643,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
         mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len);
         if (ec_id == MBEDTLS_ECP_DP_NONE) {
             mbedtls_ecdsa_free(ecdsa);
-            return CCID_WRONG_DATA;
+            return PICOKEY_WRONG_DATA;
         }
         ofs += len;
 
@@ -658,7 +658,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
         r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len);
         if (r != 0) {
             mbedtls_ecdsa_free(ecdsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
         ofs += len;
 
@@ -669,17 +669,17 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
             r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
             if (r != 0) {
                 mbedtls_ecdsa_free(ecdsa);
-                return CCID_EXEC_ERROR;
+                return PICOKEY_EXEC_ERROR;
             }
         }
         r = mbedtls_ecp_check_pub_priv(ecdsa, ecdsa, random_gen, NULL);
         if (r != 0) {
             mbedtls_ecdsa_free(ecdsa);
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
     }
     else if (key_type == 15) {
         memcpy(key_ctx, kb + ofs, key_size);
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }

src/hsm/sc_hsm.c

@@ -85,7 +85,7 @@ int sc_hsm_select_aid(app_t *a, uint8_t force) {
     a->process_apdu = sc_hsm_process_apdu;
     a->unload = sc_hsm_unload;
     init_sc_hsm();
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 INITIALIZER( sc_hsm_ctor ) {
@@ -178,10 +178,10 @@ uint8_t puk_status[MAX_PUK];
 
 int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
     if (data == NULL || data_len == 0) {
-        return CCID_ERR_NULL_PARAM;
+        return PICOKEY_ERR_NULL_PARAM;
     }
     if (puk_store_entries == MAX_PUK_STORE_ENTRIES) {
-        return CCID_ERR_MEMORY_FATAL;
+        return PICOKEY_ERR_MEMORY_FATAL;
     }
 
     puk_store[puk_store_entries].copied = copy;
@@ -205,17 +205,17 @@ int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
                                                    &puk_store[puk_store_entries].puk_len);
 
     puk_store_entries++;
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int puk_store_select_chr(const uint8_t *chr) {
     for (int i = 0; i < puk_store_entries; i++) {
         if (memcmp(puk_store[i].chr, chr, puk_store[i].chr_len) == 0) {
             current_puk = &puk_store[i];
-            return CCID_OK;
+            return PICOKEY_OK;
         }
     }
-    return CCID_ERR_FILE_NOT_FOUND;
+    return PICOKEY_ERR_FILE_NOT_FOUND;
 }
 
 void reset_puk_store() {
@@ -261,7 +261,7 @@ int sc_hsm_unload() {
     has_session_pin = has_session_sopin = false;
     isUserAuthenticated = false;
     sm_session_pin_len = 0;
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 uint16_t get_device_options() {
@@ -334,16 +334,16 @@ int parse_ef_dir(const file_t *f, int mode) {
 
 int pin_reset_retries(const file_t *pin, bool force) {
     if (!pin) {
-        return CCID_ERR_NULL_PARAM;
+        return PICOKEY_ERR_NULL_PARAM;
     }
     const file_t *max = search_file(pin->fid + 1);
     const file_t *act = search_file(pin->fid + 2);
     if (!max || !act) {
-        return CCID_ERR_FILE_NOT_FOUND;
+        return PICOKEY_ERR_FILE_NOT_FOUND;
     }
     uint8_t retries = file_read_uint8(act);
     if (retries == 0 && force == false) { // blocked
-        return CCID_ERR_BLOCKED;
+        return PICOKEY_ERR_BLOCKED;
     }
     retries = file_read_uint8(max);
     int r = file_put_data((file_t *) act, &retries, sizeof(retries));
@@ -353,26 +353,26 @@ int pin_reset_retries(const file_t *pin, bool force) {
 
 int pin_wrong_retry(const file_t *pin) {
     if (!pin) {
-        return CCID_ERR_NULL_PARAM;
+        return PICOKEY_ERR_NULL_PARAM;
     }
     const file_t *act = search_file(pin->fid + 2);
     if (!act) {
-        return CCID_ERR_FILE_NOT_FOUND;
+        return PICOKEY_ERR_FILE_NOT_FOUND;
     }
     uint8_t retries = file_read_uint8(act);
     if (retries > 0) {
         retries -= 1;
         int r = file_put_data((file_t *) act, &retries, sizeof(retries));
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return r;
         }
         low_flash_available();
         if (retries == 0) {
-            return CCID_ERR_BLOCKED;
+            return PICOKEY_ERR_BLOCKED;
         }
         return retries;
     }
-    return CCID_ERR_BLOCKED;
+    return PICOKEY_ERR_BLOCKED;
 }
 
 bool pka_enabled() {
@@ -391,7 +391,7 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
     if (is_secured_apdu() && sm_session_pin_len > 0 && pin == file_pin1) {
         if (len == sm_session_pin_len && memcmp(data, sm_session_pin, len) != 0) {
             int retries;
-            if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
+            if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
                 return SW_PIN_BLOCKED();
             }
             return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
@@ -405,17 +405,17 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
         }
         if (memcmp(file_get_data(pin) + 1, dhash, sizeof(dhash)) != 0) {
             int retries;
-            if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
+            if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
                 return SW_PIN_BLOCKED();
             }
             return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
         }
     }
     int r = pin_reset_retries(pin, false);
-    if (r == CCID_ERR_BLOCKED) {
+    if (r == PICOKEY_ERR_BLOCKED) {
         return SW_PIN_BLOCKED();
     }
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return SW_MEMORY_FAILURE();
     }
     if (pka_enabled() == false) {
@@ -552,18 +552,18 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
         memcpy(kdata, key_ctx, key_size);
     }
     else {
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     file_t *fpk = file_new((KEY_PREFIX << 8) | key_id);
     if (!fpk) {
-        return CCID_ERR_MEMORY_FATAL;
+        return PICOKEY_ERR_MEMORY_FATAL;
     }
     r = mkek_encrypt(kdata, key_size);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
     r = file_put_data(fpk, kdata, (uint16_t)key_size);
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return r;
     }
     char key_id_str[4] = {0};
@@ -580,7 +580,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
         }
     }
     low_flash_available();
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int find_and_store_meta_key(uint8_t key_id) {
@@ -614,81 +614,81 @@ int find_and_store_meta_key(uint8_t key_id) {
         int r = meta_add((KEY_PREFIX << 8) | key_id, meta, (uint16_t)meta_size);
         free(meta);
         if (r != 0) {
-            return CCID_EXEC_ERROR;
+            return PICOKEY_EXEC_ERROR;
         }
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
     if (wait_button_pressed() == true) { // timeout
-        return CCID_VERIFICATION_FAILED;
+        return PICOKEY_VERIFICATION_FAILED;
     }
 
     uint16_t key_size = file_get_size(fkey);
     uint8_t kdata[4096 / 8];
     memcpy(kdata, file_get_data(fkey), key_size);
     if (mkek_decrypt(kdata, key_size) != 0) {
-        return CCID_EXEC_ERROR;
+        return PICOKEY_EXEC_ERROR;
     }
     if (mbedtls_mpi_read_binary(&ctx->P, kdata, key_size / 2) != 0) {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
         mbedtls_rsa_free(ctx);
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     if (mbedtls_mpi_read_binary(&ctx->Q, kdata + key_size / 2, key_size / 2) != 0) {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
         mbedtls_rsa_free(ctx);
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     if (mbedtls_mpi_lset(&ctx->E, 0x10001) != 0) {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
         mbedtls_rsa_free(ctx);
-        return CCID_EXEC_ERROR;
+        return PICOKEY_EXEC_ERROR;
     }
     if (mbedtls_rsa_import(ctx, NULL, &ctx->P, &ctx->Q, NULL, &ctx->E) != 0) {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
         mbedtls_rsa_free(ctx);
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     if (mbedtls_rsa_complete(ctx) != 0) {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
         mbedtls_rsa_free(ctx);
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
     if (mbedtls_rsa_check_privkey(ctx) != 0) {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
         mbedtls_rsa_free(ctx);
-        return CCID_WRONG_DATA;
+        return PICOKEY_WRONG_DATA;
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
     if (wait_button_pressed() == true) { // timeout
-        return CCID_VERIFICATION_FAILED;
+        return PICOKEY_VERIFICATION_FAILED;
     }
 
     uint16_t key_size = file_get_size(fkey);
     uint8_t kdata[67]; // Worst case, 521 bit + 1byte
     memcpy(kdata, file_get_data(fkey), key_size);
     if (mkek_decrypt(kdata, key_size) != 0) {
-        return CCID_EXEC_ERROR;
+        return PICOKEY_EXEC_ERROR;
     }
     mbedtls_ecp_group_id gid = kdata[0];
     int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1);
     if (r != 0) {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
         mbedtls_ecdsa_free(ctx);
-        return CCID_EXEC_ERROR;
+        return PICOKEY_EXEC_ERROR;
     }
     mbedtls_platform_zeroize(kdata, sizeof(kdata));
     r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
     if (r != 0) {
         mbedtls_ecdsa_free(ctx);
-        return CCID_EXEC_ERROR;
+        return PICOKEY_EXEC_ERROR;
     }
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 #define INS_VERIFY                  0x20
@@ -754,7 +754,7 @@ static const cmd_t cmds[] = {
 
 int sc_hsm_process_apdu() {
     int r = sm_unwrap();
-    if (r != CCID_OK) {
+    if (r != PICOKEY_OK) {
         return SW_DATA_INVALID();
     }
     for (const cmd_t *cmd = cmds; cmd->ins != 0x00; cmd++) {