arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 14:28:07 +00:00
Code Issues Releases Wiki Activity

refactor(core): Add "META" to metadate-related Optiga constants.

Browse Source 
[no changelog]
This commit is contained in:
Andrew Kozlik 2023-09-15 10:40:46 +02:00 committed by Andrew Kozlik
parent 292389bc1d
commit 6ca1182d85
3 changed files with 43 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
core/embed/prodtest/optiga_prodtest.c
View File

@ -112,8 +112,8 @@ void pair_optiga(void) {
// Enable writing the pairing secret to OPTIGA.
optiga_metadata metadata = {0};
metadata.change = OPTIGA_ACCESS_ALWAYS;
metadata.execute = OPTIGA_ACCESS_ALWAYS;
metadata.change = OPTIGA_META_ACCESS_ALWAYS;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
metadata.data_type = TYPE_PTFBIND;
set_metadata(OID_KEY_PAIRING, &metadata); // Ignore result.
@ -169,29 +169,29 @@ void optiga_lock(void) {
// Set metadata for device certificate.
memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_ALWAYS;
metadata.execute = OPTIGA_ACCESS_ALWAYS;
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_ALWAYS;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
if (!set_metadata(OID_CERT_DEV, &metadata)) {
return;
}
// Set metadata for FIDO attestation certificate.
memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_ALWAYS;
metadata.execute = OPTIGA_ACCESS_ALWAYS;
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_ALWAYS;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
if (!set_metadata(OID_CERT_FIDO, &metadata)) {
return;
}
// Set metadata for device private key.
memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_NEVER;
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = ACCESS_PAIRED;
metadata.key_usage = KEY_USE_SIGN;
if (!set_metadata(OID_KEY_DEV, &metadata)) {
@ -200,9 +200,9 @@ void optiga_lock(void) {
// Set metadata for FIDO attestation private key.
memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_NEVER;
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = ACCESS_PAIRED;
metadata.key_usage = KEY_USE_SIGN;
if (!set_metadata(OID_KEY_FIDO, &metadata)) {
@ -211,10 +211,10 @@ void optiga_lock(void) {
// Set metadata for pairing key.
memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_LCS_OPERATIONAL;
metadata.change = OPTIGA_ACCESS_NEVER;
metadata.read = OPTIGA_ACCESS_NEVER;
metadata.execute = OPTIGA_ACCESS_ALWAYS;
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
metadata.data_type = TYPE_PTFBIND;
if (!set_metadata(OID_KEY_PAIRING, &metadata)) {
return;
@ -230,7 +230,7 @@ optiga_locked_status get_optiga_locked_status(void) {
OID_KEY_FIDO, OID_KEY_PAIRING};
optiga_metadata locked_metadata = {0};
locked_metadata.lcso = OPTIGA_LCS_OPERATIONAL;
locked_metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
for (size_t i = 0; i < sizeof(oids) / sizeof(oids[0]); ++i) {
uint8_t metadata_buffer[OPTIGA_MAX_METADATA_SIZE] = {0};
size_t metadata_size = 0;
@ -334,7 +334,7 @@ void cert_write(uint16_t oid, char *data) {
// Enable writing to the certificate slot.
optiga_metadata metadata = {0};
metadata.change = OPTIGA_ACCESS_ALWAYS;
metadata.change = OPTIGA_META_ACCESS_ALWAYS;
set_metadata(oid, &metadata); // Ignore result.
uint8_t data_bytes[1024];
@ -360,10 +360,8 @@ void pubkey_read(uint16_t oid) {
// Enable key agreement usage.
optiga_metadata metadata = {0};
uint8_t key_usage = OPTIGA_KEY_USAGE_KEYAGREE;
metadata.key_usage.ptr = &key_usage;
metadata.key_usage.len = 1;
metadata.execute = OPTIGA_ACCESS_ALWAYS;
metadata.key_usage = OPTIGA_META_KEY_USE_KEYAGREE;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
if (!set_metadata(oid, &metadata)) {
return;
@ -402,10 +400,8 @@ void keyfido_write(char *data) {
// Enable key agreement usage for device key.
optiga_metadata metadata = {0};
uint8_t key_usage = OPTIGA_KEY_USAGE_KEYAGREE;
metadata.key_usage.ptr = &key_usage;
metadata.key_usage.len = 1;
metadata.execute = OPTIGA_ACCESS_ALWAYS;
metadata.key_usage = OPTIGA_META_KEY_USE_KEYAGREE;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
if (!set_metadata(OID_KEY_DEV, &metadata)) {
return;

22
core/embed/trezorhal/optiga/optiga_commands.c
View File

@ -36,13 +36,15 @@
static uint8_t tx_buffer[OPTIGA_MAX_APDU_SIZE] = {0};
static size_t tx_size = 0;
const optiga_metadata_item OPTIGA_LCS_OPERATIONAL = {(const uint8_t *)"\x07",
1};
const optiga_metadata_item OPTIGA_ACCESS_ALWAYS = {
const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL = {
(const uint8_t *)"\x07", 1};
const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS = {
(const uint8_t[]){OPTIGA_ACCESS_COND_ALW}, 1};
const optiga_metadata_item OPTIGA_ACCESS_NEVER = {
const optiga_metadata_item OPTIGA_META_ACCESS_NEVER = {
(const uint8_t[]){OPTIGA_ACCESS_COND_NEV}, 1};
const optiga_metadata_item OPTIGA_VERSION_DEFAULT = {
const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE = {
(const uint8_t[]){OPTIGA_KEY_USAGE_KEYAGREE}, 1};
static const optiga_metadata_item OPTIGA_META_VERSION_DEFAULT = {
(const uint8_t *)"\xC1\x02\x00\x00", 4};
static optiga_result process_output_fixedlen(uint8_t *data, size_t data_size) {
@ -113,13 +115,13 @@ static const struct {
uint8_t tag;
const optiga_metadata_item *default_value;
} METADATA_OFFSET_TAG_MAP[] = {
{offsetof(optiga_metadata, lcso), 0xC0, &OPTIGA_LCS_OPERATIONAL},
{offsetof(optiga_metadata, version), 0xC1, &OPTIGA_VERSION_DEFAULT},
{offsetof(optiga_metadata, lcso), 0xC0, &OPTIGA_META_LCS_OPERATIONAL},
{offsetof(optiga_metadata, version), 0xC1, &OPTIGA_META_VERSION_DEFAULT},
{offsetof(optiga_metadata, max_size), 0xC4, NULL},
{offsetof(optiga_metadata, used_size), 0xC5, NULL},
{offsetof(optiga_metadata, change), 0xD0, &OPTIGA_ACCESS_NEVER},
{offsetof(optiga_metadata, read), 0xD1, &OPTIGA_ACCESS_NEVER},
{offsetof(optiga_metadata, execute), 0xD3, &OPTIGA_ACCESS_NEVER},
{offsetof(optiga_metadata, change), 0xD0, &OPTIGA_META_ACCESS_NEVER},
{offsetof(optiga_metadata, read), 0xD1, &OPTIGA_META_ACCESS_NEVER},
{offsetof(optiga_metadata, execute), 0xD3, &OPTIGA_META_ACCESS_NEVER},
{offsetof(optiga_metadata, meta_update), 0xD8, NULL},
{offsetof(optiga_metadata, algorithm), 0xE0, NULL},
{offsetof(optiga_metadata, key_usage), 0xE1, NULL},

8
core/embed/trezorhal/optiga_commands.h
View File

@ -131,9 +131,11 @@ typedef struct {
#define OPTIGA_ACCESS_CONDITION(ac_id, oid) \
{ (const uint8_t[]){ac_id, oid >> 8, oid & 0xff}, 3 }
extern const optiga_metadata_item OPTIGA_LCS_OPERATIONAL;
extern const optiga_metadata_item OPTIGA_ACCESS_ALWAYS;
extern const optiga_metadata_item OPTIGA_ACCESS_NEVER;
// Commonly used data object access conditions.
extern const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL;
extern const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS;
extern const optiga_metadata_item OPTIGA_META_ACCESS_NEVER;
extern const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE;
optiga_result optiga_parse_metadata(const uint8_t *serialized,
size_t serialized_size,