fixup! feat(core): Integrate OPTIGA Trust M

trezor · Aug 1, 2023 · ce5c1f1 · ce5c1f1
1 parent 51ebf2b
commit ce5c1f1
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/core/embed/trezorhal/optiga/optiga_commands.c b/core/embed/trezorhal/optiga/optiga_commands.c
@@ -17,6 +17,12 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+/*
+ * Reference manuals:
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/Infineon_I2C_Protocol_v2.03.pdf
+ */
+
 #include "optiga_commands.h"
 #include <string.h>
 #include "ecdsa.h"
@@ -72,6 +78,11 @@ static optiga_result process_output_varlen(uint8_t *data, size_t max_data_size,
   return OPTIGA_SUCCESS;
 }
 
+/*
+ * For metadata description see:
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#metadata-expression
+ */
+
 static const struct {
   size_t offset;
   uint8_t tag;
@@ -174,6 +185,9 @@ optiga_result optiga_serialize_metadata(const optiga_metadata *metadata,
   return OPTIGA_SUCCESS;
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#openapplication
+ */
 optiga_result optiga_open_application(void) {
   static const uint8_t OPEN_APP[] = {
       0x70, 0x00, 0x00, 0x10, 0xD2, 0x76, 0x00, 0x00, 0x04, 0x47,
@@ -205,6 +219,9 @@ optiga_result optiga_get_error_code(uint8_t *error_code) {
   return OPTIGA_SUCCESS;
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#getdataobject
+ */
 optiga_result optiga_get_data_object(uint16_t oid, bool get_metadata,
                                      uint8_t *data, size_t max_data_size,
                                      size_t *data_size) {
@@ -225,6 +242,9 @@ optiga_result optiga_get_data_object(uint16_t oid, bool get_metadata,
   return process_output_varlen(data, max_data_size, data_size);
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#setdataobject
+ */
 optiga_result optiga_set_data_object(uint16_t oid, bool set_metadata,
                                      const uint8_t *data, size_t data_size) {
   if (data_size + 8 > sizeof(tx_buffer)) {
@@ -257,6 +277,9 @@ optiga_result optiga_set_data_object(uint16_t oid, bool set_metadata,
   return ret;
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#getrandom
+ */
 optiga_result optiga_get_random(uint8_t *random, size_t random_size) {
   if (random_size < 8 || random_size > 256) {
     return OPTIGA_ERR_SIZE;
@@ -276,6 +299,9 @@ optiga_result optiga_get_random(uint8_t *random, size_t random_size) {
   return process_output_fixedlen(random, random_size);
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#encryptsym
+ */
 optiga_result optiga_encrypt_sym(optiga_sym_mode mode, uint16_t oid,
                                  const uint8_t *input, size_t input_size,
                                  uint8_t *output, size_t max_output_size,
@@ -306,6 +332,9 @@ optiga_result optiga_encrypt_sym(optiga_sym_mode mode, uint16_t oid,
   return ret;
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#decryptsym
+ */
 optiga_result optiga_set_auto_state(uint16_t nonce_oid, uint16_t key_oid,
                                     const uint8_t key[32]) {
   uint8_t nonce[16] = {0};
@@ -374,6 +403,9 @@ optiga_result optiga_clear_auto_state(uint16_t key_oid) {
   return OPTIGA_SUCCESS;
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#calcsign
+ */
 optiga_result optiga_calc_sign(uint16_t oid, const uint8_t *digest,
                                size_t digest_size, uint8_t *signature,
                                size_t max_sig_size, size_t *sig_size) {
@@ -405,6 +437,9 @@ optiga_result optiga_calc_sign(uint16_t oid, const uint8_t *digest,
   return process_output_varlen(signature, max_sig_size, sig_size);
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#genkeypair
+ */
 optiga_result optiga_gen_key_pair(optiga_curve curve, optiga_key_usage usage,
                                   uint16_t oid, uint8_t *public_key,
                                   size_t max_public_key_size,
@@ -434,6 +469,9 @@ optiga_result optiga_gen_key_pair(optiga_curve curve, optiga_key_usage usage,
                                public_key_size);
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#gensymkey
+ */
 optiga_result optiga_gen_sym_key(optiga_aes algorithm, optiga_key_usage usage,
                                  uint16_t oid) {
   tx_size = 13;
@@ -460,6 +498,9 @@ optiga_result optiga_gen_sym_key(optiga_aes algorithm, optiga_key_usage usage,
   return process_output_fixedlen(NULL, 0);
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#calcssec
+ */
 optiga_result optiga_calc_ssec(optiga_curve curve, uint16_t oid,
                                const uint8_t *public_key,
                                size_t public_key_size, uint8_t *secret,
@@ -502,6 +543,9 @@ optiga_result optiga_calc_ssec(optiga_curve curve, uint16_t oid,
   return process_output_varlen(secret, max_secret_size, secret_size);
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#derivekey
+ */
 optiga_result optiga_derive_key(optiga_key_derivation deriv, uint16_t oid,
                                 const uint8_t *salt, size_t salt_size,
                                 uint8_t *info, size_t info_size, uint8_t *key,
@@ -603,6 +647,9 @@ optiga_result optiga_set_trust_anchor(void) {
   return optiga_set_data_object(0xe0e8, false, TA_CERT, sizeof(TA_CERT));
 }
 
+/*
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#setobjectprotected
+ */
 optiga_result optiga_set_priv_key(uint16_t oid, const uint8_t priv_key[32]) {
   uint8_t metadata_buffer[256] = {0};
   size_t metadata_size = 0;

diff --git a/core/embed/trezorhal/optiga/optiga_transport.c b/core/embed/trezorhal/optiga/optiga_transport.c
@@ -17,6 +17,11 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+/*
+ * Reference manual:
+ * https://github.com/Infineon/optiga-trust-m/blob/develop/documents/Infineon_I2C_Protocol_v2.03.pdf
+ */
+
 #include "optiga_transport.h"
 #include <string.h>
 #include "common.h"