1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 22:38:08 +00:00

refactor(core): Add "META" to metadate-related Optiga constants.

[no changelog]
This commit is contained in:
Andrew Kozlik 2023-09-15 10:40:46 +02:00 committed by Andrew Kozlik
parent 292389bc1d
commit 6ca1182d85
3 changed files with 43 additions and 43 deletions

View File

@ -112,8 +112,8 @@ void pair_optiga(void) {
// Enable writing the pairing secret to OPTIGA. // Enable writing the pairing secret to OPTIGA.
optiga_metadata metadata = {0}; optiga_metadata metadata = {0};
metadata.change = OPTIGA_ACCESS_ALWAYS; metadata.change = OPTIGA_META_ACCESS_ALWAYS;
metadata.execute = OPTIGA_ACCESS_ALWAYS; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
metadata.data_type = TYPE_PTFBIND; metadata.data_type = TYPE_PTFBIND;
set_metadata(OID_KEY_PAIRING, &metadata); // Ignore result. set_metadata(OID_KEY_PAIRING, &metadata); // Ignore result.
@ -169,29 +169,29 @@ void optiga_lock(void) {
// Set metadata for device certificate. // Set metadata for device certificate.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL; metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_ALWAYS; metadata.read = OPTIGA_META_ACCESS_ALWAYS;
metadata.execute = OPTIGA_ACCESS_ALWAYS; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
if (!set_metadata(OID_CERT_DEV, &metadata)) { if (!set_metadata(OID_CERT_DEV, &metadata)) {
return; return;
} }
// Set metadata for FIDO attestation certificate. // Set metadata for FIDO attestation certificate.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL; metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_ALWAYS; metadata.read = OPTIGA_META_ACCESS_ALWAYS;
metadata.execute = OPTIGA_ACCESS_ALWAYS; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
if (!set_metadata(OID_CERT_FIDO, &metadata)) { if (!set_metadata(OID_CERT_FIDO, &metadata)) {
return; return;
} }
// Set metadata for device private key. // Set metadata for device private key.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL; metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_NEVER; metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = ACCESS_PAIRED; metadata.execute = ACCESS_PAIRED;
metadata.key_usage = KEY_USE_SIGN; metadata.key_usage = KEY_USE_SIGN;
if (!set_metadata(OID_KEY_DEV, &metadata)) { if (!set_metadata(OID_KEY_DEV, &metadata)) {
@ -200,9 +200,9 @@ void optiga_lock(void) {
// Set metadata for FIDO attestation private key. // Set metadata for FIDO attestation private key.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL; metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_NEVER; metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = ACCESS_PAIRED; metadata.execute = ACCESS_PAIRED;
metadata.key_usage = KEY_USE_SIGN; metadata.key_usage = KEY_USE_SIGN;
if (!set_metadata(OID_KEY_FIDO, &metadata)) { if (!set_metadata(OID_KEY_FIDO, &metadata)) {
@ -211,10 +211,10 @@ void optiga_lock(void) {
// Set metadata for pairing key. // Set metadata for pairing key.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL; metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_NEVER; metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = OPTIGA_ACCESS_ALWAYS; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
metadata.data_type = TYPE_PTFBIND; metadata.data_type = TYPE_PTFBIND;
if (!set_metadata(OID_KEY_PAIRING, &metadata)) { if (!set_metadata(OID_KEY_PAIRING, &metadata)) {
return; return;
@ -230,7 +230,7 @@ optiga_locked_status get_optiga_locked_status(void) {
OID_KEY_FIDO, OID_KEY_PAIRING}; OID_KEY_FIDO, OID_KEY_PAIRING};
optiga_metadata locked_metadata = {0}; optiga_metadata locked_metadata = {0};
locked_metadata.lcso = OPTIGA_LCS_OPERATIONAL; locked_metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
for (size_t i = 0; i < sizeof(oids) / sizeof(oids[0]); ++i) { for (size_t i = 0; i < sizeof(oids) / sizeof(oids[0]); ++i) {
uint8_t metadata_buffer[OPTIGA_MAX_METADATA_SIZE] = {0}; uint8_t metadata_buffer[OPTIGA_MAX_METADATA_SIZE] = {0};
size_t metadata_size = 0; size_t metadata_size = 0;
@ -334,7 +334,7 @@ void cert_write(uint16_t oid, char *data) {
// Enable writing to the certificate slot. // Enable writing to the certificate slot.
optiga_metadata metadata = {0}; optiga_metadata metadata = {0};
metadata.change = OPTIGA_ACCESS_ALWAYS; metadata.change = OPTIGA_META_ACCESS_ALWAYS;
set_metadata(oid, &metadata); // Ignore result. set_metadata(oid, &metadata); // Ignore result.
uint8_t data_bytes[1024]; uint8_t data_bytes[1024];
@ -360,10 +360,8 @@ void pubkey_read(uint16_t oid) {
// Enable key agreement usage. // Enable key agreement usage.
optiga_metadata metadata = {0}; optiga_metadata metadata = {0};
uint8_t key_usage = OPTIGA_KEY_USAGE_KEYAGREE; metadata.key_usage = OPTIGA_META_KEY_USE_KEYAGREE;
metadata.key_usage.ptr = &key_usage; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
metadata.key_usage.len = 1;
metadata.execute = OPTIGA_ACCESS_ALWAYS;
if (!set_metadata(oid, &metadata)) { if (!set_metadata(oid, &metadata)) {
return; return;
@ -402,10 +400,8 @@ void keyfido_write(char *data) {
// Enable key agreement usage for device key. // Enable key agreement usage for device key.
optiga_metadata metadata = {0}; optiga_metadata metadata = {0};
uint8_t key_usage = OPTIGA_KEY_USAGE_KEYAGREE; metadata.key_usage = OPTIGA_META_KEY_USE_KEYAGREE;
metadata.key_usage.ptr = &key_usage; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
metadata.key_usage.len = 1;
metadata.execute = OPTIGA_ACCESS_ALWAYS;
if (!set_metadata(OID_KEY_DEV, &metadata)) { if (!set_metadata(OID_KEY_DEV, &metadata)) {
return; return;

View File

@ -36,13 +36,15 @@
static uint8_t tx_buffer[OPTIGA_MAX_APDU_SIZE] = {0}; static uint8_t tx_buffer[OPTIGA_MAX_APDU_SIZE] = {0};
static size_t tx_size = 0; static size_t tx_size = 0;
const optiga_metadata_item OPTIGA_LCS_OPERATIONAL = {(const uint8_t *)"\x07", const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL = {
1}; (const uint8_t *)"\x07", 1};
const optiga_metadata_item OPTIGA_ACCESS_ALWAYS = { const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS = {
(const uint8_t[]){OPTIGA_ACCESS_COND_ALW}, 1}; (const uint8_t[]){OPTIGA_ACCESS_COND_ALW}, 1};
const optiga_metadata_item OPTIGA_ACCESS_NEVER = { const optiga_metadata_item OPTIGA_META_ACCESS_NEVER = {
(const uint8_t[]){OPTIGA_ACCESS_COND_NEV}, 1}; (const uint8_t[]){OPTIGA_ACCESS_COND_NEV}, 1};
const optiga_metadata_item OPTIGA_VERSION_DEFAULT = { const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE = {
(const uint8_t[]){OPTIGA_KEY_USAGE_KEYAGREE}, 1};
static const optiga_metadata_item OPTIGA_META_VERSION_DEFAULT = {
(const uint8_t *)"\xC1\x02\x00\x00", 4}; (const uint8_t *)"\xC1\x02\x00\x00", 4};
static optiga_result process_output_fixedlen(uint8_t *data, size_t data_size) { static optiga_result process_output_fixedlen(uint8_t *data, size_t data_size) {
@ -113,13 +115,13 @@ static const struct {
uint8_t tag; uint8_t tag;
const optiga_metadata_item *default_value; const optiga_metadata_item *default_value;
} METADATA_OFFSET_TAG_MAP[] = { } METADATA_OFFSET_TAG_MAP[] = {
{offsetof(optiga_metadata, lcso), 0xC0, &OPTIGA_LCS_OPERATIONAL}, {offsetof(optiga_metadata, lcso), 0xC0, &OPTIGA_META_LCS_OPERATIONAL},
{offsetof(optiga_metadata, version), 0xC1, &OPTIGA_VERSION_DEFAULT}, {offsetof(optiga_metadata, version), 0xC1, &OPTIGA_META_VERSION_DEFAULT},
{offsetof(optiga_metadata, max_size), 0xC4, NULL}, {offsetof(optiga_metadata, max_size), 0xC4, NULL},
{offsetof(optiga_metadata, used_size), 0xC5, NULL}, {offsetof(optiga_metadata, used_size), 0xC5, NULL},
{offsetof(optiga_metadata, change), 0xD0, &OPTIGA_ACCESS_NEVER}, {offsetof(optiga_metadata, change), 0xD0, &OPTIGA_META_ACCESS_NEVER},
{offsetof(optiga_metadata, read), 0xD1, &OPTIGA_ACCESS_NEVER}, {offsetof(optiga_metadata, read), 0xD1, &OPTIGA_META_ACCESS_NEVER},
{offsetof(optiga_metadata, execute), 0xD3, &OPTIGA_ACCESS_NEVER}, {offsetof(optiga_metadata, execute), 0xD3, &OPTIGA_META_ACCESS_NEVER},
{offsetof(optiga_metadata, meta_update), 0xD8, NULL}, {offsetof(optiga_metadata, meta_update), 0xD8, NULL},
{offsetof(optiga_metadata, algorithm), 0xE0, NULL}, {offsetof(optiga_metadata, algorithm), 0xE0, NULL},
{offsetof(optiga_metadata, key_usage), 0xE1, NULL}, {offsetof(optiga_metadata, key_usage), 0xE1, NULL},

View File

@ -131,9 +131,11 @@ typedef struct {
#define OPTIGA_ACCESS_CONDITION(ac_id, oid) \ #define OPTIGA_ACCESS_CONDITION(ac_id, oid) \
{ (const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 } { (const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 }
extern const optiga_metadata_item OPTIGA_LCS_OPERATIONAL; // Commonly used data object access conditions.
extern const optiga_metadata_item OPTIGA_ACCESS_ALWAYS; extern const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL;
extern const optiga_metadata_item OPTIGA_ACCESS_NEVER; extern const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS;
extern const optiga_metadata_item OPTIGA_META_ACCESS_NEVER;
extern const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE;
optiga_result optiga_parse_metadata(const uint8_t *serialized, optiga_result optiga_parse_metadata(const uint8_t *serialized,
size_t serialized_size, size_t serialized_size,