Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

OPTIGA™ Trust M: Metadata

sss_551
Moderator
Moderator 10 likes received First like received First question asked
Moderator

OPTIGA™ Trust M: Metadata

OPTIGA™ Trust M provides a number of user-related key and data objects. Each key or data object is identified by its unique Object Identifier (OID) and each object has an associated metadata. Metadata is expressed through various constructed tag-length-value (TLV) objects. Table 1 shows the available tags and access conditions for the objects that are defined in the metadata. The description of each tag is given below.

Table 1 Metadata associated with data and key objects

Tag

Structure definition

Execute

Read

Change

0x20

Metadata constructed TLV object

N.A.

N.A.

Always

0xC0

Life Cycle State of the data or key object (LcsO)

N.A.

Always

Always

0xC1

Version information

N.A.

LcsO<op

Always

0xC4

Maximum size of the data or key object

N.A.

NEV

Always

0xC5

Used size of the data object

N.A.

Auto

Always

0xD0

Change Access Condition descriptor

N.A.

LcsO<op

Always

0xD1

Read Access Condition descriptor

N.A.

LcsO<op

Always

0xD3

Execute Access Condition descriptor

N.A.

LcsO<op

Always

0xD8

Metadata Update descriptor

N.A.

LcsO<op

Always

0xE0

Algorithm associated with key container

N.A.

auto

Always

0xE1

Key usage associated with key container

N.A.

LcsO<op

Always

0xE8

Data object Type

N.A.

LcsO<op

Always

0xF0

(Factory) Reset Type

N.A.

LcsO<op

Always

 

0x20:

This indicates the start of the metadata.

0xC0:

This indicates the lifecycle status of the object. As shown in Table 2, the four primary states support flexible management of the lifecycle. The four primary states progress only in one direction: from a lower value to a higher value. For example, from initialization (in) to operational (op) state, not vice versa.

The access conditions of the regarded data object are considered as operational (op) and cannot be changed when LcsO is absent.

Table 2 Lifecycle status

Value

Description

00000001

Creation

00000011

Initialization

00000111

Operational

00001111

Termination

 

0xC1:

This indicates version information of the data or key object. 15 bits represents the version and the MSB bit indicates whether the object is valid or invalid. For example, the object is invalid when MSB = 1 and valid when MSB = 0. The default version is 0x0000, when the version tag is absent.

0xC4:

This indicates the maximum size of the data object which is fixed.

0xC5:

This indicates the used size of the data object. The used length gets updated automatically whenever the object data changes. The used size is maximum, when the used size (Tag 0xC5) is absent.

0xD0:

This indicates the conditions in which the data in the object can be changed. During the integrity protected update, the signature associated with the metadata in the manifest must be verified with the addressed trust anchor that stores the corresponding public key. During the confidentiality protected update, the manifest is encrypted by using AES.

During the protected update with both integrity and confidentiality, the access conditions are combined using AND operator. For example, it can be expressed as follows:

Tag

Length

Value

0xD0

0x07

0x20

0xF1

0xD0

0xFD

0x21

0xE0

0xE8

 

 

Confidentiality

Shared secret

AND

Integrity

Public key certificate

 

0xD1:

This indicates the conditions when the data in the object can be read.

0xD3: 

This indicates the conditions when operations such as signature verification and signature generation of the object can be executed.

0xD8:

This tag defines the condition under which the metadata update is permitted. For example, it can be expressed in the following table:

Tag

Length

Value

0xD8

0x03

0x21

0xE0

0xE8

 

 

Integrity

Public key certificate

 

During the update of the object metadata, the signature associated with the metadata update must be verified with the addressed trust anchor. For example, 0xE0E8 and the associated (Factory) Reset Type (0xF0) gets applied before the metadata is newly set.

In case no (Factory) Reset Type is given by the current metadata, the update will fail.

0xE0:

This tag gives the algorithm identifier supported by the OPTIGA™ Trust M. The different algorithm identifiers supported are given in Table 3.

Table 3 Algorithm identifier

Value

Description

0x03

Elliptic Curve Key on NIST P256 curve

0x04

Elliptic Curve Key on NIST P384 curve

0x05

Elliptic Curve Key on NIST P521 curve

0x13

Elliptic Curve Key on Brainpool P256 r1 curve

0x15

Elliptic Curve Key on Brainpool P384 r1 curve

0x16

Elliptic Curve Key on Brainpool P512r1 curve

0x41

RSA Key 1024 bits exponential format

0x42

RSA Key 2048 bits exponential format

0x81

AES key with 128 bits

0x82

AES key with 192 bits

0x83

AES key with 256 bits

0xE2

SHA 256

 

0xE1:

This tag specifies the different key usage supported by the OPTIGA™ Trust M. The key usage identifiers supported by the OPTIGA™ Trust M are provided in the Table 4.

Table 4 Key usage Identifiers

Value

Description

0x01

Authentication

0x02

Encryption, Decryption, Key Transport

0x10

Signature Calculation / Verification

0x20

Key Agreement

 

0xE8:

This tag specifies the data object type. Different data object types and their corresponding values are provided in the Table 5.

Table 5 Data object types

Value

Description

0x00

The Byte String data object type is represented by a sequence of bytes, which are addressed by offset and length.

0x01

The Up-counter data type implements a counter with a current value which can only be increased and a threshold terminating the counter.

0x11

The Trust Anchor data type contains a single X.509 certificate which is used in various commands requiring a root of trust.

0x12

The Device Identity data type contains a single X.509 certificate or a chain of certificates such as TLS, and USB-Type C which was issued to vouch for the cryptographic identity of the end-device.

0x21

The Pre-shared Secret contains a binary data string which makes up a pre-shared secret for various purposes, for example, FW-decryption.

0x22

The Platform Binding contains a binary data string which makes up a pre-shared secret for platform binding. For example, used for OPTIGA™ Shielded Connection.

0x23

The Protected Update Secret contains a binary data string which makes up a pre-shared secret for confidentiality protected update of data or key objects. The maximum length is limited to 64 bytes, even if the hosting data object has a higher maximum length.

0x31

The Authorization Reference contains a binary data string which makes up a reference value for verifying an external entity authorization.

 

0xF0:

This tag defines what happens with the object data in case of updating the metadata. Table 75 in the Solution reference manual gives different values for the Metadata Update Identifier.

Metadata sample for commonly used access conditions with inference is given in the following table:

Tags

Conditions

Inference

0x20, 0x11

TL metadata TLV-Object

Start of metadata object

0xC0, 0x01, 0x03

TLV LcsO = in

Lifecycle status of the object is in initialization state

0xC4, 0x01, 0x8C

TLV max size = 140

Maximum size that object can use is 140 bytes

0xC5, 0x01, 0x0A

TLV used size = 10

Occupied size is 10 bytes

0xD1, 0x01, 0x00

TLV Read = ALW

Reading the data in the object is always

0xD0, 0x03, 0xE1, 0xFC, 0x07

TLV Change = LcsO < op

Writing to object is possible only if LcsO is less than 7

 

Note: In case any access condition is absent, the regarded access condition is defined as NEV(Never).