Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
mtb-example-optiga-data-management/protected_update_data_set/README.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
115 lines (100 sloc)
6.17 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Protected Update Dataset generation Tool | |
## Usage | |
`protected_update_data_set.exe input1=<value> input2=<value>` | |
``` | |
Tool Version : 3.00.2490 | |
Info : Default values are set | |
Usage : <.exe> input1=<value> input2=<value> .. | |
(1) : To create manifest , provide the following details | |
payload_version default : 0 | |
note : Input is a decimal string.E.g. 10 | |
trust_anchor_oid default : E0E8 | |
note : Input is a hexadecimal string.E.g. E0E8 | |
target_oid default : E0E2 | |
note : Input is a hexadecimal string.E.g. E0E2 | |
couid default : (null) | |
note : Unicast gets enabled if "couid" is provided otherwise it is broadcast. | |
: Input is a hexadecimal string.E.g. A1DE34 | |
sign_algo default : ES_256 | |
options : ES_256 , RSA-SSA-PKCS1-V1_5-SHA-256 | |
priv_key default : (null) | |
options : private key file (pem format) | |
note : Refer : samples/integrity/sample_ec_256_priv.pem | |
digest_algo default : SHA256 | |
options : SHA256 | |
payload_type default : data | |
options : data , key , metadata | |
(2) : To enable confidentiality,"secret" must be provided (All other options are ignored if there is no confidentiality) | |
secret default : (null) | |
options : Text file containing shared secret as hexadecimal string | |
note : Refer : samples/confidentiality/secret.txt | |
secret_oid default : F1D0 | |
note : Input is a hexadecimal string.E.g. F1D0 | |
label default : Confidentiality | |
note : Input is a string.E.g. Confidentiality | |
enc_algo default : AES-CCM-16-64-128 | |
options : AES-CCM-16-64-128 | |
kdf default : IFX_KDF-TLS12_PRF_SHA256 | |
options : IFX_KDF-TLS12_PRF_SHA256 | |
seed_length default : 64 | |
note : Input is a decimal string.E.g. 64 | |
(3.1) : To update data object, "payload_type" should be "data" and provide the following details: | |
offset default : 0 | |
write_type default : 2 | |
options : Write (1), EraseAndWrite (2) | |
data default : (null) | |
note : Input is a text file with hexadecimal or ascii string content | |
in_data_format default : hex | |
options : hex , ascii | |
note : Refer : samples/payload/data/ascii_data.txt for input_data_format=ascii | |
: Refer : samples/payload/data/hex_data.txt for input_data_format=hex | |
(3.2) : To update key object, "payload_type" should be "key" and provide the following details: | |
key_usage default : 02 | |
options : AUTH (0x01) , ENC (0x02) , SIGN (0x10) , KEY_AGREE (0x20) | |
note : Input is a hexadecimal string.E.g. E3 | |
: The values in "options" can be bitwise ORED and provided ( Refer SRM ) | |
key_algo default : | |
options : ECC-NIST-P-256 (3) , ECC-NIST-P-384 (4), ECC-NIST-P-521 (5), ECC-BRAINPOOL-P-256-R1 (19) , ECC-BRAINPOOL-P-384-R1 (21), ECC-BRAINPOOL-P-512-R1 (22), RSA-1024-Exp (65) , RSA-2048-Exp (66), AES-128 (129), AES-192 (129), AES-256 (131) | |
note : Input is a decimal string.E.g. 129 | |
key_data default : (null) | |
options : ECC / RSA key in .pem format or AES key in txt file as hexadecimal string | |
note : Refer : samples/payload/key/sample_ec_256_priv.pem for ECC or RSA key | |
: Refer : samples/payload/key/aes_key.txt for AES key | |
(3.3) : To update metadata object, "payload_type" should be "metadata" and provide the following details: | |
content_reset default : 0 | |
options : As per metadata identifier flag (0), Zeroes (1), Random (2) | |
metadata default : (null) | |
note : Input is a txt file as hexadecimal string | |
(4) : To write dataset to file, "dataset_to_file" should be the file path | |
dataset_to_file default : (null) | |
options : Provide the filename for output dataset to be stored | |
``` | |
## Sample | |
A sample script demonstrating the usage of the tool is available in `..\samples\sample.bat` | |
## Limitations | |
* Only SHA-256 digest algorithm is supported for hash calculation | |
* Manifest version number is 1 | |
## Environment | |
* The available executable is built using microsoft visual studio 2010 in windows 10 (64 bit) | |
* Install Microsoft Visual C++ 2010 x86 redistributable (vcredist_x86.exe) package to execute application on machine which does not have Visual Studio. | |
* mbedTLS 2.16.0 is used for crypto operation. | |
* The following MACRO must be disabled/ enabled when using mbedTLS for this tool. | |
1. Enable : | |
MBEDTLS_FS_IO | |
MBEDTLS_PEM_PARSE_C | |
MBEDTLS_BASE64_C | |
MBEDTLS_ECDSA_DETERMINISTIC | |
MBEDTLS_HMAC_DRBG_C | |
MBEDTLS_ECDSA_DETERMINISTIC_DEBUG | |
MBEDTLS_RSA_C | |
MBEDTLS_PKCS1_V15 | |
MBEDTLS_PK_RSA_ALT_SUPPORT | |
MBEDTLS_TIMING_C | |
MBEDTLS_ENTROPY_C | |
MBEDTLS_CTR_DRBG_C | |
MBEDTLS_ECP_DP_SECP256R1_ENABLED | |
MBEDTLS_ECP_DP_SECP384R1_ENABLED | |
MBEDTLS_ECP_DP_SECP521R1_ENABLED | |
MBEDTLS_ECP_DP_BP256R1_ENABLED | |
MBEDTLS_ECP_DP_BP384R1_ENABLED | |
MBEDTLS_ECP_DP_BP512R1_ENABLED |