The Infineon OPTIGA Trust E Command Library provides a high-level API to access cryptographic and security-related functions of a discrete Infineon OPTIGA Trust E hardware security module connected via I2C. The command library utilizes the Infineon I2C protocol to interface via I2C to the hardware module.
Device-specific configuration related to the Infineon I2C Protocol Stack can be configured in ifx_i2c_config.h
.
This function initializes the Infineon OPTIGA Trust E device and the host library.
The following code example shows how to initialize the OPTIGA Trust E command library:
This section explains the most relevant commands supported by the command library.
The function retrieves a cryptographic-quality random number from the Infineon OPTIGA Trust E device. This function can be used as entropy source for various security schemes. The buffer to store the random number needs to be allocated by the application. The length of the random number ranges from 8 to 256 bytes.
The following code example shows how to retrieve 16 random bytes from an OPTIGA Trust E:
The function retrieves the public X.509 certificate stored in the Infineon OPTIGA Trust E device. The certificate and the contained public key can be used to verify a signature from the device. In addition, the receiver of the certificate can verify the chain of trust by validating the issuer of the certificate and the issuer's signature on the certificate. The buffer to hold the certificate is allocated inside the command library, and is only valid until the next call to the command library.
The following code example shows how to retrieve the device certificate:
This feature can be used to implement authentication schemes based on the Elliptic Curve Digital Signature Algorithm (ECDSA). Therefore, the function optiga_sign() creates a signature, using the scheme previously selected with optiga_set_auth_scheme(). The buffer to hold the signature is allocated by the command library, and is only valid until the next call to the command library.
The following code example shows how to have an ECDSA signature calculated by the Infineon OPTIGA Trust E: