Infineon OPTIGA(TM) Trust X crypt module APIs. More...
Data Structures | |
struct | optiga_hash_context |
To specify the hash context information. More... | |
struct | hash_data_from_host |
To specify the data coming from the host for hashing. More... | |
struct | hash_data_in_optiga |
To specify the data object for hashing. More... | |
struct | public_key_from_host |
To specifiy the Public Key details (key, size and algorithm) More... | |
struct | key_from_opitga |
To specify the OID which holds the shared secret. More... | |
Macros | |
#define | OPTIGA_CRYPT_SUCCESS (0x0000) |
OPTIGA crypt API execution is successful. More... | |
#define | OPTIGA_CRYPT_BUSY (0x0001) |
OPTIGA crypt module in busy state. | |
#define | OPTIGA_CRYPT_ERROR (0x0402) |
OPTIGA crypt API failed. | |
#define | OPTIGA_CRYPT_ERROR_INVALID_INPUT (0x0403) |
OPTIGA crypt API called with invalid inputs. | |
#define | OPTIGA_CRYPT_ERROR_MEMORY_INSUFFICIENT (0x0404) |
OPTIGA crypt API called with insufficient memory buffer. | |
#define | OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE (0x0405) |
OPTIGA crypt API called when, a request of same instance is already in service. | |
#define | OPTIGA_CRYPT_HOST_DATA (0x01) |
Data is provided by host. | |
#define | OPTIGA_CRYPT_OID_DATA (0x00) |
Data in internal to optiga OID. | |
Typedefs | |
typedef enum optiga_key_id | optiga_key_id_t |
Typedef for Key IDs The KEY_STORE_ID_xxx holds only private key. More... | |
typedef enum optiga_rng_types | optiga_rng_types_t |
typedef enum optiga_ecc_curve | optiga_ecc_curve_t |
typedef enum optiga_key_usage | optiga_key_usage_t |
typedef struct optiga_hash_context | optiga_hash_context_t |
To specify the hash context information. | |
typedef enum optiga_hash_type | optiga_hash_type_t |
Specifies the hashing algorithm type in OPTIGA. | |
typedef struct hash_data_from_host | hash_data_from_host_t |
To specify the data coming from the host for hashing. | |
typedef struct hash_data_in_optiga | hash_data_in_optiga_t |
To specify the data object for hashing. | |
typedef struct public_key_from_host | public_key_from_host_t |
To specifiy the Public Key details (key, size and algorithm) | |
typedef struct key_from_opitga | optiga_shared_secret_t |
To specify the OID which holds the shared secret. | |
Enumerations | |
enum | optiga_key_id { OPTIGA_KEY_STORE_ID_E0F0 = 0xE0F0, OPTIGA_KEY_STORE_ID_E0F1 = 0xE0F1, OPTIGA_KEY_STORE_ID_E0F2 = 0xE0F2, OPTIGA_KEY_STORE_ID_E0F3 = 0xE0F3, OPTIGA_SESSION_ID_E100 = 0xE100, OPTIGA_SESSION_ID_E101 = 0xE101, OPTIGA_SESSION_ID_E102 = 0xE102, OPTIGA_SESSION_ID_E103 = 0xE103 } |
Typedef for Key IDs The KEY_STORE_ID_xxx holds only private key. More... | |
enum | optiga_rng_types { OPTIGA_RNG_TYPE_TRNG = 0x00, OPTIGA_RNG_TYPE_DRNG = 0x01 } |
enum | optiga_ecc_curve { OPTIGA_ECC_NIST_P_256 = 0x03, OPTIGA_ECC_NIST_P_384 = 0x04 } |
enum | optiga_key_usage { OPTIGA_KEY_USAGE_AUTHENTICATION = 0x01, OPTIGA_KEY_USAGE_SIGN = 0x10, OPTIGA_KEY_USAGE_KEY_AGREEMENT = 0x20 } |
enum | optiga_hash_type { OPTIGA_HASH_TYPE_SHA_256 = 0xE2 } |
Specifies the hashing algorithm type in OPTIGA. More... | |
Functions | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_random (optiga_rng_types_t rng_type, uint8_t *random_data, uint16_t random_data_length) |
Generates a random number. More... | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_hash_start (optiga_hash_context_t *hash_ctx) |
Initializes a hash context. More... | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_hash_update (optiga_hash_context_t *hash_ctx, uint8_t source_of_data_to_hash, void *data_to_hash) |
Updates a hash context with the input data. More... | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_hash_finalize (optiga_hash_context_t *hash_ctx, uint8_t *hash_output) |
Finalizes and exports the hash output. More... | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_ecc_generate_keypair (optiga_ecc_curve_t curve_id, uint8_t key_usage, bool_t export_private_key, void *private_key, uint8_t *public_key, uint16_t *public_key_length) |
Generates an key pair based on ECC curves. More... | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_ecdsa_sign (uint8_t *digest, uint8_t digest_length, optiga_key_id_t private_key, uint8_t *signature, uint16_t *signature_length) |
Generates a signature for the given digest. More... | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_ecdsa_verify (uint8_t *digest, uint8_t digest_length, uint8_t *signature, uint16_t signature_length, uint8_t public_key_source_type, void *public_key) |
Verifies the signature over the given digest. More... | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_ecdh (optiga_key_id_t private_key, public_key_from_host_t *public_key, bool_t export_to_host, uint8_t *shared_secret) |
Calculates the shared secret using ECDH algorithm. More... | |
LIBRARY_EXPORTS optiga_lib_status_t | optiga_crypt_tls_prf_sha256 (uint16_t secret, uint8_t *label, uint16_t label_length, uint8_t *seed, uint16_t seed_length, uint16_t derived_key_length, bool_t export_to_host, uint8_t *derived_key) |
Derives a key. More... | |
Infineon OPTIGA(TM) Trust X crypt module APIs.
#define OPTIGA_CRYPT_SUCCESS (0x0000) |
OPTIGA crypt API execution is successful.
OPTIGA crypt module return values
typedef enum optiga_key_id optiga_key_id_t |
Typedef for Key IDs The KEY_STORE_ID_xxx holds only private key.
The SESSION_ID_xxx can hold private key, premaster secret(ECDH) and master secret(PRF). But only one at a time.
typedef enum optiga_rng_types optiga_rng_types_t |
OPTIGA Random Generation types
enum optiga_hash_type |
enum optiga_key_id |
Typedef for Key IDs The KEY_STORE_ID_xxx holds only private key.
The SESSION_ID_xxx can hold private key, premaster secret(ECDH) and master secret(PRF). But only one at a time.
enum optiga_key_usage |
enum optiga_rng_types |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_ecc_generate_keypair | ( | optiga_ecc_curve_t | curve_id, |
uint8_t | key_usage, | ||
bool_t | export_private_key, | ||
void * | private_key, | ||
uint8_t * | public_key, | ||
uint16_t * | public_key_length | ||
) |
Generates an key pair based on ECC curves.
Generates an ECC key-pair based on the type of the key.
Pre Conditions:
API Details:
Notes:
[in] | curve_id | ECC curve id. |
[in] | key_usage | Key usage defined by optiga_key_usage_t.
|
[in] | export_private_key | TRUE (1) - Exports both private key and public key to the host. FALSE (0) - Exports only public key to the host. The input key_usage is ignored. |
[in] | private_key | Buffer to store private key or private key OID of OPTIGA, must not be NULL.
|
[in,out] | public_key | Buffer to store public key, must not be NULL. |
[in] | public_key_length | Initially set as length of public_key, later updated as actual length of public_key. |
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_ecdh | ( | optiga_key_id_t | private_key, |
public_key_from_host_t * | public_key, | ||
bool_t | export_to_host, | ||
uint8_t * | shared_secret | ||
) |
Calculates the shared secret using ECDH algorithm.
Calculates the shared secret using ECDH algorithm.
Pre Conditions:
API Details:
Notes:
[in] | private_key | Object ID of the private key stored in OPTIGA.
|
[in] | public_key | Pointer to the public key structure for shared secret generation with its properties, must not be NULL.
|
[in] | export_to_host | TRUE (1) - Exports the generated shared secret to Host. FALSE (0) - Stores the generated shared secret into the session object ID acquired by the instance. |
[in,out] | shared_secret | Pointer to the shared secret buffer, only if export_to_host is TRUE. Otherwise supply NULL as input. |
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_ecdsa_sign | ( | uint8_t * | digest, |
uint8_t | digest_length, | ||
optiga_key_id_t | private_key, | ||
uint8_t * | signature, | ||
uint16_t * | signature_length | ||
) |
Generates a signature for the given digest.
Generates a signature for the given digest using private key stored in OPTIGA.
Pre Conditions:
API Details:
Notes:
[in] | digest | Digest on which signature is generated. |
[in] | digest_length | Length of the input digest. |
[in] | private_key | Private key OID to generate signature. |
[in,out] | signature | Generated signature, must not be NULL.
|
[in] | signature_length | Length of signature.Intial value set as length of buffer, later updated as the actual length of generated signature. |
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_ecdsa_verify | ( | uint8_t * | digest, |
uint8_t | digest_length, | ||
uint8_t * | signature, | ||
uint16_t | signature_length, | ||
uint8_t | public_key_source_type, | ||
void * | public_key | ||
) |
Verifies the signature over the given digest.
Verifies the signature over a given digest provided with the input data.
Pre Conditions:
API Details:
Notes:
[in] | digest | Pointer to a given digest buffer, must not be NULL. |
[in] | digest_length | Length of digest |
[in] | signature | Pointer to a given signature buffer, must not be NULL. |
[in] | signature_length | Length of signature |
[in] | public_key_source_type | Public key from host / public key of certificate OID from OPTIGA. Value must be one of the below
|
[in] | public_key | Public key from host / public key of certificate OID. Value must be one of the below
|
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_hash_finalize | ( | optiga_hash_context_t * | hash_ctx, |
uint8_t * | hash_output | ||
) |
Finalizes and exports the hash output.
Finalizes the hash context and returns hash as output.
Pre Conditions:
API Details:
Notes:
[in] | hash_ctx | Pointer to optiga_hash_context_t containing hash context from OPTIGA, must not be NULL |
[in,out] | hash_output | Output Hash |
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_hash_start | ( | optiga_hash_context_t * | hash_ctx | ) |
Initializes a hash context.
Sets up a hash context and exports it.
Pre Conditions:
API Details:
Notes:
[in,out] | hash_ctx | Pointer to optiga_hash_context_t to store the hash context from OPTIGA
|
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_hash_update | ( | optiga_hash_context_t * | hash_ctx, |
uint8_t | source_of_data_to_hash, | ||
void * | data_to_hash | ||
) |
Updates a hash context with the input data.
Updates hashing for the given data and hash context then export the updated hash context.
Pre Conditions:
API Details:
Notes:
[in] | hash_ctx | Pointer to optiga_hash_context_t containing hash context from OPTIGA, must not be NULL |
[in] | source_of_data_to_hash | Data from host / Data in optiga. Must be one of the below
|
[in] | data_to_hash | Data for hashing either in hash_data_from_host or in hash_data_in_optiga |
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_random | ( | optiga_rng_types_t | rng_type, |
uint8_t * | random_data, | ||
uint16_t | random_data_length | ||
) |
Generates a random number.
Generates the requested random stream of data for the user provided length.
Pre Conditions:
API Details:
Notes:
[in] | rng_type | Type of random data generator.
|
[in,out] | random_data | Pointer to the buffer into which random data is stored, must not be NULL. |
[in] | random_data_length | Length of random data to be generated.
|
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |
LIBRARY_EXPORTS optiga_lib_status_t optiga_crypt_tls_prf_sha256 | ( | uint16_t | secret, |
uint8_t * | label, | ||
uint16_t | label_length, | ||
uint8_t * | seed, | ||
uint16_t | seed_length, | ||
uint16_t | derived_key_length, | ||
bool_t | export_to_host, | ||
uint8_t * | derived_key | ||
) |
Derives a key.
Derives a key using the secret stored in OPTIGA.
Pre Conditions:
API Details:
Notes:
[in] | secret | Object ID of the secret stored in OPTIGA.
|
[in] | label | Pointer to the label, can be NULL if not applicable. |
[in] | label_length | Length of the label. |
[in] | seed | Valid pointer to the seed, must not be NULL. |
[in] | seed_length | Length of the seed. |
[in] | derived_key_length | Length of derived key. |
[in] | export_to_host | TRUE (1) - Exports the derived key to Host. FALSE (0) - Stores the derived key into the session object ID acquired by the instance. |
[in,out] | derived_key | Pointer to the valid buffer with a minimum size of derived_key_length, in case of exporting the key to host(export_to_host= TRUE). Otherwise set to NULL. |
OPTIGA_CRYPT_SUCCESS | Successful invocation of optiga cmd module |
OPTIGA_CRYPT_ERROR_INVALID_INPUT | Wrong Input arguments provided |
OPTIGA_CRYPT_ERROR_INSTANCE_IN_USE | Same instance with ongoing request servicing is used |
OPTIGA_DEVICE_ERROR | Command execution failure in OPTIGA and the LSB indicates the error code.(Refer Solution Reference Manual) |