Add TLV library and PKI helper

Author: fbeutin-ledger

lib_standard_app/ledger_pki.c

@@ -0,0 +1,50 @@
+#include "os_types.h"
+#include "os_pki.h"
+#include "ledger_pki.h"
+
+check_signature_with_pki_status_t check_signature_with_pki(const buffer_t hash,
+                                                           uint8_t expected_key_usage,
+                                                           cx_curve_t expected_curve,
+                                                           const buffer_t signature) {
+    uint8_t key_usage = 0;
+    size_t certificate_name_len = 0;
+    uint8_t certificate_name[CERTIFICATE_TRUSTED_NAME_MAXLEN] = {0};
+    cx_ecfp_384_public_key_t public_key = {0};
+    bolos_err_t bolos_err;
+
+    bolos_err = os_pki_get_info(&key_usage, certificate_name, &certificate_name_len, &public_key);
+    if (bolos_err != 0x0000) {
+        PRINTF("Error %x while getting PKI certificate info\n", bolos_err);
+        return CHECK_SIGNATURE_WITH_PKI_MISSING_CERTIFICATE;
+    }
+
+    if (key_usage != expected_key_usage) {
+        PRINTF("Wrong usage certificate %d, expected %d\n", key_usage, expected_key_usage);
+        return CHECK_SIGNATURE_WITH_PKI_WRONG_CERTIFICATE_USAGE;
+    }
+
+    if (public_key.curve != expected_curve) {
+        PRINTF("Wrong curve %d, expected %d\n", public_key.curve, expected_curve);
+        return CHECK_SIGNATURE_WITH_PKI_WRONG_CERTIFICATE_CURVE;
+    }
+
+    PRINTF("Certificate '%s' loaded with success\n", certificate_name);
+
+    // Checking the signature with PKI
+    if (!os_pki_verify((uint8_t *) hash.ptr,
+                       hash.size,
+                       (uint8_t *) signature.ptr,
+                       signature.size)) {
+        PRINTF("Error, '%.*H' is not a signature of hash '%.*H' by the PKI key '%.*H'\n",
+               signature.size,
+               signature.ptr,
+               hash.size,
+               hash.ptr,
+               sizeof(public_key),
+               &public_key);
+        return CHECK_SIGNATURE_WITH_PKI_WRONG_SIGNATURE;
+    }
+
+    PRINTF("Signature verified successfully\n");
+    return CHECK_SIGNATURE_WITH_PKI_SUCCESS;
+}

lib_standard_app/ledger_pki.h

@@ -0,0 +1,21 @@
+#pragma once
+
+#include "os.h"
+#include "buffer.h"
+#include "cx.h"
+
+#define DER_SIGNATURE_MIN_SIZE 64  // Ed25519 size
+#define DER_SIGNATURE_MAX_SIZE 72  // ECDSA max size
+
+typedef enum check_signature_with_pki_status_e {
+    CHECK_SIGNATURE_WITH_PKI_SUCCESS = 0,
+    CHECK_SIGNATURE_WITH_PKI_MISSING_CERTIFICATE = 1,
+    CHECK_SIGNATURE_WITH_PKI_WRONG_CERTIFICATE_USAGE = 2,
+    CHECK_SIGNATURE_WITH_PKI_WRONG_CERTIFICATE_CURVE = 3,
+    CHECK_SIGNATURE_WITH_PKI_WRONG_SIGNATURE = 4,
+} check_signature_with_pki_status_t;
+
+check_signature_with_pki_status_t check_signature_with_pki(const buffer_t hash,
+                                                           uint8_t expected_key_usage,
+                                                           cx_curve_t expected_curve,
+                                                           const buffer_t signature);

lib_standard_app/tlv/tlv_internals.h

@@ -0,0 +1,60 @@
+#pragma once
+
+#include <os.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include "buffer.h"
+
+// ─────────────────────────────────────────────────────────────────────────────
+// TLV X macros
+// Not intended for library users
+// ─────────────────────────────────────────────────────────────────────────────
+
+/**
+ * @brief Internal macro — assigns the tag's enum value.
+ * @note Do not use directly.
+ */
+#define __X_DEFINE_TLV__TAG_ASSIGN(value, name, callback, unicity) name = value,
+
+/**
+ * @brief Internal macro — creates an index enum for mapping tags to their order in the list.
+ * @note Do not use directly.
+ */
+#define __X_DEFINE_TLV__TAG_INDEX(value, name, callback, unicity) name##_INDEX,
+
+/**
+ * @brief Internal macro — creates a flag enum for mapping tags to their reception flag.
+ * @note Do not use directly.
+ */
+#define __X_DEFINE_TLV__TAG_FLAG(value, name, callback, unicity) name##_FLAG = (1U << name##_INDEX),
+
+/**
+ * @brief Internal macro — expands to a switch case that maps a tag to its flag.
+ * @note Do not use directly.
+ */
+#define __X_DEFINE_TLV__TAG_TO_FLAG_CASE(value, name, callback, unicity) \
+    case name:                                                           \
+        return name##_FLAG;
+
+/**
+ * @brief Internal macro — expands each tag into an _internal_tlv_handler_t array element
+ * @note Do not use directly.
+ */
+#define __X_DEFINE_TLV__TAG_CALLBACKS(value, name, callback, unicity) \
+    {.tag = name,                                                     \
+     .func = (tlv_handler_cb_t *) callback,                           \
+     .is_unique = (unicity == ENFORCE_UNIQUE_TAG)},
+
+// The generated TLV library will give the user a tag_to_flag function of the following type for
+// his TLV use case
+typedef uint32_t TLV_tag_t;
+typedef uint64_t TLV_flag_t;
+typedef TLV_flag_t(tag_to_flag_function_t)(TLV_tag_t tag);
+
+// This structure is returned to the TLV parser caller and can be used in conjunction with the
+// associated helper functions to get the status of received tags.
+typedef struct {
+    TLV_flag_t flags;
+    tag_to_flag_function_t *tag_to_flag_function;
+} TLV_reception_internal_t;