[Infineon] Trust M Code clean up and improve crypto performance (#34310)
Details :
- Code clean up
- Improve crypto performance
- Minor bug fixes
diff --git a/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp b/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp
index 895b532..23856be 100644
--- a/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp
+++ b/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp
@@ -277,8 +277,7 @@
size_t signature_trustm_len = sizeof(signature_trustm);
MutableByteSpan out_der_sig_span(signature_trustm, signature_trustm_len);
- uint8_t hash_length_u8 = static_cast<uint8_t>(hash_length);
- uint16_t signature_trustm_len_u16 = static_cast<uint16_t>(signature_trustm_len);
+ uint8_t hash_length_u8 = static_cast<uint8_t>(hash_length);
VerifyOrReturnError(hash != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(hash_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
@@ -292,7 +291,7 @@
signature_trustm_len = out_der_sig_span.size();
// ECC verify
- return_status = trustm_ecdsa_verify((uint8_t *) hash, hash_length_u8, (uint8_t *) signature_trustm, signature_trustm_len_u16,
+ return_status = trustm_ecdsa_verify((uint8_t *) hash, hash_length_u8, (uint8_t *) signature_trustm, signature_trustm_len,
(uint8_t *) bytes, (uint8_t) kP256_PublicKey_Length);
VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
diff --git a/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.cpp b/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.cpp
index be25fd8..4623c3f 100644
--- a/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.cpp
+++ b/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.cpp
@@ -36,9 +36,9 @@
#include "pal_os_timer.h"
#include <FreeRTOS.h>
-optiga_crypt_t * p_local_crypt = NULL;
-optiga_util_t * p_local_util = NULL;
-static bool trustm_isOpen = false;
+optiga_crypt_t * me_crypt = NULL;
+optiga_util_t * me_util = NULL;
+static bool trustm_isOpen = false;
#define ENABLE_HMAC_MULTI_STEP (0)
#define OPTIGA_UTIL_DER_BITSTRING_TAG (0x03)
#define OPTIGA_UTIL_DER_NUM_UNUSED_BITS (0x00)
@@ -55,10 +55,7 @@
void vApplicationTickHook(void);
-void vApplicationTickHook(void)
-{
- pal_os_event_trigger_registered_callback();
-}
+void vApplicationTickHook(void) {}
#define WAIT_FOR_COMPLETION(ret) \
if (OPTIGA_LIB_SUCCESS != ret) \
@@ -67,9 +64,7 @@
} \
while (optiga_lib_status == OPTIGA_LIB_BUSY) \
{ \
- pal_os_event_trigger_registered_callback(); \
} \
- \
if (OPTIGA_LIB_SUCCESS != optiga_lib_status) \
{ \
ret = optiga_lib_status; \
@@ -113,7 +108,6 @@
static bool init = false;
void trustm_Open(void)
{
- optiga_lib_status_t xResult;
uint16_t dOptigaOID = 0xE0C4;
// Maximum Power, Minimum Current limitation
uint8_t cCurrentLimit = 15;
@@ -123,75 +117,74 @@
optiga_lib_status_t return_status;
do
{
- /**
- * 1. Create OPTIGA Crypt Instance
- */
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
- if (NULL == p_local_crypt)
+ // Create Optiga crypt instance
+ if (me_crypt == NULL)
{
- break;
+ me_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
+ if (NULL == me_crypt)
+ {
+ break;
+ }
}
- // printf("trustm created crypt Instance \r\n");
- /**
- * 1. Create OPTIGA Util Instance
- */
- p_local_util = optiga_util_create(0, optiga_util_callback, NULL);
- if (NULL == p_local_util)
+ else
{
- break;
+ printf("Error: me_crypt already initialised\n");
}
- // printf("trustm created util Instance \r\n");
+ // Create Optiga Util instance
+ if (me_util == NULL)
+ {
+ me_util = optiga_util_create(0, optiga_util_callback, NULL);
+ if (NULL == me_util)
+ {
+ break;
+ }
+ }
+ else
+ {
+ printf("Error: me_crypt already initialised\n");
+ }
/**
* Open the application on OPTIGA which is a precondition to perform any other operations
* using optiga_util_open_application
*/
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_util_open_application(p_local_util, 0); // skip restore
- while (optiga_lib_status == OPTIGA_LIB_BUSY)
-
- // Only run once for initialisation
- if (init)
- {
- xResult = optiga_util_write_data(p_local_util, dOptigaOID, OPTIGA_UTIL_WRITE_ONLY, 0, &cCurrentLimit, 1);
-
- if (OPTIGA_LIB_SUCCESS != xResult)
- {
- break;
- }
- while (optiga_lib_status == OPTIGA_LIB_BUSY)
- ;
- // Set init to true
- init = true;
- }
-
+ return_status = optiga_util_open_application(me_util, 0); // skip restore
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_util_open_application api returns error !!!
- printf("optiga_util_open_application api returns error !!!\n");
+ printf("optiga_util_open_application api returns error %02X\n", return_status);
break;
}
+ // Wait until the optiga_util_open_application is completed
+ WAIT_FOR_COMPLETION(return_status);
- while (optiga_lib_status == OPTIGA_LIB_BUSY)
- ;
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
+ if (OPTIGA_LIB_SUCCESS != return_status)
{
// optiga_util_open_application failed
printf("optiga_util_open_application failed\n");
break;
}
+ trustm_isOpen = true;
- // printf("trustm open application successful \r\n");
-
+ // Only run once for initialisation
+ if (!init)
+ {
+ optiga_lib_status = OPTIGA_LIB_BUSY;
+ return_status = optiga_util_write_data(me_util, dOptigaOID, OPTIGA_UTIL_ERASE_AND_WRITE, 0, &cCurrentLimit, 1);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ printf("optiga_util_write_data api returns error %02X\n", return_status);
+ break;
+ }
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ printf("optiga_util_write_data returns error\n");
+ break;
+ }
+ // Set init to true
+ init = true;
+ }
} while (0);
-
- // p_local_util and p_local_crypt instance can be destroyed
- // if no close_application w.r.t hibernate is required to be performed
- if (p_local_util || p_local_crypt)
- {
- optiga_util_destroy(p_local_util);
- optiga_crypt_destroy(p_local_crypt);
- }
- trustm_isOpen = true;
}
}
@@ -206,19 +199,28 @@
* using optiga_util_close_application
*/
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_util_close_application(p_local_util, 0);
+ return_status = optiga_util_close_application(me_util, 0);
if (OPTIGA_LIB_SUCCESS != return_status)
- break;
-
- while (optiga_lib_status == OPTIGA_LIB_BUSY)
{
- pal_os_event_trigger_registered_callback();
+ printf("optiga_util_close_application api returns error %02X\n", return_status);
+ break;
+ }
+
+ WAIT_FOR_COMPLETION(return_status);
+
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_util_close_application failed
+ printf("optiga_util_close_application failed\n");
+ break;
}
// destroy util and crypt instances
- optiga_util_destroy(p_local_util);
- optiga_crypt_destroy(p_local_crypt);
+ optiga_util_destroy(me_util);
+ optiga_crypt_destroy(me_crypt);
pal_os_event_destroy(NULL);
+ me_util = NULL;
+ me_crypt = NULL;
trustm_isOpen = false;
return_status = OPTIGA_LIB_SUCCESS;
} while (0);
@@ -232,37 +234,25 @@
uint16_t size_to_copy = 0;
optiga_lib_status_t return_status;
- optiga_util_t * me_util = NULL;
uint8_t ifx_cert_hex[1024];
uint16_t ifx_cert_hex_len = sizeof(ifx_cert_hex);
do
{
- // Create an instance of optiga_util to read the certificate from OPTIGA.
- me_util = optiga_util_create(0, optiga_util_callback, NULL);
- if (!me_util)
- {
- optiga_lib_print_message("optiga_util_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
optiga_lib_status = OPTIGA_LIB_BUSY;
return_status = optiga_util_read_data(me_util, optiga_oid, 0, ifx_cert_hex, &ifx_cert_hex_len);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_util_read_data api returns error !!!
- optiga_lib_print_message("optiga_util_read_data api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ printf("optiga_util_read_data api returns error %02X\n", return_status);
break;
}
-
- while (optiga_lib_status == OPTIGA_LIB_BUSY)
- ;
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_util_read_data failed
- optiga_lib_print_message("optiga_util_read_data failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_util_read_data returns error
+ printf("read_certificate_from_optiga failed\n");
break;
}
-
// convert to PEM format
// If the first byte is TLS Identity Tag, than we need to skip 9 first bytes
offset_to_read = ifx_cert_hex[0] == 0xc0 ? 9 : 0;
@@ -292,113 +282,52 @@
*cert_pem_length = offset_to_write + 27;
} while (0);
-
- // me_util instance to be destroyed
- if (me_util)
- {
- optiga_util_destroy(me_util);
- }
}
+
void write_data(uint16_t optiga_oid, const uint8_t * p_data, uint16_t length)
{
- optiga_util_t * me_util = NULL;
optiga_lib_status_t return_status;
do
{
- // Create an instance of optiga_util to open the application on OPTIGA.
- me_util = optiga_util_create(0, optiga_util_callback, NULL);
- if (!me_util)
- {
- optiga_lib_print_message("optiga_util_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
optiga_lib_status = OPTIGA_LIB_BUSY;
return_status = optiga_util_write_data(me_util, optiga_oid, OPTIGA_UTIL_ERASE_AND_WRITE, 0, p_data, length);
+ if (OPTIGA_LIB_SUCCESS != return_status)
{
- if (OPTIGA_LIB_SUCCESS != return_status)
- {
- optiga_lib_print_message("optiga_util_wirte_data api returns error !!!", OPTIGA_UTIL_SERVICE,
- OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
+ printf("optiga_util_write_data api returns error %02X\n", return_status);
+ break;
+ }
+ WAIT_FOR_COMPLETION(return_status);
- while (OPTIGA_LIB_BUSY == optiga_lib_status)
- {
- // Wait until the optiga_util_write_data operation is completed
- }
-
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
- {
- optiga_lib_print_message("optiga_util_write_data failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- return_status = optiga_lib_status;
- break;
- }
- else
- {
- optiga_lib_print_message("optiga_util_write_data successful", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- }
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ printf("write_data failed\n");
+ return_status = optiga_lib_status;
+ break;
}
} while (0);
-
- // me_util instance can be destroyed
- // if no close_application w.r.t hibernate is required to be performed
- if (me_util)
- {
- optiga_util_destroy(me_util);
- }
}
void write_metadata(uint16_t optiga_oid, const uint8_t * p_data, uint8_t length)
{
- optiga_util_t * me_util = NULL;
optiga_lib_status_t return_status;
do
{
- // Create an instance of optiga_util to open the application on OPTIGA.
- me_util = optiga_util_create(0, optiga_util_callback, NULL);
- if (!me_util)
- {
- optiga_lib_print_message("optiga_util_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
optiga_lib_status = OPTIGA_LIB_BUSY;
return_status = optiga_util_write_metadata(me_util, optiga_oid, p_data, length);
+ if (OPTIGA_LIB_SUCCESS != return_status)
{
- if (OPTIGA_LIB_SUCCESS != return_status)
- {
- optiga_lib_print_message("optiga_util_wirte_data api returns error !!!", OPTIGA_UTIL_SERVICE,
- OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
- while (OPTIGA_LIB_BUSY == optiga_lib_status)
- {
- // Wait until the optiga_util_write_metadata operation is completed
- }
-
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
- {
- optiga_lib_print_message("optiga_util_write_metadata failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- return_status = optiga_lib_status;
- break;
- }
- else
- {
- optiga_lib_print_message("optiga_util_write_metadata successful", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- }
+ printf("optiga_util_write_metadata api returns error %02X\n", return_status);
+ break;
+ }
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ printf("optiga_util_write_metadata failed\n");
+ break;
}
} while (0);
-
- // me_util instance can be destroyed
- // if no close_application w.r.t hibernate is required to be performed
- if (me_util)
- {
- optiga_util_destroy(me_util);
- }
}
optiga_lib_status_t deriveKey_HKDF(const uint8_t * salt, uint16_t salt_length, const uint8_t * info, uint16_t info_length,
@@ -408,39 +337,22 @@
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_crypt_hkdf(p_local_crypt, OPTIGA_HKDF_SHA_256, TRUSTM_HKDF_OID_KEY, /* Input secret OID */
+ return_status = optiga_crypt_hkdf(me_crypt, OPTIGA_HKDF_SHA_256, TRUSTM_HKDF_OID_KEY, /* Input secret OID */
salt, salt_length, info, info_length, derived_key_length, TRUE, derived_key);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_hkdf api returns error !!!
- optiga_lib_print_message("optiga_crypt_hkdf api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ printf("optiga_crypt_hkdf api returns error %02X\n", return_status);
break;
}
-
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_hkdf failed
- optiga_lib_print_message("optiga_crypt_hkdf failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ printf("optiga_crypt_hkdf failed\n");
break;
}
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
return return_status;
}
@@ -451,25 +363,24 @@
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
- return_status = OPTIGA_LIB_BUSY;
+ optiga_lib_status = OPTIGA_LIB_BUSY;
#if ENABLE_HMAC_MULTI_STEP
// If the size is less than the max length supported
if (input_data_length <= MAX_MAC_DATA_LEN)
{
- return_status =
- optiga_crypt_hmac(p_local_crypt, type, TRUSTM_HMAC_OID_KEY, input_data, input_data_length, mac, mac_length);
+ return_status = optiga_crypt_hmac(me_crypt, type, TRUSTM_HMAC_OID_KEY, input_data, input_data_length, mac, mac_length);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_hmac api returns error !!!
- optiga_lib_print_message("optiga_crypt_hmac api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hmac returns error !!!
+ printf("optiga_crypt_hmac api error %02X\n", return_status);
+ break;
+ }
+
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_hmac returns error !!!
+ printf("optiga_crypt_hmac returns error\n");
break;
}
}
@@ -479,13 +390,18 @@
uint32_t dataLenTemp = 0;
uint32_t remainingLen = input_data_length;
// Start the HMAC Operation
- return_status = optiga_crypt_hmac_start(p_local_crypt, type, TRUSTM_HMAC_OID_KEY, input_data, MAX_MAC_DATA_LEN);
-
+ return_status = optiga_crypt_hmac_start(me_crypt, type, TRUSTM_HMAC_OID_KEY, input_data, MAX_MAC_DATA_LEN);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_hmac_start api returns error !!!
- optiga_lib_print_message("optiga_crypt_hmac_start api returns error !!!", OPTIGA_UTIL_SERVICE,
- OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hmac returns error !!!
+ printf("optiga_crypt_hmac_start api error %02X\n", return_status);
+ break;
+ }
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_hmac_start returns error !!!
+ printf("optiga_crypt_hmac_start returns error\n");
break;
}
remainingLen = input_data_length - MAX_MAC_DATA_LEN;
@@ -496,18 +412,21 @@
if (remainingLen > MAX_MAC_DATA_LEN)
{
- return_status = OPTIGA_LIB_BUSY;
- // printf("HMAC Update\n");
- // Continue HMAC operation on input data
+ optiga_lib_status = OPTIGA_LIB_BUSY;
return_status =
- optiga_crypt_hmac_update(p_local_crypt, (input_data + (input_data_length - remainingLen)), dataLenTemp);
- remainingLen = remainingLen - dataLenTemp;
-
+ optiga_crypt_hmac_update(me_crypt, (input_data + (input_data_length - remainingLen)), dataLenTemp);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_hmac_update api returns error !!!
- optiga_lib_print_message("optiga_crypt_hmac_update api returns error !!!", OPTIGA_UTIL_SERVICE,
- OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hmac_update returns error !!!
+ printf("optiga_crypt_hmac_update api error %02X\n", return_status);
+ break;
+ }
+ WAIT_FOR_COMPLETION(return_status);
+ remainingLen = remainingLen - dataLenTemp;
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_hmac_update returns error !!!
+ printf("optiga_crypt_hmac_update returns error\n");
break;
}
}
@@ -515,15 +434,20 @@
{
// End HMAC sequence and return the MAC generated
// printf("HMAC Finalize\n");
- return_status = OPTIGA_LIB_BUSY;
- return_status = optiga_crypt_hmac_finalize(p_local_crypt, (input_data + (input_data_length - remainingLen)),
- dataLenTemp, mac, mac_length);
-
+ optiga_lib_status = OPTIGA_LIB_BUSY;
+ return_status = optiga_crypt_hmac_finalize(me_crypt, (input_data + (input_data_length - remainingLen)),
+ dataLenTemp, mac, mac_length);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_hmac_finalize api returns error !!!
- optiga_lib_print_message("optiga_crypt_hmac_finalize api returns error !!!", OPTIGA_UTIL_SERVICE,
- OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hmac_finalize returns error !!!
+ printf("optiga_crypt_hmac_finalize api error %02X\n", return_status);
+ break;
+ }
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_hmac_finalize returns error !!!
+ printf("optiga_crypt_hmac_finalize returns error\n");
break;
}
}
@@ -531,70 +455,48 @@
}
#else
- return_status = optiga_crypt_hmac(p_local_crypt, type, TRUSTM_HMAC_OID_KEY, input_data, input_data_length, mac, mac_length);
- // printf("Output Length %ld Input Length %ld \n", *mac_length, input_data_length);
+ return_status = optiga_crypt_hmac(me_crypt, type, TRUSTM_HMAC_OID_KEY, input_data, input_data_length, mac, mac_length);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_hmac api returns error !!!
- optiga_lib_print_message("optiga_crypt_hmac api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hmac returns error !!!
+ printf("optiga_crypt_hmac api error %02X\n", return_status);
break;
}
-
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_hkdf failed
- optiga_lib_print_message("optiga_crypt_hkdf failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hmac returns error !!!
+ printf("optiga_crypt_hmac returns error\n");
break;
}
#endif
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
return return_status;
}
+
optiga_lib_status_t optiga_crypt_rng(uint8_t * random_data, uint16_t random_data_length)
{
optiga_lib_status_t return_status;
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
- return_status = OPTIGA_LIB_BUSY;
- return_status = optiga_crypt_random(p_local_crypt, OPTIGA_RNG_TYPE_DRNG, random_data, random_data_length);
+ optiga_lib_status = OPTIGA_LIB_BUSY;
+ return_status = optiga_crypt_random(me_crypt, OPTIGA_RNG_TYPE_DRNG, random_data, random_data_length);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_random api returns error !!!
- optiga_lib_print_message("optiga_crypt_random api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_random returns error !!!
+ printf("optiga_crypt_random api error %02X\n", return_status);
break;
}
-
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
{
// optiga_crypt_random failed
- optiga_lib_print_message("optiga_crypt_random failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ printf("optiga_crypt_random returns error\n");
break;
}
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
return return_status;
}
optiga_lib_status_t trustm_ecc_keygen(uint16_t optiga_key_id, uint8_t key_type, optiga_ecc_curve_t curve_id, uint8_t * pubkey,
@@ -610,35 +512,24 @@
}
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_crypt_ecc_generate_keypair(p_local_crypt, curve_id, key_type, FALSE, &optiga_key_id, (pubkey + i),
- pubkey_length);
+ return_status =
+ optiga_crypt_ecc_generate_keypair(me_crypt, curve_id, key_type, FALSE, &optiga_key_id, (pubkey + i), pubkey_length);
if (OPTIGA_LIB_SUCCESS != return_status)
{
// optiga_crypt_ecc_generate_keypair api returns error !!!
- optiga_lib_print_message("optiga_crypt_ecc_generate_keypair api returns error !!!", OPTIGA_UTIL_SERVICE,
- OPTIGA_UTIL_SERVICE_COLOR);
+ printf("optiga_crypt_ecc_generate_keypair api error %02X\n", return_status);
break;
}
-
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_ecc_generate_keypair returns error !!!
+ printf("optiga_crypt_ecc_generate_keypair returns error\n");
+ break;
+ }
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
-
*pubkey_length += sizeof(header256);
return return_status;
}
@@ -648,32 +539,22 @@
uint16_t offset = 0;
do
{
- // Create an instance of optiga_crypt_t
- p_local_util = optiga_util_create(0, optiga_util_callback, NULL);
- if (NULL == p_local_util)
- {
- optiga_lib_print_message("optiga_util_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_util_read_data(p_local_util, optiga_oid, offset, pubkey, pubkeyLen);
+ return_status = optiga_util_read_data(me_util, optiga_oid, offset, pubkey, pubkeyLen);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_util_read_pubkey api returns error !!!
- optiga_lib_print_message("optiga_util_read_pubkey returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_util_read_data api returns error !!!
+ printf("optiga_util_read_data api error %02X\n", return_status);
break;
}
-
- while (optiga_lib_status == OPTIGA_LIB_BUSY)
- ;
-
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_util_read_pubkey returns error !!!
+ printf("optiga_util_read_pubkey returns error\n");
+ break;
+ }
} while (0);
-
- if (p_local_util)
- {
- optiga_util_destroy(p_local_util);
- }
}
optiga_lib_status_t trustm_hash(uint8_t * msg, uint16_t msg_length, uint8_t * digest, uint8_t digest_length)
{
@@ -681,34 +562,25 @@
hash_data_from_host_t hash_data_host;
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
hash_data_host.buffer = msg;
hash_data_host.length = msg_length;
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_crypt_hash(p_local_crypt, OPTIGA_HASH_TYPE_SHA_256, OPTIGA_CRYPT_HOST_DATA, &hash_data_host, digest);
-
+ return_status = optiga_crypt_hash(me_crypt, OPTIGA_HASH_TYPE_SHA_256, OPTIGA_CRYPT_HOST_DATA, &hash_data_host, digest);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_ecdsa_sign api returns error !!!
- optiga_lib_print_message("optiga_crypt_hash api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hash api returns error !!!
+ printf("optiga_crypt_hash api error %02X\n", return_status);
break;
}
-
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_hash api returns error !!!
+ printf("optiga_crypt_hash returns error\n");
+ break;
+ }
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
return return_status;
}
optiga_lib_status_t trustm_ecdsa_sign(optiga_key_id_t optiga_key_id, uint8_t * digest, uint8_t digest_length, uint8_t * signature,
@@ -718,26 +590,21 @@
int i;
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_crypt_ecdsa_sign(p_local_crypt, digest, digest_length, optiga_key_id, signature, signature_length);
+ return_status = optiga_crypt_ecdsa_sign(me_crypt, digest, digest_length, optiga_key_id, signature, signature_length);
if (OPTIGA_LIB_SUCCESS != return_status)
{
// optiga_crypt_ecdsa_sign api returns error !!!
- optiga_lib_print_message("optiga_crypt_ecdsa_sign api returns error !!!", OPTIGA_UTIL_SERVICE,
- OPTIGA_UTIL_SERVICE_COLOR);
+ printf("optiga_crypt_ecdsa_sign api error %02X\n", return_status);
break;
}
-
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_ecdsa_sign returns error !!!
+ printf("optiga_crypt_ecdsa_sign returns error\n");
+ break;
+ }
for (i = (*signature_length - 1); i >= 0; i--)
{
signature[i + 2] = signature[i];
@@ -749,23 +616,18 @@
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
return return_status;
}
+
void ecc_pub_key_bit(uint8_t * q_buffer, uint8_t q_length, uint8_t * pub_key_buffer, uint16_t * pub_key_length)
{
-#define OPTIGA_UTIL_ECC_DER_ADDITIONAL_LENGTH (0x02)
+#define OPTIGA_UTIL_ECC_DER_ADDITIONAL_LENGTH (0x01)
uint16_t index = 0;
pub_key_buffer[index++] = OPTIGA_UTIL_DER_BITSTRING_TAG;
pub_key_buffer[index++] = q_length + OPTIGA_UTIL_ECC_DER_ADDITIONAL_LENGTH;
pub_key_buffer[index++] = OPTIGA_UTIL_DER_NUM_UNUSED_BITS;
- // Compression format. Supports only 04 [uncompressed]
- pub_key_buffer[index++] = 0x04;
pal_os_memcpy(&pub_key_buffer[index], q_buffer, q_length);
index += q_length;
@@ -781,44 +643,36 @@
uint8_t ecc_public_key[70] = { 0x00 };
uint16_t i;
uint16_t ecc_public_key_length = 0;
+
ecc_pub_key_bit(ecc_pubkey, ecc_pubkey_length, ecc_public_key, &ecc_public_key_length);
public_key_from_host_t public_key_details = { ecc_public_key, ecc_public_key_length, (uint8_t) OPTIGA_ECC_CURVE_NIST_P_256 };
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
-
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
signature_length = signature[1];
for (i = 0; i < signature_length; i++)
{
signature[i] = signature[i + 2];
}
- return_status = OPTIGA_LIB_BUSY;
- return_status = optiga_crypt_ecdsa_verify(p_local_crypt, digest, digest_length, signature, signature_length,
- OPTIGA_CRYPT_HOST_DATA, &public_key_details);
+
+ optiga_lib_status = OPTIGA_LIB_BUSY;
+ return_status = optiga_crypt_ecdsa_verify(me_crypt, digest, digest_length, signature, signature_length,
+ OPTIGA_CRYPT_HOST_DATA, &public_key_details);
if (OPTIGA_LIB_SUCCESS != return_status)
{
// optiga_crypt_ecdsa_verify api returns error !!!
- optiga_lib_print_message("optiga_crypt_ecdsa_verify api returns error !!!", OPTIGA_UTIL_SERVICE,
- OPTIGA_UTIL_SERVICE_COLOR);
+ printf("optiga_crypt_ecdsa_verify api error %02X\n", return_status);
break;
}
-
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_ecdsa_verify returns error !!!
+ printf("optiga_crypt_ecdsa_verify returns error\n");
+ break;
+ }
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
return return_status;
}
@@ -834,40 +688,35 @@
trustm_Open();
do
{
- // Create an instance of optiga_util to read the certificate from OPTIGA.
- p_local_util = optiga_util_create(0, optiga_util_callback, NULL);
- if (!p_local_util)
- {
- optiga_lib_print_message("optiga_util_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_util_read_data(p_local_util, optiga_oid, 0, ifx_cert_hex, &ifx_cert_hex_len);
+ return_status = optiga_util_read_data(me_util, optiga_oid, 0, ifx_cert_hex, &ifx_cert_hex_len);
if (OPTIGA_LIB_SUCCESS != return_status)
{
// optiga_util_read_data api returns error !!!
- optiga_lib_print_message("optiga_util_read_data api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ printf("optiga_util_read_data api error %02X\n", return_status);
break;
}
- while (optiga_lib_status == OPTIGA_LIB_BUSY)
- ;
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
{
// optiga_util_read_data failed
- optiga_lib_print_message("optiga_util_read_data failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ printf("trustmGetCertificate failed\n");
break;
}
-
memcpy(buf, ifx_cert_hex, ifx_cert_hex_len);
*buflen = ifx_cert_hex_len;
} while (0);
- if (p_local_util)
+ if (return_status == OPTIGA_LIB_SUCCESS)
{
- optiga_util_destroy(p_local_util);
+ return CHIP_NO_ERROR;
}
- return CHIP_NO_ERROR;
+ else
+ {
+ return CHIP_ERROR_INTERNAL;
+ }
}
+
optiga_lib_status_t trustm_ecdh_derive_secret(optiga_key_id_t optiga_key_id, uint8_t * public_key, uint16_t public_key_length,
uint8_t * shared_secret, uint8_t shared_secret_length)
{
@@ -879,33 +728,23 @@
};
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
-
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
optiga_lib_status = OPTIGA_LIB_BUSY;
- return_status = optiga_crypt_ecdh(p_local_crypt, optiga_key_id, &public_key_details, TRUE, shared_secret);
+ return_status = optiga_crypt_ecdh(me_crypt, optiga_key_id, &public_key_details, TRUE, shared_secret);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- // optiga_crypt_ecdh api returns error !!!
- optiga_lib_print_message("optiga_crypt_ecdh api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_util_read_data api returns error !!!
+ printf("optiga_crypt_ecdh api error %02X\n", return_status);
break;
}
-
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ // optiga_crypt_ecdh returns error !!!
+ printf("optiga_crypt_ecdh returns error\n");
+ break;
+ }
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
return return_status;
}
@@ -921,37 +760,40 @@
unsigned char * out_p = output;
do
{
- // Create an instance of optiga_crypt_t
- p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
- if (NULL == p_local_crypt)
- {
- optiga_lib_print_message("optiga_crypt_create failed!!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
- break;
- }
-
// Calculate U1, U1 ends up in work
+ optiga_lib_status = OPTIGA_LIB_BUSY;
return_status =
- optiga_crypt_hmac(p_local_crypt, OPTIGA_HMAC_SHA_256, TRUSTM_HMAC_OID_KEY, salt, (uint32_t) slen, work, &work_len);
-
+ optiga_crypt_hmac(me_crypt, OPTIGA_HMAC_SHA_256, TRUSTM_HMAC_OID_KEY, salt, (uint32_t) slen, work, &work_len);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- optiga_lib_print_message("optiga_crypt_hmac api returns error!!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hmac api returns error !!!
+ printf("optiga_crypt_hmac api 1 error %02X\n", return_status);
break;
}
- return_status = OPTIGA_LIB_BUSY;
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ printf("optiga_crypt_hmac 1 returns error\n");
+ break;
+ }
memcpy(md1, work, md1_len);
for (unsigned int i = 1; i < iteration_count; i++)
{
+ optiga_lib_status = OPTIGA_LIB_BUSY;
// Calculated subsequent U, which ends up in md1
- return_status = optiga_crypt_hmac(p_local_crypt, OPTIGA_HMAC_SHA_256, TRUSTM_HMAC_OID_KEY, md1, md1_len, md1, &md1_len);
-
+ return_status = optiga_crypt_hmac(me_crypt, OPTIGA_HMAC_SHA_256, TRUSTM_HMAC_OID_KEY, md1, md1_len, md1, &md1_len);
if (OPTIGA_LIB_SUCCESS != return_status)
{
- optiga_lib_print_message("optiga_crypt_hmac api returns error!!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+ // optiga_crypt_hmac api returns error !!!
+ printf("optiga_crypt_hmac api 2 error %02X\n", return_status);
break;
}
- return_status = OPTIGA_LIB_BUSY;
-
+ WAIT_FOR_COMPLETION(return_status);
+ if (OPTIGA_LIB_SUCCESS != return_status)
+ {
+ printf("optiga_crypt_hmac 2 returns error\n");
+ break;
+ }
// U1 xor U2
for (int j = 0; j < (int) md1_len; j++)
{
@@ -959,25 +801,8 @@
}
}
- while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
- ;
-
- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
-
- {
-
- // optiga_crypt_hkdf failed
-
- optiga_lib_print_message("optiga_crypt_pbkdf_hmac failed failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
-
- break;
- }
memcpy(out_p, work, key_length);
} while (0);
- if (p_local_crypt)
- {
- optiga_crypt_destroy(p_local_crypt);
- }
return return_status;
}
