Skip to content

move initialization code out of verify function #1713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
benma merged 1 commit into from
Dec 16, 2025
Merged

move initialization code out of verify function #1713

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 33 additions & 24 deletions src/optiga/optiga.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1433,30 +1433,11 @@ cleanup: {
}
}

static int _verify_config(void)
#if VERIFY_METADATA == 1
static int _verify_metadata_config(void)
{
int res;

OPTIGA_UTIL_SET_COMMS_PROTOCOL_VERSION(_util, OPTIGA_COMMS_PROTOCOL_VERSION_PRE_SHARED_SECRET);
OPTIGA_CRYPT_SET_COMMS_PROTOCOL_VERSION(
_crypt, OPTIGA_COMMS_PROTOCOL_VERSION_PRE_SHARED_SECRET);

// Verify shielded connection is active.
if (_crypt->protection_level != OPTIGA_COMMS_FULL_PROTECTION) {
util_log("crypt protection level expected to be FULL");
return SC_ERR_CONFIG_MISMATCH;
}
if (_util->protection_level != OPTIGA_COMMS_FULL_PROTECTION) {
util_log("util protection level expected to be FULL");
return SC_ERR_CONFIG_MISMATCH;
}

res = _optiga_util_open_application_sync(_util, 0);
if (res) {
return res;
}

#if VERIFY_METADATA == 1
// Verify metadata tags are setup as expected.
{
const uint8_t check_tags[] = {0xC0, 0xD0, 0xD1, 0xD3, 0xE8};
Expand Down Expand Up @@ -1571,9 +1552,9 @@ static int _verify_config(void)
return res;
}
}
#endif
return 0;
}
#endif

int optiga_setup(const securechip_interface_functions_t* ifs)
{
Expand All @@ -1588,8 +1569,10 @@ int optiga_setup(const securechip_interface_functions_t* ifs)
// event loop
pal_timer_init();

int res;

#if FACTORYSETUP == 1 || FACTORY_DURING_PROD == 1
int res = _factory_setup();
res = _factory_setup();
if (res) {
util_log("factory setup failed");
return res;
Expand All @@ -1606,7 +1589,33 @@ int optiga_setup(const securechip_interface_functions_t* ifs)
return SC_OPTIGA_ERR_CREATE;
}

return _verify_config();
OPTIGA_UTIL_SET_COMMS_PROTOCOL_VERSION(_util, OPTIGA_COMMS_PROTOCOL_VERSION_PRE_SHARED_SECRET);
OPTIGA_CRYPT_SET_COMMS_PROTOCOL_VERSION(
_crypt, OPTIGA_COMMS_PROTOCOL_VERSION_PRE_SHARED_SECRET);

// Verify shielded connection is active.
if (_crypt->protection_level != OPTIGA_COMMS_FULL_PROTECTION) {
util_log("crypt protection level expected to be FULL");
return SC_ERR_CONFIG_MISMATCH;
}
if (_util->protection_level != OPTIGA_COMMS_FULL_PROTECTION) {
util_log("util protection level expected to be FULL");
return SC_ERR_CONFIG_MISMATCH;
}

res = _optiga_util_open_application_sync(_util, 0);
if (res) {
return res;
}

#if VERIFY_METADATA == 1
res = _verify_metadata_config();
if (res) {
return res;
}
#endif

return 0;
}

int optiga_kdf_external(const uint8_t* msg, size_t len, uint8_t* mac_out)
Expand Down