From 273974f8e1a9beaf13579f590a7b8d1461456518 Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Fri, 13 Oct 2023 13:09:38 +0200 Subject: [PATCH] refactor(core): Refactor Optiga macros. [no changelog] --- core/embed/prodtest/optiga_prodtest.c | 12 +++++------ core/embed/prodtest/optiga_prodtest.h | 10 +++++----- core/embed/prodtest/prodtest_common.c | 2 +- core/embed/prodtest/prodtest_common.h | 2 +- core/embed/trezorhal/optiga/optiga.c | 8 ++++---- core/embed/trezorhal/optiga/optiga_commands.c | 20 +++++++++---------- core/embed/trezorhal/optiga_commands.h | 18 +++++++++++++++-- 7 files changed, 43 insertions(+), 29 deletions(-) diff --git a/core/embed/prodtest/optiga_prodtest.c b/core/embed/prodtest/optiga_prodtest.c index 87e45317e..7a3d69699 100644 --- a/core/embed/prodtest/optiga_prodtest.c +++ b/core/embed/prodtest/optiga_prodtest.c @@ -46,10 +46,10 @@ static optiga_pairing optiga_pairing_state = OPTIGA_PAIRING_UNPAIRED; // Data object access conditions. static const optiga_metadata_item ACCESS_PAIRED = OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_CONF, OID_KEY_PAIRING); -static const optiga_metadata_item KEY_USE_SIGN = { - (const uint8_t[]){OPTIGA_KEY_USAGE_SIGN}, 1}; -static const optiga_metadata_item TYPE_PTFBIND = { - (const uint8_t[]){OPTIGA_DATA_TYPE_PTFBIND}, 1}; +static const optiga_metadata_item KEY_USE_SIGN = + OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_SIGN); +static const optiga_metadata_item TYPE_PTFBIND = + OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_PTFBIND); // Identifier of context-specific constructed tag 3, which is used for // extensions in X.509. @@ -514,8 +514,8 @@ void keyfido_write(char *data) { // Set change access condition for the FIDO key to Int(0xE0E8), so that we // can write the FIDO key using the trust anchor in OID 0xE0E8. memzero(&metadata, sizeof(metadata)); - metadata.change = (const optiga_metadata_item)OPTIGA_ACCESS_CONDITION( - OPTIGA_ACCESS_COND_INT, OID_TRUST_ANCHOR); + metadata.change = + OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_INT, OID_TRUST_ANCHOR); metadata.version = OPTIGA_META_VERSION_DEFAULT; if (!set_metadata(OID_KEY_FIDO, &metadata)) { return; diff --git a/core/embed/prodtest/optiga_prodtest.h b/core/embed/prodtest/optiga_prodtest.h index a378ba343..375d642f0 100644 --- a/core/embed/prodtest/optiga_prodtest.h +++ b/core/embed/prodtest/optiga_prodtest.h @@ -24,11 +24,11 @@ #include #include -#define OID_CERT_INF OPTIGA_OID_CERT + 0 -#define OID_CERT_DEV OPTIGA_OID_CERT + 1 -#define OID_CERT_FIDO OPTIGA_OID_CERT + 2 -#define OID_KEY_DEV OPTIGA_OID_ECC_KEY + 0 -#define OID_KEY_FIDO OPTIGA_OID_ECC_KEY + 2 +#define OID_CERT_INF (OPTIGA_OID_CERT + 0) +#define OID_CERT_DEV (OPTIGA_OID_CERT + 1) +#define OID_CERT_FIDO (OPTIGA_OID_CERT + 2) +#define OID_KEY_DEV (OPTIGA_OID_ECC_KEY + 0) +#define OID_KEY_FIDO (OPTIGA_OID_ECC_KEY + 2) #define OID_KEY_PAIRING OPTIGA_OID_PTFBIND_SECRET #define OID_TRUST_ANCHOR (OPTIGA_OID_CA_CERT + 0) diff --git a/core/embed/prodtest/prodtest_common.c b/core/embed/prodtest/prodtest_common.c index a56607a0c..9b9fbb93d 100644 --- a/core/embed/prodtest/prodtest_common.c +++ b/core/embed/prodtest/prodtest_common.c @@ -45,7 +45,7 @@ void vcp_println(const char *fmt, ...) { vcp_puts("\r\n", 2); } -void vcp_println_hex(uint8_t *data, uint16_t len) { +void vcp_println_hex(const uint8_t *data, uint16_t len) { for (int i = 0; i < len; i++) { vcp_print("%02X", data[i]); } diff --git a/core/embed/prodtest/prodtest_common.h b/core/embed/prodtest/prodtest_common.h index bd0f33747..221e16cd6 100644 --- a/core/embed/prodtest/prodtest_common.h +++ b/core/embed/prodtest/prodtest_common.h @@ -28,7 +28,7 @@ enum { VCP_IFACE = 0x00 }; void vcp_puts(const char *s, size_t len); void vcp_print(const char *fmt, ...); void vcp_println(const char *fmt, ...); -void vcp_println_hex(uint8_t *data, uint16_t len); +void vcp_println_hex(const uint8_t *data, uint16_t len); int get_from_hex(uint8_t *buf, uint16_t buf_len, const char *hex); #endif diff --git a/core/embed/trezorhal/optiga/optiga.c b/core/embed/trezorhal/optiga/optiga.c index aa03b9866..9d00f0f43 100644 --- a/core/embed/trezorhal/optiga/optiga.c +++ b/core/embed/trezorhal/optiga/optiga.c @@ -58,10 +58,10 @@ static const uint8_t COUNTER_RESET[] = {0, 0, 0, 0, 0, 0, 0, PIN_MAX_TRIES}; // 100000 / PIN_STRETCH_ITERATIONS unlock operations. static const uint8_t STRETCH_COUNTER_INIT[] = {0, 0, 0, 0, 0, 0x09, 0x27, 0xC0}; -static const optiga_metadata_item TYPE_AUTOREF = { - (const uint8_t[]){OPTIGA_DATA_TYPE_AUTOREF}, 1}; -static const optiga_metadata_item TYPE_PRESSEC = { - (const uint8_t[]){OPTIGA_DATA_TYPE_PRESSEC}, 1}; +static const optiga_metadata_item TYPE_AUTOREF = + OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_AUTOREF); +static const optiga_metadata_item TYPE_PRESSEC = + OPTIGA_META_VALUE(OPTIGA_DATA_TYPE_PRESSEC); static const optiga_metadata_item ACCESS_STRETCHED_PIN = OPTIGA_ACCESS_CONDITION(OPTIGA_ACCESS_COND_AUTO, OID_STRETCHED_PIN); static const optiga_metadata_item ACCESS_PIN_SECRET = diff --git a/core/embed/trezorhal/optiga/optiga_commands.c b/core/embed/trezorhal/optiga/optiga_commands.c index 604241e66..3884dd6a7 100644 --- a/core/embed/trezorhal/optiga/optiga_commands.c +++ b/core/embed/trezorhal/optiga/optiga_commands.c @@ -37,16 +37,16 @@ static uint8_t tx_buffer[OPTIGA_MAX_APDU_SIZE] = {0}; static size_t tx_size = 0; -const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL = { - (const uint8_t *)"\x07", 1}; -const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS = { - (const uint8_t[]){OPTIGA_ACCESS_COND_ALW}, 1}; -const optiga_metadata_item OPTIGA_META_ACCESS_NEVER = { - (const uint8_t[]){OPTIGA_ACCESS_COND_NEV}, 1}; -const optiga_metadata_item OPTIGA_META_KEY_USE_ENC = { - (const uint8_t[]){OPTIGA_KEY_USAGE_ENC}, 1}; -const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE = { - (const uint8_t[]){OPTIGA_KEY_USAGE_KEYAGREE}, 1}; +const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL = + OPTIGA_META_VALUE(OPTIGA_LCS_OP); +const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS = + OPTIGA_META_VALUE(OPTIGA_ACCESS_COND_ALW); +const optiga_metadata_item OPTIGA_META_ACCESS_NEVER = + OPTIGA_META_VALUE(OPTIGA_ACCESS_COND_NEV); +const optiga_metadata_item OPTIGA_META_KEY_USE_ENC = + OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_ENC); +const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE = + OPTIGA_META_VALUE(OPTIGA_KEY_USAGE_KEYAGREE); const optiga_metadata_item OPTIGA_META_VERSION_DEFAULT = { (const uint8_t[]){0x00, 0x00}, 2}; diff --git a/core/embed/trezorhal/optiga_commands.h b/core/embed/trezorhal/optiga_commands.h index f7df9e568..57a5bb174 100644 --- a/core/embed/trezorhal/optiga_commands.h +++ b/core/embed/trezorhal/optiga_commands.h @@ -105,6 +105,14 @@ typedef enum { OPTIGA_ACCESS_COND_NEV = 0xFF, // Never. } optiga_access_cond; +// Life cycle status. +typedef enum { + OPTIGA_LCS_CR = 0x01, // Creation state. + OPTIGA_LCS_IN = 0x03, // Initialization state. + OPTIGA_LCS_OP = 0x07, // Operational state. + OPTIGA_LCS_TE = 0x0f, // Termination state. +} optiga_lcs; + typedef struct { const uint8_t *ptr; uint16_t len; @@ -132,8 +140,14 @@ typedef struct { #define OPTIGA_RANDOM_MAX_SIZE 256 #define OPTIGA_MAX_CERT_SIZE 1728 -#define OPTIGA_ACCESS_CONDITION(ac_id, oid) \ - { (const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 } +#define OPTIGA_ACCESS_CONDITION(ac_id, oid) \ + (const optiga_metadata_item) { \ + (const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 \ + } + +// Single-byte value of optiga_metadata_item. +#define OPTIGA_META_VALUE(val) \ + (const optiga_metadata_item) { (const uint8_t[]){val}, 1 } // Commonly used data object access conditions. extern const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL;