1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-20 21:38:26 +00:00

feat(core): Add Optiga command logging macro.

[no changelog]
This commit is contained in:
Andrew Kozlik 2023-10-13 13:02:17 +02:00 committed by Andrew Kozlik
parent a4f8d2b877
commit 9a5e9b25c7
5 changed files with 44 additions and 6 deletions

View File

@ -50,6 +50,17 @@ const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE = {
const optiga_metadata_item OPTIGA_META_VERSION_DEFAULT = { const optiga_metadata_item OPTIGA_META_VERSION_DEFAULT = {
(const uint8_t[]){0x00, 0x00}, 2}; (const uint8_t[]){0x00, 0x00}, 2};
#if PRODUCTION
#define OPTIGA_LOG(prefix, data, data_size)
#else
static optiga_log_hex_t log_hex = NULL;
void optiga_command_set_log_hex(optiga_log_hex_t f) { log_hex = f; }
#define OPTIGA_LOG(prefix, data, data_size) \
if (log_hex != NULL) { \
log_hex(prefix, data, data_size); \
}
#endif
static optiga_result process_output(uint8_t **out_data, size_t *out_size) { static optiga_result process_output(uint8_t **out_data, size_t *out_size) {
// Check that there is no trailing output data in the response. // Check that there is no trailing output data in the response.
if (tx_size < 4 || (tx_buffer[2] << 8) + tx_buffer[3] != tx_size - 4) { if (tx_size < 4 || (tx_buffer[2] << 8) + tx_buffer[3] != tx_size - 4) {
@ -58,11 +69,13 @@ static optiga_result process_output(uint8_t **out_data, size_t *out_size) {
// Check response status code. // Check response status code.
if (tx_buffer[0] != 0) { if (tx_buffer[0] != 0) {
OPTIGA_LOG("FAILED", NULL, 0)
return OPTIGA_ERR_CMD; return OPTIGA_ERR_CMD;
} }
*out_data = tx_buffer + 4; *out_data = tx_buffer + 4;
*out_size = tx_size - 4; *out_size = tx_size - 4;
OPTIGA_LOG("SUCCESS ", *out_data, *out_size)
return OPTIGA_SUCCESS; return OPTIGA_SUCCESS;
} }
@ -270,6 +283,7 @@ optiga_result optiga_open_application(void) {
0x65, 0x6E, 0x41, 0x75, 0x74, 0x68, 0x41, 0x70, 0x70, 0x6C, 0x65, 0x6E, 0x41, 0x75, 0x74, 0x68, 0x41, 0x70, 0x70, 0x6C,
}; };
OPTIGA_LOG(__func__, OPEN_APP, sizeof(OPEN_APP))
optiga_result ret = optiga_execute_command( optiga_result ret = optiga_execute_command(
OPEN_APP, sizeof(OPEN_APP), tx_buffer, sizeof(tx_buffer), &tx_size); OPEN_APP, sizeof(OPEN_APP), tx_buffer, sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -288,6 +302,7 @@ optiga_result optiga_get_error_code(uint8_t *error_code) {
write_uint16(&ptr, OPTIGA_OID_ERROR_CODE); write_uint16(&ptr, OPTIGA_OID_ERROR_CODE);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -311,6 +326,7 @@ optiga_result optiga_get_data_object(uint16_t oid, bool get_metadata,
write_uint16(&ptr, oid); write_uint16(&ptr, oid);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -342,6 +358,7 @@ optiga_result optiga_set_data_object(uint16_t oid, bool set_metadata,
memcpy(ptr, data, data_size); memcpy(ptr, data, data_size);
} }
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -404,6 +421,7 @@ optiga_result optiga_get_random(uint8_t *random, size_t random_size) {
write_uint16(&ptr, random_size); write_uint16(&ptr, random_size);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -436,6 +454,7 @@ optiga_result optiga_encrypt_sym(optiga_sym_mode mode, uint16_t oid,
*(ptr++) = 0x01; // start and final data block *(ptr++) = 0x01; // start and final data block
write_prefixed_data(&ptr, input, input_size); write_prefixed_data(&ptr, input, input_size);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret == OPTIGA_SUCCESS) { if (ret == OPTIGA_SUCCESS) {
@ -465,6 +484,7 @@ optiga_result optiga_set_auto_state(uint16_t nonce_oid, uint16_t key_oid,
*(ptr++) = 0x41; // pre-pending optional data tag *(ptr++) = 0x41; // pre-pending optional data tag
write_uint16(&ptr, 0); write_uint16(&ptr, 0);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
@ -491,6 +511,7 @@ optiga_result optiga_set_auto_state(uint16_t nonce_oid, uint16_t key_oid,
write_uint16(&ptr, SHA256_DIGEST_LENGTH); write_uint16(&ptr, SHA256_DIGEST_LENGTH);
hmac_sha256(key, key_size, nonce, sizeof(nonce), ptr); hmac_sha256(key, key_size, nonce, sizeof(nonce), ptr);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, sizeof(tx_buffer), ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, sizeof(tx_buffer),
&tx_size); &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -515,6 +536,7 @@ optiga_result optiga_clear_auto_state(uint16_t key_oid) {
*(ptr++) = 0x43; // verification value tag *(ptr++) = 0x43; // verification value tag
write_uint16(&ptr, 0); // verification value length write_uint16(&ptr, 0); // verification value length
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -554,6 +576,7 @@ optiga_result optiga_calc_sign(uint16_t oid, const uint8_t *digest,
write_uint16(&ptr, 2); write_uint16(&ptr, 2);
write_uint16(&ptr, oid); write_uint16(&ptr, oid);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -621,6 +644,7 @@ optiga_result optiga_verify_sign(optiga_curve curve, const uint8_t *public_key,
*(ptr++) = 0x06; // public key tag *(ptr++) = 0x06; // public key tag
write_prefixed_data(&ptr, public_key, public_key_size); write_prefixed_data(&ptr, public_key, public_key_size);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -653,6 +677,7 @@ optiga_result optiga_gen_key_pair(optiga_curve curve, optiga_key_usage usage,
write_uint16(&ptr, 1); write_uint16(&ptr, 1);
*(ptr++) = usage; *(ptr++) = usage;
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -682,6 +707,7 @@ optiga_result optiga_gen_sym_key(optiga_aes algorithm, optiga_key_usage usage,
write_uint16(&ptr, 1); write_uint16(&ptr, 1);
*(ptr++) = usage; *(ptr++) = usage;
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -726,6 +752,7 @@ optiga_result optiga_calc_ssec(optiga_curve curve, uint16_t oid,
*(ptr++) = 0x07; // export tag *(ptr++) = 0x07; // export tag
write_uint16(&ptr, 0); write_uint16(&ptr, 0);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -779,6 +806,7 @@ optiga_result optiga_derive_key(optiga_key_derivation deriv, uint16_t oid,
*(ptr++) = 0x07; // export tag *(ptr++) = 0x07; // export tag
write_uint16(&ptr, 0); write_uint16(&ptr, 0);
OPTIGA_LOG(__func__, tx_buffer, tx_size)
optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer, optiga_result ret = optiga_execute_command(tx_buffer, tx_size, tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret == OPTIGA_SUCCESS) { if (ret == OPTIGA_SUCCESS) {
@ -907,6 +935,7 @@ optiga_result optiga_set_priv_key(uint16_t oid, const uint8_t priv_key[32]) {
return OPTIGA_ERR_PROCESS; return OPTIGA_ERR_PROCESS;
} }
OPTIGA_LOG(__func__, sop_cmd1, sizeof(sop_cmd1))
ret = optiga_execute_command(sop_cmd1, sizeof(sop_cmd1), tx_buffer, ret = optiga_execute_command(sop_cmd1, sizeof(sop_cmd1), tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
if (ret != OPTIGA_SUCCESS) { if (ret != OPTIGA_SUCCESS) {
@ -920,6 +949,7 @@ optiga_result optiga_set_priv_key(uint16_t oid, const uint8_t priv_key[32]) {
return ret; return ret;
} }
OPTIGA_LOG(__func__, sop_cmd2, sizeof(sop_cmd2))
ret = optiga_execute_command(sop_cmd2, sizeof(sop_cmd2), tx_buffer, ret = optiga_execute_command(sop_cmd2, sizeof(sop_cmd2), tx_buffer,
sizeof(tx_buffer), &tx_size); sizeof(tx_buffer), &tx_size);
memzero(sop_cmd2, sizeof(sop_cmd2)); memzero(sop_cmd2, sizeof(sop_cmd2));

View File

@ -134,11 +134,11 @@ static uint8_t sec_chan_buffer[OPTIGA_MAX_APDU_SIZE + SEC_CHAN_OVERHEAD_SIZE] =
{0}; {0};
static size_t sec_chan_size = 0; static size_t sec_chan_size = 0;
#ifdef NDEBUG #if PRODUCTION
#define OPTIGA_LOG(prefix, data, data_size) #define OPTIGA_LOG(prefix, data, data_size)
#else #else
static optiga_log_hex_t log_hex = NULL; static optiga_log_hex_t log_hex = NULL;
void optiga_set_log_hex(optiga_log_hex_t f) { log_hex = f; } void optiga_transport_set_log_hex(optiga_log_hex_t f) { log_hex = f; }
#define OPTIGA_LOG(prefix, data, data_size) \ #define OPTIGA_LOG(prefix, data, data_size) \
if (log_hex != NULL) { \ if (log_hex != NULL) { \
static uint8_t prev_data[4]; \ static uint8_t prev_data[4]; \

View File

@ -192,4 +192,9 @@ optiga_result optiga_derive_key(optiga_key_derivation deriv, uint16_t oid,
size_t key_size); size_t key_size);
optiga_result optiga_set_trust_anchor(void); optiga_result optiga_set_trust_anchor(void);
optiga_result optiga_set_priv_key(uint16_t oid, const uint8_t priv_key[32]); optiga_result optiga_set_priv_key(uint16_t oid, const uint8_t priv_key[32]);
#if !PRODUCTION
void optiga_command_set_log_hex(optiga_log_hex_t f);
#endif
#endif #endif

View File

@ -34,4 +34,9 @@ typedef enum _optiga_result {
OPTIGA_ERR_CMD, // Command error. See error code data object 0xF1C2. OPTIGA_ERR_CMD, // Command error. See error code data object 0xF1C2.
} optiga_result; } optiga_result;
#if !PRODUCTION
typedef void (*optiga_log_hex_t)(const char *prefix, const uint8_t *data,
size_t data_size);
#endif
#endif #endif

View File

@ -44,10 +44,8 @@ optiga_result optiga_resync(void);
optiga_result optiga_soft_reset(void); optiga_result optiga_soft_reset(void);
optiga_result optiga_set_data_reg_len(size_t size); optiga_result optiga_set_data_reg_len(size_t size);
#ifndef NDEBUG #if !PRODUCTION
typedef void (*optiga_log_hex_t)(const char *prefix, const uint8_t *data, void optiga_transport_set_log_hex(optiga_log_hex_t f);
size_t data_size);
void optiga_set_log_hex(optiga_log_hex_t f);
#endif #endif
#endif #endif