mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-18 20:38:10 +00:00
refactor(core): Refactor Optiga macros.
[no changelog]
This commit is contained in:
parent
9a5e9b25c7
commit
182a9b1ce8
@ -55,10 +55,10 @@ static optiga_pairing optiga_pairing_state = OPTIGA_PAIRING_UNPAIRED;
|
||||
// Data object access conditions.
|
||||
static const optiga_metadata_item ACCESS_PAIRED =
|
||||
OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_CONF, OID_KEY_PAIRING);
|
||||
static const optiga_metadata_item KEY_USE_SIGN = {
|
||||
(const uint8_t[]){OPTIGA_KEY_USAGE_SIGN}, 1};
|
||||
static const optiga_metadata_item TYPE_PTFBIND = {
|
||||
(const uint8_t[]){OPTIGA_DATA_TYPE_PTFBIND}, 1};
|
||||
static const optiga_metadata_item KEY_USE_SIGN =
|
||||
OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_SIGN);
|
||||
static const optiga_metadata_item TYPE_PTFBIND =
|
||||
OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_PTFBIND);
|
||||
|
||||
// Identifier of context-specific constructed tag 3, which is used for
|
||||
// extensions in X.509.
|
||||
@ -539,8 +539,8 @@ void keyfido_write(char *data) {
|
||||
// Set change access condition for the FIDO key to Int(0xE0E8), so that we
|
||||
// can write the FIDO key using the trust anchor in OID 0xE0E8.
|
||||
memzero(&metadata, sizeof(metadata));
|
||||
metadata.change = (const optiga_metadata_item)OPTIGA_ACCESS_CONDITION(
|
||||
OPTIGA_ACCESS_COND_INT, OID_TRUST_ANCHOR);
|
||||
metadata.change =
|
||||
OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_INT, OID_TRUST_ANCHOR);
|
||||
metadata.version = OPTIGA_META_VERSION_DEFAULT;
|
||||
if (!set_metadata(OID_KEY_FIDO, &metadata)) {
|
||||
return;
|
||||
|
@ -24,11 +24,11 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define OID_CERT_INF OPTIGA_OID_CERT + 0
|
||||
#define OID_CERT_DEV OPTIGA_OID_CERT + 1
|
||||
#define OID_CERT_FIDO OPTIGA_OID_CERT + 2
|
||||
#define OID_KEY_DEV OPTIGA_OID_ECC_KEY + 0
|
||||
#define OID_KEY_FIDO OPTIGA_OID_ECC_KEY + 2
|
||||
#define OID_CERT_INF (OPTIGA_OID_CERT + 0)
|
||||
#define OID_CERT_DEV (OPTIGA_OID_CERT + 1)
|
||||
#define OID_CERT_FIDO (OPTIGA_OID_CERT + 2)
|
||||
#define OID_KEY_DEV (OPTIGA_OID_ECC_KEY + 0)
|
||||
#define OID_KEY_FIDO (OPTIGA_OID_ECC_KEY + 2)
|
||||
#define OID_KEY_PAIRING OPTIGA_OID_PTFBIND_SECRET
|
||||
#define OID_TRUST_ANCHOR (OPTIGA_OID_CA_CERT + 0)
|
||||
|
||||
|
@ -45,7 +45,7 @@ void vcp_println(const char *fmt, ...) {
|
||||
vcp_puts("\r\n", 2);
|
||||
}
|
||||
|
||||
void vcp_println_hex(uint8_t *data, uint16_t len) {
|
||||
void vcp_println_hex(const uint8_t *data, uint16_t len) {
|
||||
for (int i = 0; i < len; i++) {
|
||||
vcp_print("%02X", data[i]);
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ enum { VCP_IFACE = 0x00 };
|
||||
void vcp_puts(const char *s, size_t len);
|
||||
void vcp_print(const char *fmt, ...);
|
||||
void vcp_println(const char *fmt, ...);
|
||||
void vcp_println_hex(uint8_t *data, uint16_t len);
|
||||
void vcp_println_hex(const uint8_t *data, uint16_t len);
|
||||
int get_from_hex(uint8_t *buf, uint16_t buf_len, const char *hex);
|
||||
|
||||
#endif
|
||||
|
@ -58,10 +58,10 @@ static const uint8_t COUNTER_RESET[] = {0, 0, 0, 0, 0, 0, 0, PIN_MAX_TRIES};
|
||||
// 100000 / PIN_STRETCH_ITERATIONS unlock operations.
|
||||
static const uint8_t STRETCH_COUNTER_INIT[] = {0, 0, 0, 0, 0, 0x09, 0x27, 0xC0};
|
||||
|
||||
static const optiga_metadata_item TYPE_AUTOREF = {
|
||||
(const uint8_t[]){OPTIGA_DATA_TYPE_AUTOREF}, 1};
|
||||
static const optiga_metadata_item TYPE_PRESSEC = {
|
||||
(const uint8_t[]){OPTIGA_DATA_TYPE_PRESSEC}, 1};
|
||||
static const optiga_metadata_item TYPE_AUTOREF =
|
||||
OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_AUTOREF);
|
||||
static const optiga_metadata_item TYPE_PRESSEC =
|
||||
OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_PRESSEC);
|
||||
static const optiga_metadata_item ACCESS_STRETCHED_PIN =
|
||||
OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_AUTO, OID_STRETCHED_PIN);
|
||||
static const optiga_metadata_item ACCESS_PIN_SECRET =
|
||||
|
@ -37,16 +37,16 @@
|
||||
static uint8_t tx_buffer[OPTIGA_MAX_APDU_SIZE] = {0};
|
||||
static size_t tx_size = 0;
|
||||
|
||||
const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL = {
|
||||
(const uint8_t *)"\x07", 1};
|
||||
const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS = {
|
||||
(const uint8_t[]){OPTIGA_ACCESS_COND_ALW}, 1};
|
||||
const optiga_metadata_item OPTIGA_META_ACCESS_NEVER = {
|
||||
(const uint8_t[]){OPTIGA_ACCESS_COND_NEV}, 1};
|
||||
const optiga_metadata_item OPTIGA_META_KEY_USE_ENC = {
|
||||
(const uint8_t[]){OPTIGA_KEY_USAGE_ENC}, 1};
|
||||
const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE = {
|
||||
(const uint8_t[]){OPTIGA_KEY_USAGE_KEYAGREE}, 1};
|
||||
const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL =
|
||||
OPTIGA_META_VALUE(OPTIGA_LCS_OP);
|
||||
const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS =
|
||||
OPTIGA_META_VALUE(OPTIGA_ACCESS_COND_ALW);
|
||||
const optiga_metadata_item OPTIGA_META_ACCESS_NEVER =
|
||||
OPTIGA_META_VALUE(OPTIGA_ACCESS_COND_NEV);
|
||||
const optiga_metadata_item OPTIGA_META_KEY_USE_ENC =
|
||||
OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_ENC);
|
||||
const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE =
|
||||
OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_KEYAGREE);
|
||||
const optiga_metadata_item OPTIGA_META_VERSION_DEFAULT = {
|
||||
(const uint8_t[]){0x00, 0x00}, 2};
|
||||
|
||||
|
@ -105,6 +105,14 @@ typedef enum {
|
||||
OPTIGA_ACCESS_COND_NEV = 0xFF, // Never.
|
||||
} optiga_access_cond;
|
||||
|
||||
// Life cycle status.
|
||||
typedef enum {
|
||||
OPTIGA_LCS_CR = 0x01, // Creation state.
|
||||
OPTIGA_LCS_IN = 0x03, // Initialization state.
|
||||
OPTIGA_LCS_OP = 0x07, // Operational state.
|
||||
OPTIGA_LCS_TE = 0x0f, // Termination state.
|
||||
} optiga_lcs;
|
||||
|
||||
typedef struct {
|
||||
const uint8_t *ptr;
|
||||
uint16_t len;
|
||||
@ -132,8 +140,14 @@ typedef struct {
|
||||
#define OPTIGA_RANDOM_MAX_SIZE 256
|
||||
#define OPTIGA_MAX_CERT_SIZE 1728
|
||||
|
||||
#define OPTIGA_ACCESS_CONDITION(ac_id, oid) \
|
||||
{ (const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 }
|
||||
#define OPTIGA_ACCESS_CONDITION(ac_id, oid) \
|
||||
(const optiga_metadata_item) { \
|
||||
(const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 \
|
||||
}
|
||||
|
||||
// Single-byte value of optiga_metadata_item.
|
||||
#define OPTIGA_META_VALUE(val) \
|
||||
(const optiga_metadata_item) { (const uint8_t[]){val}, 1 }
|
||||
|
||||
// Commonly used data object access conditions.
|
||||
extern const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL;
|
||||
|
Loading…
Reference in New Issue
Block a user