optiga_lib_common.h

Go to the documentation of this file.

 
#ifndef _OPTIGA_LIB_COMMON_H_
#define _OPTIGA_LIB_COMMON_H_
 
#ifdef __cplusplus
extern "C" {
#endif
 
#include "optiga/optiga_lib_config.h"
#include "optiga/common/optiga_lib_types.h"
#include "optiga/common/optiga_lib_return_codes.h"
 
#define OPTIGA_INSTANCE_ID_0                              (0x00)
 
#define OPTIGA_COMMS_NO_PROTECTION                        (0x00)
 
#define OPTIGA_COMMS_COMMAND_PROTECTION                   (0x01)
 
#define OPTIGA_COMMS_RESPONSE_PROTECTION                  (0x02)
 
#define OPTIGA_COMMS_FULL_PROTECTION                      (0x03)
 
#define OPTIGA_COMMS_RE_ESTABLISH                         (0x80)
 
#define OPTIGA_COMMS_PROTOCOL_VERSION_PRE_SHARED_SECRET   (0x01)
 
#define OPTIGA_CRYPT_HOST_DATA                            (0x01)
 
#define OPTIGA_CRYPT_OID_DATA                             (0x00)
 
#define OPTIGA_LIB_INSTANCE_BUSY                          (0x0001)
 
#define OPTIGA_LIB_INSTANCE_FREE                          (0x0000)
 
#ifdef OPTIGA_COMMS_SHIELDED_CONNECTION
 
#define OPTIGA_COMMS_PROTECTION_LEVEL                     (0x01)
 
#define OPTIGA_COMMS_PROTOCOL_VERSION                     (0x02)
#endif
 
typedef enum optiga_key_id
{
    OPTIGA_KEY_ID_E0F0 = 0xE0F0,
    OPTIGA_KEY_ID_E0F1 = 0xE0F1,
    OPTIGA_KEY_ID_E0F2 = 0xE0F2,
    OPTIGA_KEY_ID_E0F3 = 0xE0F3,
    OPTIGA_KEY_ID_E0FC = 0xE0FC,
    OPTIGA_KEY_ID_E0FD = 0xE0FD,
    OPTIGA_KEY_ID_SESSION_BASED = 0x0000,
#ifdef OPTIGA_CRYPT_SYM_GENERATE_KEY_ENABLED
    OPTIGA_KEY_ID_SECRET_BASED = 0xE200
#endif    
} optiga_key_id_t;
 
typedef enum optiga_key_usage
{
    OPTIGA_KEY_USAGE_AUTHENTICATION = 0x01,
    OPTIGA_KEY_USAGE_SIGN = 0x10,
    OPTIGA_KEY_USAGE_KEY_AGREEMENT = 0x20,
    OPTIGA_KEY_USAGE_ENCRYPTION = 0x02,
} optiga_key_usage_t;
 
typedef enum optiga_set_obj_protected_tag
{
    OPTIGA_SET_PROTECTED_UPDATE_START = 0x00,
    OPTIGA_SET_PROTECTED_UPDATE_CONTINUE = 0x02,
    OPTIGA_SET_PROTECTED_UPDATE_FINAL = 0x01
} optiga_set_obj_protected_tag_t;
 
typedef enum optiga_ecc_curve
{
    OPTIGA_ECC_CURVE_NIST_P_256 = 0x03,
    OPTIGA_ECC_CURVE_NIST_P_384 = 0x04,
#ifdef OPTIGA_CRYPT_ECC_NIST_P_521_ENABLED    
    OPTIGA_ECC_CURVE_NIST_P_521 = 0x05,
#endif
#ifdef OPTIGA_CRYPT_ECC_BRAINPOOL_P_R1_ENABLED    
    OPTIGA_ECC_CURVE_BRAIN_POOL_P_256R1 = 0x13,
    OPTIGA_ECC_CURVE_BRAIN_POOL_P_384R1 = 0x15,
    OPTIGA_ECC_CURVE_BRAIN_POOL_P_512R1 = 0x16
#endif    
} optiga_ecc_curve_t;
 
typedef enum optiga_rsa_encryption_scheme
{
    OPTIGA_RSAES_PKCS1_V15 = 0x11
} optiga_rsa_encryption_scheme_t;
 
typedef enum optiga_rsa_key_type
{
    OPTIGA_RSA_KEY_1024_BIT_EXPONENTIAL = 0x41,
    OPTIGA_RSA_KEY_2048_BIT_EXPONENTIAL = 0x42
} optiga_rsa_key_type_t;
 
 
typedef enum optiga_rsa_signature_scheme
{
    OPTIGA_RSASSA_PKCS1_V15_SHA256 = 0x01,
    OPTIGA_RSASSA_PKCS1_V15_SHA384 = 0x02,
#ifdef OPTIGA_CRYPT_RSA_SSA_SHA512_ENABLED
    OPTIGA_RSASSA_PKCS1_V15_SHA512 = 0x03
#endif    
}optiga_rsa_signature_scheme_t;
 
#if defined (OPTIGA_CRYPT_SYM_ENCRYPT_ENABLED) || defined (OPTIGA_CRYPT_SYM_DECRYPT_ENABLED) || \
defined (OPTIGA_CRYPT_HMAC_ENABLED) || defined (OPTIGA_CRYPT_HMAC_VERIFY_ENABLED)
 
typedef enum optiga_symmetric_encryption_mode
{
    OPTIGA_SYMMETRIC_ECB = 0x08,
    OPTIGA_SYMMETRIC_CBC = 0x09,
    OPTIGA_SYMMETRIC_CBC_MAC = 0x0A,
    OPTIGA_SYMMETRIC_CMAC = 0x0B
}optiga_symmetric_encryption_mode_t;
#endif
 
typedef enum optiga_hash_type
{
    OPTIGA_HASH_TYPE_SHA_256 = 0xE2
} optiga_hash_type_t;
 
typedef enum optiga_hash_context_length
{
    OPTIGA_HASH_CONTEXT_LENGTH_SHA_256 = 209 
} optiga_hash_context_length_t; 
 
typedef enum optiga_rng_type
{
    OPTIGA_RNG_TYPE_TRNG = 0x00,
    OPTIGA_RNG_TYPE_DRNG = 0x01
} optiga_rng_type_t;
 
#ifdef OPTIGA_CRYPT_HMAC_ENABLED
 
typedef enum optiga_hmac_type
{
    OPTIGA_HMAC_SHA_256 = 0x20,
    OPTIGA_HMAC_SHA_384 = 0x21,
    OPTIGA_HMAC_SHA_512 = 0x22
}optiga_hmac_type_t;
#endif
 
#ifdef OPTIGA_CRYPT_HKDF_ENABLED
 
typedef enum optiga_hkdf_type
{
    OPTIGA_HKDF_SHA_256 = 0x08,
    OPTIGA_HKDF_SHA_384 = 0x09,
    OPTIGA_HKDF_SHA_512 = 0x0A
}optiga_hkdf_type_t;
#endif
 
typedef enum optiga_tls_prf_type
{
    OPTIGA_TLS12_PRF_SHA_256 = 0x01,
#ifdef OPTIGA_CRYPT_TLS_PRF_SHA384_ENABLED    
    OPTIGA_TLS12_PRF_SHA_384 = 0x02,
#endif
#ifdef OPTIGA_CRYPT_TLS_PRF_SHA512_ENABLED
    OPTIGA_TLS12_PRF_SHA_512 = 0x03
#endif    
}optiga_tls_prf_type_t;
 
#ifdef OPTIGA_CRYPT_SYM_GENERATE_KEY_ENABLED
 
typedef enum optiga_symmetric_key_type
{
    OPTIGA_SYMMETRIC_AES_128 = 0x81,
    OPTIGA_SYMMETRIC_AES_192 = 0x82,
    OPTIGA_SYMMETRIC_AES_256 = 0x83
}optiga_symmetric_key_type_t;
#endif
 
typedef struct optiga_hash_context
{
    uint8_t *context_buffer;
    uint16_t context_buffer_length;
    uint8_t hash_algo;
} optiga_hash_context_t;
 
typedef struct hash_data_from_host
{
    const uint8_t * buffer;
    uint32_t length;
} hash_data_from_host_t;
 
typedef struct hash_data_in_optiga
{
    uint16_t oid;
    uint16_t offset;
    uint16_t length;
} hash_data_in_optiga_t;
 
typedef struct public_key_from_host
{
    uint8_t * public_key;
    uint16_t length;
    uint8_t key_type;
} public_key_from_host_t;
 
typedef struct optiga_get_data_object
{
    uint16_t oid;
    uint16_t offset;
    uint16_t bytes_to_read;
    uint16_t accumulated_size;
    uint16_t last_read_size;
    uint8_t data_or_metadata;
    uint16_t * ref_bytes_to_read;
    uint8_t * buffer;
} optiga_get_data_object_params_t;
 
typedef struct optiga_set_data_object
{
    uint16_t oid;
    uint16_t offset;
    uint16_t size;
    uint16_t written_size;
    const uint8_t * buffer;
    uint8_t data_or_metadata;
    uint8_t write_type;
    uint8_t count;
} optiga_set_data_object_params_t;
 
typedef struct optiga_calc_hash
{
    hash_data_in_optiga_t * p_hash_oid;
    hash_data_from_host_t * p_hash_data;
    optiga_hash_context_t * p_hash_context;
    uint8_t hash_sequence;
    uint8_t current_hash_sequence;    
    uint32_t data_sent;
    uint8_t * p_out_digest;
    bool_t export_hash_ctx;
    uint32_t apparent_context_size;
} optiga_calc_hash_params_t;
 
 
typedef struct optiga_get_random
{
    uint16_t random_data_length;
    uint16_t optional_data_length; 
    uint8_t * random_data;
    const uint8_t * optional_data;
    bool_t store_in_session;
} optiga_get_random_params_t;
 
 
typedef struct optiga_gen_keypair
{
    uint8_t key_usage;
    bool_t export_private_key;
    optiga_key_id_t private_key_oid;
    uint8_t * private_key;
    uint16_t * private_key_length;
    uint8_t * public_key;
    uint16_t * public_key_length;
} optiga_gen_keypair_params_t;
 
typedef struct optiga_calc_sign
{
    const uint8_t * p_digest;
    uint8_t * p_signature;
    uint16_t * p_signature_length;
    optiga_key_id_t private_key_oid;
    uint8_t digest_length;
} optiga_calc_sign_params_t;
 
typedef struct optiga_verify_sign
{
    const uint8_t * p_digest;
    uint8_t digest_length;
    const uint8_t * p_signature;
    uint16_t signature_length;
    uint8_t public_key_source_type;
    public_key_from_host_t * public_key;
    uint16_t certificate_oid;
} optiga_verify_sign_params_t;
 
typedef struct optiga_calc_ssec
{
    public_key_from_host_t * public_key;
    uint8_t * shared_secret;
    optiga_key_id_t private_key;
    uint8_t export_to_host;
} optiga_calc_ssec_params_t;
 
typedef struct optiga_derive_key
{
    const uint8_t * random_data;
    const uint8_t * label;
    const uint8_t * info;    
    uint8_t * derived_key;
    uint16_t input_shared_secret_oid;
    uint16_t random_data_length;
    uint16_t label_length;
    uint16_t info_length;
    uint16_t derived_key_length;
}optiga_derive_key_params_t;
 
#if defined (OPTIGA_CRYPT_RSA_ENCRYPT_ENABLED) || defined (OPTIGA_CRYPT_RSA_DECRYPT_ENABLED)
 
typedef struct optiga_enc_dec_asym
{
    uint16_t message_length;
    uint16_t * processed_message_length;
    const uint8_t * message;
    uint8_t public_key_source_type;
    const void * key;
    uint8_t * processed_message;
    optiga_key_id_t private_key_id;
}optiga_encrypt_asym_params_t,optiga_decrypt_asym_params_t;
#endif
 
typedef struct optiga_set_object_protected_params
{
    const uint8_t * p_protected_update_buffer;
    uint16_t p_protected_update_buffer_length;
    optiga_set_obj_protected_tag_t set_obj_protected_tag;
    uint8_t manifest_version;
} optiga_set_object_protected_params_t;
 
#if defined (OPTIGA_CRYPT_SYM_ENCRYPT_ENABLED) || defined (OPTIGA_CRYPT_SYM_DECRYPT_ENABLED)
 
typedef struct optiga_symmetric_enc_dec_params
{
    uint16_t symmetric_key_oid;
    const uint8_t * in_data;
    uint32_t in_data_length;
    const uint8_t * iv;
    uint16_t iv_length;
    const uint8_t * associated_data;
    uint16_t associated_data_length;
    uint8_t * out_data;
    uint32_t * out_data_length;
    const uint8_t * generated_hmac;
    uint8_t  original_sequence;
    uint8_t  current_sequence;
    uint32_t sent_data_length;
    uint32_t received_data_length;
    uint16_t total_input_data_length;
    uint32_t generated_hmac_length;
    uint8_t mode;
    uint8_t operation_mode;
} optiga_encrypt_sym_params_t,optiga_decrypt_sym_params_t;
#endif
#ifdef OPTIGA_CRYPT_SYM_GENERATE_KEY_ENABLED
 
typedef struct optiga_gen_symkey_params
{
    uint8_t key_usage;
    bool_t export_symmetric_key;
    void * symmetric_key;
} optiga_gen_symkey_params_t;
#endif
 
uint32_t optiga_common_get_uint32(const uint8_t* p_input_buffer);
 
void optiga_common_set_uint16(uint8_t * p_output_buffer,
                              uint16_t two_byte_value);
 
void optiga_common_set_uint32(uint8_t* p_output_buffer,
                              uint32_t four_byte_value);
 
void optiga_common_get_uint16(const uint8_t * p_input_buffer,
                              uint16_t* p_two_byte_value);
 
#ifdef __cplusplus
}
#endif
 
#endif /*_OPTIGA_LIB_COMMON_H_ */