refactor(core): Refactor Optiga macros.

[no changelog]

core/embed/prodtest/optiga_prodtest.c

@@ -46,10 +46,10 @@ static optiga_pairing optiga_pairing_state = OPTIGA_PAIRING_UNPAIRED;
 // Data object access conditions.
 static const optiga_metadata_item ACCESS_PAIRED =
     OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_CONF, OID_KEY_PAIRING);
-static const optiga_metadata_item KEY_USE_SIGN = {
-    (const uint8_t[]){OPTIGA_KEY_USAGE_SIGN}, 1};
-static const optiga_metadata_item TYPE_PTFBIND = {
-    (const uint8_t[]){OPTIGA_DATA_TYPE_PTFBIND}, 1};
+static const optiga_metadata_item KEY_USE_SIGN =
+    OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_SIGN);
+static const optiga_metadata_item TYPE_PTFBIND =
+    OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_PTFBIND);
 
 // Identifier of context-specific constructed tag 3, which is used for
 // extensions in X.509.
@@ -514,8 +514,8 @@ void keyfido_write(char *data) {
   // Set change access condition for the FIDO key to Int(0xE0E8), so that we
   // can write the FIDO key using the trust anchor in OID 0xE0E8.
   memzero(&metadata, sizeof(metadata));
-  metadata.change = (const optiga_metadata_item)OPTIGA_ACCESS_CONDITION(
-      OPTIGA_ACCESS_COND_INT, OID_TRUST_ANCHOR);
+  metadata.change =
+      OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_INT, OID_TRUST_ANCHOR);
   metadata.version = OPTIGA_META_VERSION_DEFAULT;
   if (!set_metadata(OID_KEY_FIDO, &metadata)) {
     return;

core/embed/prodtest/optiga_prodtest.h

@@ -24,11 +24,11 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#define OID_CERT_INF OPTIGA_OID_CERT + 0
-#define OID_CERT_DEV OPTIGA_OID_CERT + 1
-#define OID_CERT_FIDO OPTIGA_OID_CERT + 2
-#define OID_KEY_DEV OPTIGA_OID_ECC_KEY + 0
-#define OID_KEY_FIDO OPTIGA_OID_ECC_KEY + 2
+#define OID_CERT_INF (OPTIGA_OID_CERT + 0)
+#define OID_CERT_DEV (OPTIGA_OID_CERT + 1)
+#define OID_CERT_FIDO (OPTIGA_OID_CERT + 2)
+#define OID_KEY_DEV (OPTIGA_OID_ECC_KEY + 0)
+#define OID_KEY_FIDO (OPTIGA_OID_ECC_KEY + 2)
 #define OID_KEY_PAIRING OPTIGA_OID_PTFBIND_SECRET
 #define OID_TRUST_ANCHOR (OPTIGA_OID_CA_CERT + 0)
 

core/embed/prodtest/prodtest_common.c

@@ -45,7 +45,7 @@ void vcp_println(const char *fmt, ...) {
   vcp_puts("\r\n", 2);
 }
 
-void vcp_println_hex(uint8_t *data, uint16_t len) {
+void vcp_println_hex(const uint8_t *data, uint16_t len) {
   for (int i = 0; i < len; i++) {
     vcp_print("%02X", data[i]);
   }

core/embed/prodtest/prodtest_common.h

@@ -28,7 +28,7 @@ enum { VCP_IFACE = 0x00 };
 void vcp_puts(const char *s, size_t len);
 void vcp_print(const char *fmt, ...);
 void vcp_println(const char *fmt, ...);
-void vcp_println_hex(uint8_t *data, uint16_t len);
+void vcp_println_hex(const uint8_t *data, uint16_t len);
 int get_from_hex(uint8_t *buf, uint16_t buf_len, const char *hex);
 
 #endif

core/embed/trezorhal/optiga/optiga.c

@@ -58,10 +58,10 @@ static const uint8_t COUNTER_RESET[] = {0, 0, 0, 0, 0, 0, 0, PIN_MAX_TRIES};
 // 100000 / PIN_STRETCH_ITERATIONS unlock operations.
 static const uint8_t STRETCH_COUNTER_INIT[] = {0, 0, 0, 0, 0, 0x09, 0x27, 0xC0};
 
-static const optiga_metadata_item TYPE_AUTOREF = {
-    (const uint8_t[]){OPTIGA_DATA_TYPE_AUTOREF}, 1};
-static const optiga_metadata_item TYPE_PRESSEC = {
-    (const uint8_t[]){OPTIGA_DATA_TYPE_PRESSEC}, 1};
+static const optiga_metadata_item TYPE_AUTOREF =
+    OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_AUTOREF);
+static const optiga_metadata_item TYPE_PRESSEC =
+    OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_PRESSEC);
 static const optiga_metadata_item ACCESS_STRETCHED_PIN =
     OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_AUTO, OID_STRETCHED_PIN);
 static const optiga_metadata_item ACCESS_PIN_SECRET =

core/embed/trezorhal/optiga/optiga_commands.c

@@ -37,16 +37,16 @@
 static uint8_t tx_buffer[OPTIGA_MAX_APDU_SIZE] = {0};
 static size_t tx_size = 0;
 
-const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL = {
-    (const uint8_t *)"\x07", 1};
-const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS = {
-    (const uint8_t[]){OPTIGA_ACCESS_COND_ALW}, 1};
-const optiga_metadata_item OPTIGA_META_ACCESS_NEVER = {
-    (const uint8_t[]){OPTIGA_ACCESS_COND_NEV}, 1};
-const optiga_metadata_item OPTIGA_META_KEY_USE_ENC = {
-    (const uint8_t[]){OPTIGA_KEY_USAGE_ENC}, 1};
-const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE = {
-    (const uint8_t[]){OPTIGA_KEY_USAGE_KEYAGREE}, 1};
+const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL =
+    OPTIGA_META_VALUE(OPTIGA_LCS_OP);
+const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS =
+    OPTIGA_META_VALUE(OPTIGA_ACCESS_COND_ALW);
+const optiga_metadata_item OPTIGA_META_ACCESS_NEVER =
+    OPTIGA_META_VALUE(OPTIGA_ACCESS_COND_NEV);
+const optiga_metadata_item OPTIGA_META_KEY_USE_ENC =
+    OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_ENC);
+const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE =
+    OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_KEYAGREE);
 const optiga_metadata_item OPTIGA_META_VERSION_DEFAULT = {
     (const uint8_t[]){0x00, 0x00}, 2};
 

core/embed/trezorhal/optiga_commands.h

@@ -105,6 +105,14 @@ typedef enum {
   OPTIGA_ACCESS_COND_NEV = 0xFF,   // Never.
 } optiga_access_cond;
 
+// Life cycle status.
+typedef enum {
+  OPTIGA_LCS_CR = 0x01,  // Creation state.
+  OPTIGA_LCS_IN = 0x03,  // Initialization state.
+  OPTIGA_LCS_OP = 0x07,  // Operational state.
+  OPTIGA_LCS_TE = 0x0f,  // Termination state.
+} optiga_lcs;
+
 typedef struct {
   const uint8_t *ptr;
   uint16_t len;
@@ -132,8 +140,14 @@ typedef struct {
 #define OPTIGA_RANDOM_MAX_SIZE 256
 #define OPTIGA_MAX_CERT_SIZE 1728
 
-#define OPTIGA_ACCESS_CONDITION(ac_id, oid) \
-  { (const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 }
+#define OPTIGA_ACCESS_CONDITION(ac_id, oid)           \
+  (const optiga_metadata_item) {                      \
+    (const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 \
+  }
+
+// Single-byte value of optiga_metadata_item.
+#define OPTIGA_META_VALUE(val) \
+  (const optiga_metadata_item) { (const uint8_t[]){val}, 1 }
 
 // Commonly used data object access conditions.
 extern const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL;