From 386528b67cf97cb12f83012a011a11cb1d87280f Mon Sep 17 00:00:00 2001 From: Niklas Dusenlund Date: Mon, 12 Feb 2024 12:23:20 +0100 Subject: [PATCH] rename securechip -> atecc A step towards making the securechip interface generic so other chips can be used instead of ATECC608. --- src/CMakeLists.txt | 8 +- .../securechip.c => atecc/atecc.c} | 151 ++++++++---------- .../securechip.h => atecc/atecc.h} | 69 ++++---- src/common_main.c | 6 +- src/factorysetup.c | 8 +- src/keystore.c | 10 +- src/random.c | 6 +- src/reset.c | 6 +- .../bitbox02-rust/src/hww/api/device_info.rs | 4 +- src/rust/bitbox02-sys/build.rs | 10 +- src/rust/bitbox02-sys/wrapper.h | 2 +- src/rust/bitbox02/src/securechip.rs | 10 +- src/u2f.c | 10 +- test/simulator/CMakeLists.txt | 2 +- .../{mock_securechip.c => mock_atecc.c} | 30 ++-- test/unit-test/CMakeLists.txt | 2 +- .../{mock_securechip.c => mock_atecc.c} | 30 ++-- test/unit-test/test_keystore.c | 2 +- test/unit-test/test_keystore_functional.c | 2 +- 19 files changed, 178 insertions(+), 190 deletions(-) rename src/{securechip/securechip.c => atecc/atecc.c} (82%) rename src/{securechip/securechip.h => atecc/atecc.h} (68%) rename test/simulator/framework/{mock_securechip.c => mock_atecc.c} (69%) rename test/unit-test/framework/{mock_securechip.c => mock_atecc.c} (69%) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 2680f4f47..e16195959 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -141,10 +141,10 @@ set(PLATFORM-BITBOX02-SOURCES ) set(PLATFORM-BITBOX02-SOURCES ${PLATFORM-BITBOX02-SOURCES} PARENT_SCOPE) -set(CRYPTOAUTHLIB-SOURCES - ${CMAKE_SOURCE_DIR}/src/securechip/securechip.c +set(SECURECHIP-SOURCES + ${CMAKE_SOURCE_DIR}/src/atecc/atecc.c ) -set(CRYPTOAUTHLIB-SOURCES ${CRYPTOAUTHLIB-SOURCES} PARENT_SCOPE) +set(SECURECHIP-SOURCES ${SECURECHIP-SOURCES} PARENT_SCOPE) set(FIRMWARE-DRIVER-SOURCES ${CMAKE_SOURCE_DIR}/src/usb/class/hid/u2f/hid_u2f.c @@ -179,7 +179,7 @@ set(FIRMWARE-SOURCES ${DBB-FIRMWARE-UI-SOURCES} ${FIRMWARE-DRIVER-SOURCES} ${DRIVER-SOURCES} - ${CRYPTOAUTHLIB-SOURCES} + ${SECURECHIP-SOURCES} ${CMAKE_SOURCE_DIR}/src/common_main.c ) diff --git a/src/securechip/securechip.c b/src/atecc/atecc.c similarity index 82% rename from src/securechip/securechip.c rename to src/atecc/atecc.c index 69b191d1f..52bf33b41 100644 --- a/src/securechip/securechip.c +++ b/src/atecc/atecc.c @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "securechip.h" +#include "atecc.h" #include "hardfault.h" #include #include @@ -27,16 +27,16 @@ #pragma GCC diagnostic pop typedef enum { - SECURECHIP_SLOT_IO_PROTECTION_KEY = 0, - SECURECHIP_SLOT_AUTHKEY = 1, - SECURECHIP_SLOT_ENCRYPTION_KEY = 2, - SECURECHIP_SLOT_ROLLKEY = 3, - SECURECHIP_SLOT_KDF = 4, - SECURECHIP_SLOT_ATTESTATION = 5, - SECURECHIP_SLOT_ECC_UNSAFE_SIGN = 6, - SECURECHIP_SLOT_DATA0 = 9, + ATECC_SLOT_IO_PROTECTION_KEY = 0, + ATECC_SLOT_AUTHKEY = 1, + ATECC_SLOT_ENCRYPTION_KEY = 2, + ATECC_SLOT_ROLLKEY = 3, + ATECC_SLOT_KDF = 4, + ATECC_SLOT_ATTESTATION = 5, + ATECC_SLOT_ECC_UNSAFE_SIGN = 6, + ATECC_SLOT_DATA0 = 9, // The other slots are currently not in use. -} securechip_slot_t; +} atecc_slot_t; // Chip Configuration, generated with "make generate-atecc608-config" // The first 16 bytes, as well as the LockValue/LockConfig can't be changed and are ignored when @@ -90,7 +90,7 @@ typedef union { #pragma GCC diagnostic pop -static const securechip_interface_functions_t* _interface_functions = NULL; +static const atecc_interface_functions_t* _interface_functions = NULL; /** \brief initialize an I2C interface using given config. * \param[in] hal - opaque ptr to HAL data @@ -216,7 +216,7 @@ static ATCAIfaceCfg cfg = { * Individually locks a slot. Used to lock the io protection and auth key so * they can never change. */ -static ATCA_STATUS _lock_slot(securechip_slot_t slot) +static ATCA_STATUS _lock_slot(atecc_slot_t slot) { bool is_locked = false; ATCA_STATUS result = atcab_is_slot_locked(slot, &is_locked); @@ -232,7 +232,7 @@ static ATCA_STATUS _lock_slot(securechip_slot_t slot) static ATCA_STATUS _factory_setup(void) { if (_interface_functions == NULL) { - return (ATCA_STATUS)SC_ERR_IFS; + return (ATCA_STATUS)ATECC_ERR_IFS; } bool is_config_locked = false; ATCA_STATUS result = atcab_is_locked(LOCK_ZONE_CONFIG, &is_config_locked); @@ -278,7 +278,7 @@ static ATCA_STATUS _factory_setup(void) UTIL_CLEANUP_32(io_protection_key); _interface_functions->get_io_protection_key(io_protection_key); result = atcab_write_zone( - ATCA_ZONE_DATA, SECURECHIP_SLOT_IO_PROTECTION_KEY, 0, 0, io_protection_key, 32); + ATCA_ZONE_DATA, ATECC_SLOT_IO_PROTECTION_KEY, 0, 0, io_protection_key, 32); if (result != ATCA_SUCCESS) { return result; } @@ -286,7 +286,7 @@ static ATCA_STATUS _factory_setup(void) uint8_t auth_key[32] = {0}; UTIL_CLEANUP_32(auth_key); _interface_functions->get_auth_key(auth_key); - result = atcab_write_zone(ATCA_ZONE_DATA, SECURECHIP_SLOT_AUTHKEY, 0, 0, auth_key, 32); + result = atcab_write_zone(ATCA_ZONE_DATA, ATECC_SLOT_AUTHKEY, 0, 0, auth_key, 32); if (result != ATCA_SUCCESS) { return result; } @@ -294,8 +294,8 @@ static ATCA_STATUS _factory_setup(void) uint8_t encryption_key[32] = {0}; UTIL_CLEANUP_32(encryption_key); _interface_functions->get_encryption_key(encryption_key); - result = atcab_write_zone( - ATCA_ZONE_DATA, SECURECHIP_SLOT_ENCRYPTION_KEY, 0, 0, encryption_key, 32); + result = + atcab_write_zone(ATCA_ZONE_DATA, ATECC_SLOT_ENCRYPTION_KEY, 0, 0, encryption_key, 32); if (result != ATCA_SUCCESS) { return result; } @@ -306,15 +306,15 @@ static ATCA_STATUS _factory_setup(void) is_data_locked = true; } if (is_config_locked && is_data_locked) { - result = _lock_slot(SECURECHIP_SLOT_IO_PROTECTION_KEY); + result = _lock_slot(ATECC_SLOT_IO_PROTECTION_KEY); if (result != ATCA_SUCCESS) { return result; } - result = _lock_slot(SECURECHIP_SLOT_AUTHKEY); + result = _lock_slot(ATECC_SLOT_AUTHKEY); if (result != ATCA_SUCCESS) { return result; } - result = _lock_slot(SECURECHIP_SLOT_ENCRYPTION_KEY); + result = _lock_slot(ATECC_SLOT_ENCRYPTION_KEY); if (result != ATCA_SUCCESS) { return result; } @@ -334,14 +334,14 @@ static int _verify_config(void) return result; } if (!is_locked) { - return SC_ERR_ZONE_UNLOCKED_CONFIG; + return ATECC_ERR_ZONE_UNLOCKED_CONFIG; } result = atcab_is_locked(LOCK_ZONE_DATA, &is_locked); if (result != ATCA_SUCCESS) { return result; } if (!is_locked) { - return SC_ERR_ZONE_UNLOCKED_DATA; + return ATECC_ERR_ZONE_UNLOCKED_DATA; } bool same_config = false; @@ -350,38 +350,38 @@ static int _verify_config(void) return result; } if (!same_config) { - return SC_ERR_CONFIG_MISMATCH; + return ATECC_ERR_CONFIG_MISMATCH; } // Check that the slots are individually locked. - result = atcab_is_slot_locked(SECURECHIP_SLOT_IO_PROTECTION_KEY, &is_locked); + result = atcab_is_slot_locked(ATECC_SLOT_IO_PROTECTION_KEY, &is_locked); if (result != ATCA_SUCCESS) { return result; } if (!is_locked) { - return SC_ERR_SLOT_UNLOCKED_IO; + return ATECC_ERR_SLOT_UNLOCKED_IO; } - result = atcab_is_slot_locked(SECURECHIP_SLOT_AUTHKEY, &is_locked); + result = atcab_is_slot_locked(ATECC_SLOT_AUTHKEY, &is_locked); if (result != ATCA_SUCCESS) { return result; } if (!is_locked) { - return SC_ERR_SLOT_UNLOCKED_AUTH; + return ATECC_ERR_SLOT_UNLOCKED_AUTH; } - result = atcab_is_slot_locked(SECURECHIP_SLOT_ENCRYPTION_KEY, &is_locked); + result = atcab_is_slot_locked(ATECC_SLOT_ENCRYPTION_KEY, &is_locked); if (result != ATCA_SUCCESS) { return result; } if (!is_locked) { - return SC_ERR_SLOT_UNLOCKED_ENC; + return ATECC_ERR_SLOT_UNLOCKED_ENC; } return ATCA_SUCCESS; } -int securechip_setup(const securechip_interface_functions_t* ifs) +int atecc_setup(const atecc_interface_functions_t* ifs) { if (ifs == NULL) { - return SC_ERR_IFS; + return ATECC_ERR_IFS; } _interface_functions = ifs; ATCA_STATUS result = atcab_init(&cfg); @@ -400,9 +400,9 @@ int securechip_setup(const securechip_interface_functions_t* ifs) } /** - * This performs the CheckMac command on SECURECHIP_SLOT_AUTHKEY. This needs to + * This performs the CheckMac command on ATECC_SLOT_AUTHKEY. This needs to * be called before using any slot requiring auth and whose KeyConfig.AuthKey is - * SECURECHIP_SLOT_AUTHKEY. + * ATECC_SLOT_AUTHKEY. */ static ATCA_STATUS _authorize_key(void) { @@ -442,7 +442,7 @@ static ATCA_STATUS _authorize_key(void) atca_check_mac_in_out_t checkmac_params = { // First SHA block from slot key, Second SHA block from TempKey. .mode = CHECKMAC_MODE_BLOCK2_TEMPKEY, - .key_id = SECURECHIP_SLOT_AUTHKEY, + .key_id = ATECC_SLOT_AUTHKEY, .sn = sn, .client_chal = NULL, // unused in this mode .client_resp = response, @@ -467,7 +467,7 @@ static ATCA_STATUS _authorize_key(void) } /** - * Performs a roll-key operation on a SECURECHIP_SLOT_ROLLKEY. + * Performs a roll-key operation on a ATECC_SLOT_ROLLKEY. * @return ATCA_SUCCESS on success. */ static ATCA_STATUS _rollkey(void) @@ -482,11 +482,11 @@ static ATCA_STATUS _rollkey(void) if (result != ATCA_SUCCESS) { return result; } - return atcab_derivekey(0, SECURECHIP_SLOT_ROLLKEY, NULL); + return atcab_derivekey(0, ATECC_SLOT_ROLLKEY, NULL); } /** - * Writes a new random key to SECURECHIP_SLOT_KDF. + * Writes a new random key to ATECC_SLOT_KDF. * @return ATCA_SUCCESS on success. */ static ATCA_STATUS _update_kdf_key(void) @@ -511,15 +511,10 @@ static ATCA_STATUS _update_kdf_key(void) } return atcab_write_enc( - SECURECHIP_SLOT_KDF, - 0, - new_key, - encryption_key, - SECURECHIP_SLOT_ENCRYPTION_KEY, - nonce_contribution); + ATECC_SLOT_KDF, 0, new_key, encryption_key, ATECC_SLOT_ENCRYPTION_KEY, nonce_contribution); } -bool securechip_update_keys(void) +bool atecc_update_keys(void) { if (_rollkey() != ATCA_SUCCESS) { return false; @@ -527,13 +522,13 @@ bool securechip_update_keys(void) return _update_kdf_key() == ATCA_SUCCESS; } -static int _securechip_kdf(securechip_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out) +static int _atecc_kdf(atecc_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out) { - if (len > 127 || (slot != SECURECHIP_SLOT_ROLLKEY && slot != SECURECHIP_SLOT_KDF)) { - return SC_ERR_INVALID_ARGS; + if (len > 127 || (slot != ATECC_SLOT_ROLLKEY && slot != ATECC_SLOT_KDF)) { + return ATECC_ERR_INVALID_ARGS; } if (msg == kdf_out) { - return SC_ERR_INVALID_ARGS; + return ATECC_ERR_INVALID_ARGS; } ATCA_STATUS result = _authorize_key(); @@ -584,48 +579,48 @@ static int _securechip_kdf(securechip_slot_t slot, const uint8_t* msg, size_t le return atcah_io_decrypt(&io_dec_params); } -int securechip_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out) +int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out) { - return _securechip_kdf(SECURECHIP_SLOT_KDF, msg, len, kdf_out); + return _atecc_kdf(ATECC_SLOT_KDF, msg, len, kdf_out); } -int securechip_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out) +int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out) { - return _securechip_kdf(SECURECHIP_SLOT_ROLLKEY, msg, len, kdf_out); + return _atecc_kdf(ATECC_SLOT_ROLLKEY, msg, len, kdf_out); } -bool securechip_gen_attestation_key(uint8_t* pubkey_out) +bool atecc_gen_attestation_key(uint8_t* pubkey_out) { ATCA_STATUS result = _authorize_key(); if (result != ATCA_SUCCESS) { return false; } - return atcab_genkey(SECURECHIP_SLOT_ATTESTATION, pubkey_out) == ATCA_SUCCESS; + return atcab_genkey(ATECC_SLOT_ATTESTATION, pubkey_out) == ATCA_SUCCESS; } -bool securechip_attestation_sign(const uint8_t* msg, uint8_t* signature_out) +bool atecc_attestation_sign(const uint8_t* msg, uint8_t* signature_out) { ATCA_STATUS result = _authorize_key(); if (result != ATCA_SUCCESS) { return false; } - return atcab_sign(SECURECHIP_SLOT_ATTESTATION, msg, signature_out) == ATCA_SUCCESS; + return atcab_sign(ATECC_SLOT_ATTESTATION, msg, signature_out) == ATCA_SUCCESS; } -bool securechip_monotonic_increments_remaining(uint32_t* remaining_out) +bool atecc_monotonic_increments_remaining(uint32_t* remaining_out) { uint32_t counter; if (atcab_counter_read(0, &counter) != ATCA_SUCCESS) { return false; } if (COUNTER_MAX_VALUE < counter) { - Abort("SC returned an invalid value"); + Abort("ATECC returned an invalid value"); } *remaining_out = COUNTER_MAX_VALUE - counter; return true; } -bool securechip_random(uint8_t* rand_out) +bool atecc_random(uint8_t* rand_out) { for (int retries = 0; retries < 5; retries++) { if (atcab_random(rand_out) == ATCA_SUCCESS) { @@ -658,14 +653,14 @@ static bool _ecc_write_priv_key(const uint8_t* priv_key) } return atcab_priv_write( - SECURECHIP_SLOT_ECC_UNSAFE_SIGN, + ATECC_SLOT_ECC_UNSAFE_SIGN, atca_priv_key, - SECURECHIP_SLOT_ENCRYPTION_KEY, + ATECC_SLOT_ENCRYPTION_KEY, encryption_key, nonce_contribution) == ATCA_SUCCESS; } -bool securechip_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key) +bool atecc_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key) { if (!_ecc_write_priv_key(priv_key)) { return false; @@ -676,7 +671,7 @@ bool securechip_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key) return false; } - result = atcab_get_pubkey(SECURECHIP_SLOT_ECC_UNSAFE_SIGN, pub_key); + result = atcab_get_pubkey(ATECC_SLOT_ECC_UNSAFE_SIGN, pub_key); if (result != ATCA_SUCCESS) { return false; } @@ -684,7 +679,7 @@ bool securechip_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key) return true; } -bool securechip_ecc_unsafe_sign(const uint8_t* priv_key, const uint8_t* msg, uint8_t* sig) +bool atecc_ecc_unsafe_sign(const uint8_t* priv_key, const uint8_t* msg, uint8_t* sig) { if (!_ecc_write_priv_key(priv_key)) { return false; @@ -695,7 +690,7 @@ bool securechip_ecc_unsafe_sign(const uint8_t* priv_key, const uint8_t* msg, uin return false; } - result = atcab_sign(SECURECHIP_SLOT_ECC_UNSAFE_SIGN, msg, sig); + result = atcab_sign(ATECC_SLOT_ECC_UNSAFE_SIGN, msg, sig); if (result != ATCA_SUCCESS) { return false; } @@ -723,12 +718,8 @@ static bool _read_data_slot_block(uint8_t* bytes, uint16_t slot, uint8_t block) return false; } return atcab_read_enc( - slot, - block, - bytes, - encryption_key, - SECURECHIP_SLOT_ENCRYPTION_KEY, - nonce_contribution) == ATCA_SUCCESS; + slot, block, bytes, encryption_key, ATECC_SLOT_ENCRYPTION_KEY, nonce_contribution) == + ATCA_SUCCESS; } // Write a "standard" sized block from a data slot (must be 32 bytes) @@ -750,7 +741,7 @@ static bool _write_data_slot_block(uint8_t* bytes, uint16_t slot, uint8_t block) return false; } result = atcab_write_enc( - slot, block, bytes, encryption_key, SECURECHIP_SLOT_ENCRYPTION_KEY, nonce_contribution); + slot, block, bytes, encryption_key, ATECC_SLOT_ENCRYPTION_KEY, nonce_contribution); if (result != ATCA_SUCCESS) { return false; } @@ -762,40 +753,40 @@ static bool _write_data_slot_block(uint8_t* bytes, uint16_t slot, uint8_t block) return MEMEQ(written_bytes, bytes, sizeof(written_bytes)); } -bool securechip_u2f_counter_set(uint32_t counter) +bool atecc_u2f_counter_set(uint32_t counter) { data_9_0_t data = {0}; - if (!_read_data_slot_block(&data.bytes[0], SECURECHIP_SLOT_DATA0, 0)) { + if (!_read_data_slot_block(&data.bytes[0], ATECC_SLOT_DATA0, 0)) { return false; } data.fields.u2f_counter = counter; - return _write_data_slot_block(&data.bytes[0], SECURECHIP_SLOT_DATA0, 0); + return _write_data_slot_block(&data.bytes[0], ATECC_SLOT_DATA0, 0); } #endif #if APP_U2F == 1 -bool securechip_u2f_counter_inc(uint32_t* counter) +bool atecc_u2f_counter_inc(uint32_t* counter) { data_9_0_t data = {0}; - if (!_read_data_slot_block(&data.bytes[0], SECURECHIP_SLOT_DATA0, 0)) { + if (!_read_data_slot_block(&data.bytes[0], ATECC_SLOT_DATA0, 0)) { return false; } data.fields.u2f_counter += 1; *counter = data.fields.u2f_counter; - return _write_data_slot_block(&data.bytes[0], SECURECHIP_SLOT_DATA0, 0); + return _write_data_slot_block(&data.bytes[0], ATECC_SLOT_DATA0, 0); } #endif -bool securechip_model(securechip_model_t* model_out) +bool atecc_model(atecc_model_t* model_out) { uint8_t revision[4] = {0}; if (atcab_info(revision) != ATCA_SUCCESS) { return false; } - *model_out = revision[3] >= 0x03 ? SECURECHIP_ATECC608B : SECURECHIP_ATECC608A; + *model_out = revision[3] >= 0x03 ? ATECC_ATECC608B : ATECC_ATECC608A; return true; } diff --git a/src/securechip/securechip.h b/src/atecc/atecc.h similarity index 68% rename from src/securechip/securechip.h rename to src/atecc/atecc.h index 26bb4fca3..f19ace310 100644 --- a/src/securechip/securechip.h +++ b/src/atecc/atecc.h @@ -12,8 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -#ifndef _SECURECHIP_H_ -#define _SECURECHIP_H_ +#ifndef _ATECC_H_ +#define _ATECC_H_ #include "compiler_util.h" #include @@ -22,15 +22,15 @@ #include typedef enum { - SC_ERR_ZONE_UNLOCKED_CONFIG = -1, - SC_ERR_ZONE_UNLOCKED_DATA = -2, - SC_ERR_CONFIG_MISMATCH = -3, - SC_ERR_SLOT_UNLOCKED_IO = -4, - SC_ERR_SLOT_UNLOCKED_AUTH = -5, - SC_ERR_SLOT_UNLOCKED_ENC = -6, - SC_ERR_IFS = -7, - SC_ERR_INVALID_ARGS = -8, -} securechip_error_t; + ATECC_ERR_ZONE_UNLOCKED_CONFIG = -1, + ATECC_ERR_ZONE_UNLOCKED_DATA = -2, + ATECC_ERR_CONFIG_MISMATCH = -3, + ATECC_ERR_SLOT_UNLOCKED_IO = -4, + ATECC_ERR_SLOT_UNLOCKED_AUTH = -5, + ATECC_ERR_SLOT_UNLOCKED_ENC = -6, + ATECC_ERR_IFS = -7, + ATECC_ERR_INVALID_ARGS = -8, +} atecc_error_t; typedef struct { /** @@ -47,17 +47,17 @@ typedef struct { void (*const get_encryption_key)(uint8_t* key_out); void (*const random_32_bytes)(uint8_t* buf); -} securechip_interface_functions_t; +} atecc_interface_functions_t; /** * Initializes the cryptoauthlib communication, by providing a custom i2c chip * communication interface/bridge to cryptoauthlib. On first call, the chip * is configured and locked. * @param[in] ifs Interface functions. - * @return values of `securechip_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on + * @return values of `atecc_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on * success. */ -USE_RESULT int securechip_setup(const securechip_interface_functions_t* ifs); +USE_RESULT int atecc_setup(const atecc_interface_functions_t* ifs); /** * Updates the two KDF keys (rollkey and kdf key). The previous keys are lost @@ -65,7 +65,7 @@ USE_RESULT int securechip_setup(const securechip_interface_functions_t* ifs); * monotonic counter Counter0. * @return true on success. */ -USE_RESULT bool securechip_update_keys(void); +USE_RESULT bool atecc_update_keys(void); /** * Perform HMAC using the key in KDF slot with the input msg. @@ -73,9 +73,9 @@ USE_RESULT bool securechip_update_keys(void); * @param[in] len Must be <= 127. * @param[out] kdf_out Must have size 32. Result of the kdf will be stored here. * Cannot be the same as `msg`. - * @return values of `securechip_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on + * @return values of `atecc_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on */ -USE_RESULT int securechip_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out); +USE_RESULT int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out); /** * Perform KDF using the key in rollkey slot with the input msg. @@ -87,32 +87,32 @@ USE_RESULT int securechip_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out); * Cannot be the same as `msg`. * @return values of `securechip_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on */ -USE_RESULT int securechip_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out); +USE_RESULT int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out); /** * Generates a new attestation device key and outputs the public key. * @param[out] pubkey_out */ -USE_RESULT bool securechip_gen_attestation_key(uint8_t* pubkey_out); +USE_RESULT bool atecc_gen_attestation_key(uint8_t* pubkey_out); /** * @param[in] msg 32 byte message to sign. * @param[out] signature_out must be 64 bytes. R/S P256 signature. */ -USE_RESULT bool securechip_attestation_sign(const uint8_t* challenge, uint8_t* signature_out); +USE_RESULT bool atecc_attestation_sign(const uint8_t* challenge, uint8_t* signature_out); /** * Retrieves the number of remaining possible counter increments (max value - Counter0). - * The counter is increment when using `securechip_kdf()` (see its docstring). + * The counter is increment when using `atecc_kdf()` (see its docstring). * @param[out] remaining_out current value of the monotonic counter. * @return false if there was a communication error with the SC. */ -USE_RESULT bool securechip_monotonic_increments_remaining(uint32_t* remaining_out); +USE_RESULT bool atecc_monotonic_increments_remaining(uint32_t* remaining_out); /** * @param[out] rand_out must be 32 bytes. */ -USE_RESULT bool securechip_random(uint8_t* rand_out); +USE_RESULT bool atecc_random(uint8_t* rand_out); /** * Generates the matching public key to the provided private key. Will put private key in unsafe @@ -121,7 +121,7 @@ USE_RESULT bool securechip_random(uint8_t* rand_out); * @param[out] pub_key Public key. Format will be the X and Y coordinates in big-endian (64 bytes). * @return True if success */ -USE_RESULT bool securechip_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key); +USE_RESULT bool atecc_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key); /** * Sign hash with private key. Will put private key in unsafe ECC slot. @@ -130,10 +130,7 @@ USE_RESULT bool securechip_ecc_generate_public_key(uint8_t* priv_key, uint8_t* p * @param[out] sig Signature (64 bytes) * @return True if success */ -USE_RESULT bool securechip_ecc_unsafe_sign( - const uint8_t* priv_key, - const uint8_t* msg, - uint8_t* sig); +USE_RESULT bool atecc_ecc_unsafe_sign(const uint8_t* priv_key, const uint8_t* msg, uint8_t* sig); #if APP_U2F == 1 || FACTORYSETUP == 1 /** @@ -141,7 +138,7 @@ USE_RESULT bool securechip_ecc_unsafe_sign( * @param[in] counter Value to set counter to * @return True if success */ -USE_RESULT bool securechip_u2f_counter_set(uint32_t counter); +USE_RESULT bool atecc_u2f_counter_set(uint32_t counter); #endif #if APP_U2F == 1 @@ -150,19 +147,19 @@ USE_RESULT bool securechip_u2f_counter_set(uint32_t counter); * @param[out] counter Next counter value * @return True if success */ -USE_RESULT bool securechip_u2f_counter_inc(uint32_t* counter); +USE_RESULT bool atecc_u2f_counter_inc(uint32_t* counter); #endif typedef enum { - SECURECHIP_ATECC608A, - SECURECHIP_ATECC608B, -} securechip_model_t; + ATECC_ATECC608A, + ATECC_ATECC608B, +} atecc_model_t; /** - * Output the securechip model. - * @param[out] model_out securechip model + * Output the atecc model. + * @param[out] model_out atecc model * @return True if success */ -USE_RESULT bool securechip_model(securechip_model_t* model_out); +USE_RESULT bool atecc_model(atecc_model_t* model_out); #endif diff --git a/src/common_main.c b/src/common_main.c index e9d3d2c8a..1d979cb9e 100644 --- a/src/common_main.c +++ b/src/common_main.c @@ -13,6 +13,7 @@ // limitations under the License. #include "common_main.h" +#include "atecc/atecc.h" #include "driver_init.h" #include "flags.h" #include "hardfault.h" @@ -22,7 +23,6 @@ #include "memory/smarteeprom.h" #include "random.h" #include "screen.h" -#include "securechip/securechip.h" #include "util.h" #include @@ -45,7 +45,7 @@ static const memory_interface_functions_t _memory_interface_functions = { .random_32_bytes = random_32_bytes_mcu, }; -static const securechip_interface_functions_t _securechip_interface_functions = { +static const atecc_interface_functions_t _securechip_interface_functions = { .get_auth_key = memory_get_authorization_key, .get_io_protection_key = memory_get_io_protection_key, .get_encryption_key = memory_get_encryption_key, @@ -85,7 +85,7 @@ void common_main(void) // securechip_setup must come after memory_setup, so the io/auth keys to be // used are already initialized. - int securechip_result = securechip_setup(&_securechip_interface_functions); + int securechip_result = atecc_setup(&_securechip_interface_functions); if (securechip_result) { char errmsg[100] = {0}; snprintf( diff --git a/src/factorysetup.c b/src/factorysetup.c index a112e4b3f..274d750ae 100644 --- a/src/factorysetup.c +++ b/src/factorysetup.c @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include "atecc/atecc.h" #include "common_main.h" #include "driver_init.h" #include "flags.h" @@ -19,7 +20,6 @@ #include "memory/memory.h" #include "platform_init.h" #include "screen.h" -#include "securechip/securechip.h" #include "usb/usb.h" #include "usb/usb_packet.h" #include "usb/usb_processing.h" @@ -210,7 +210,7 @@ static void _api_msg(const uint8_t* input, size_t in_len, uint8_t* output, size_ case OP_GENKEY: { screen_print_debug("generating pubkey...", 0); uint8_t pubkey[64]; - if (!securechip_gen_attestation_key(pubkey)) { + if (!atecc_gen_attestation_key(pubkey)) { screen_print_debug("generating pubkey\nfailed", 0); result = ERR_FAILED; break; @@ -277,13 +277,13 @@ static void _api_msg(const uint8_t* input, size_t in_len, uint8_t* output, size_ screen_print_debug("DONE", 0); break; case OP_SC_ROLLKEYS: - if (!securechip_update_keys()) { + if (!atecc_update_keys()) { screen_print_debug("rollkeys: failed", 0); result = ERR_FAILED; break; } screen_print_debug("rollkeys: success", 100); - if (!securechip_u2f_counter_set(0)) { + if (!atecc_u2f_counter_set(0)) { screen_print_debug("reset u2f counter", 0); result = ERR_FAILED; break; diff --git a/src/keystore.c b/src/keystore.c index ef17bd488..c90abf66c 100644 --- a/src/keystore.c +++ b/src/keystore.c @@ -14,6 +14,7 @@ #include +#include "atecc/atecc.h" #include "cipher/cipher.h" #include "hardfault.h" #include "keystore.h" @@ -22,7 +23,6 @@ #include "random.h" #include "reset.h" #include "salt.h" -#include "securechip/securechip.h" #include "util.h" #include @@ -72,7 +72,7 @@ USE_RESULT static keystore_error_t _stretch_retained_seed_encryption_key( if (!salt_hash_data(encryption_key, 32, purpose_in, salted_hashed)) { return KEYSTORE_ERR_SALT; } - if (securechip_kdf(salted_hashed, 32, out)) { + if (atecc_kdf(salted_hashed, 32, out)) { return KEYSTORE_ERR_SECURECHIP; } if (!salt_hash_data(encryption_key, 32, purpose_out, salted_hashed)) { @@ -188,7 +188,7 @@ static keystore_error_t _stretch_password( memcpy(kdf_in, password_salted_hashed, 32); // First KDF on rollkey increments the monotonic counter. Call only once! - int securechip_result = securechip_kdf_rollkey(kdf_in, 32, kdf_out); + int securechip_result = atecc_kdf_rollkey(kdf_in, 32, kdf_out); if (securechip_result) { if (securechip_result_out != NULL) { *securechip_result_out = securechip_result; @@ -198,7 +198,7 @@ static keystore_error_t _stretch_password( // Second KDF does not use the counter and we call it multiple times. for (int i = 0; i < KDF_NUM_ITERATIONS; i++) { memcpy(kdf_in, kdf_out, 32); - securechip_result = securechip_kdf(kdf_in, 32, kdf_out); + securechip_result = atecc_kdf(kdf_in, 32, kdf_out); if (securechip_result) { if (securechip_result_out != NULL) { *securechip_result_out = securechip_result; @@ -302,7 +302,7 @@ keystore_error_t keystore_encrypt_and_store_seed( // Update the two kdf keys before setting a new password. This already // happens on a device reset, but we do it here again anyway so the keys are // initialized also on first use, reducing trust in the factory setup. - if (!securechip_update_keys()) { + if (!atecc_update_keys()) { return KEYSTORE_ERR_SECURECHIP; } uint8_t secret[32] = {0}; diff --git a/src/random.c b/src/random.c index 40206d375..466888a61 100644 --- a/src/random.c +++ b/src/random.c @@ -15,9 +15,9 @@ #include #include #ifndef TESTING +#include "atecc/atecc.h" #include "driver_init.h" #include "flags.h" -#include "securechip/securechip.h" #include #endif #include "hardfault.h" @@ -72,8 +72,8 @@ static void random_32_bytes_sec(uint8_t* buf) random[i] = rand(); } #else - if (!securechip_random(random)) { - Abort("Abort: securechip_random"); + if (!atecc_random(random)) { + Abort("Abort: atecc_random"); } #endif for (size_t i = 0; i < sizeof(random); i++) { diff --git a/src/reset.c b/src/reset.c index c843ba49d..b29164e0a 100644 --- a/src/reset.c +++ b/src/reset.c @@ -20,7 +20,7 @@ #include "memory/smarteeprom.h" #ifndef TESTING -#include "securechip/securechip.h" +#include "atecc/atecc.h" #include #include #include @@ -50,7 +50,7 @@ void reset_reset(bool status) #if !defined(TESTING) bool sc_result_update_keys = false; for (int retries = 0; retries < 5; retries++) { - sc_result_update_keys = securechip_update_keys(); + sc_result_update_keys = atecc_update_keys(); if (sc_result_update_keys) { break; } @@ -61,7 +61,7 @@ void reset_reset(bool status) #if APP_U2F == 1 bool sc_result_u2f_counter_set = false; for (int retries = 0; retries < 5; retries++) { - sc_result_u2f_counter_set = securechip_u2f_counter_set(0); + sc_result_u2f_counter_set = atecc_u2f_counter_set(0); if (sc_result_u2f_counter_set) { break; } diff --git a/src/rust/bitbox02-rust/src/hww/api/device_info.rs b/src/rust/bitbox02-rust/src/hww/api/device_info.rs index 6fab81e9f..41f00227f 100644 --- a/src/rust/bitbox02-rust/src/hww/api/device_info.rs +++ b/src/rust/bitbox02-rust/src/hww/api/device_info.rs @@ -27,8 +27,8 @@ pub fn process() -> Result { mnemonic_passphrase_enabled: memory::is_mnemonic_passphrase_enabled(), monotonic_increments_remaining: securechip::monotonic_increments_remaining()?, securechip_model: match securechip::model()? { - securechip::Model::SECURECHIP_ATECC608A => "ATECC608A".into(), - securechip::Model::SECURECHIP_ATECC608B => "ATECC608B".into(), + securechip::Model::ATECC_ATECC608A => "ATECC608A".into(), + securechip::Model::ATECC_ATECC608B => "ATECC608B".into(), }, })) } diff --git a/src/rust/bitbox02-sys/build.rs b/src/rust/bitbox02-sys/build.rs index 7bc80b41e..34ff74df1 100644 --- a/src/rust/bitbox02-sys/build.rs +++ b/src/rust/bitbox02-sys/build.rs @@ -125,10 +125,10 @@ const ALLOWLIST_FNS: &[&str] = &[ "sd_write_bin", "sdcard_create", "secp256k1_ecdsa_anti_exfil_host_commit", - "securechip_attestation_sign", - "securechip_model", - "securechip_monotonic_increments_remaining", - "securechip_u2f_counter_set", + "atecc_attestation_sign", + "atecc_model", + "atecc_monotonic_increments_remaining", + "atecc_u2f_counter_set", "smarteeprom_bb02_config", "status_create", "trinary_choice_create", @@ -150,7 +150,7 @@ const RUSTIFIED_ENUMS: &[&str] = &[ "memory_result_t", "multisig_script_type_t", "output_type_t", - "securechip_model_t", + "atecc_model_t", "simple_type_t", "trinary_choice_t", ]; diff --git a/src/rust/bitbox02-sys/wrapper.h b/src/rust/bitbox02-sys/wrapper.h index 189c35823..4b1f7f8ec 100644 --- a/src/rust/bitbox02-sys/wrapper.h +++ b/src/rust/bitbox02-sys/wrapper.h @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include #include #include #include @@ -23,7 +24,6 @@ #include #include #include -#include #include #include #include diff --git a/src/rust/bitbox02/src/securechip.rs b/src/rust/bitbox02/src/securechip.rs index 4ea29948e..773608a82 100644 --- a/src/rust/bitbox02/src/securechip.rs +++ b/src/rust/bitbox02/src/securechip.rs @@ -12,11 +12,11 @@ // See the License for the specific language governing permissions and // limitations under the License. -pub use bitbox02_sys::securechip_model_t as Model; +pub use bitbox02_sys::atecc_model_t as Model; pub fn attestation_sign(challenge: &[u8; 32], signature: &mut [u8; 64]) -> Result<(), ()> { match unsafe { - bitbox02_sys::securechip_attestation_sign(challenge.as_ptr(), signature.as_mut_ptr()) + bitbox02_sys::atecc_attestation_sign(challenge.as_ptr(), signature.as_mut_ptr()) } { true => Ok(()), false => Err(()), @@ -25,7 +25,7 @@ pub fn attestation_sign(challenge: &[u8; 32], signature: &mut [u8; 64]) -> Resul pub fn monotonic_increments_remaining() -> Result { let mut result: u32 = 0; - match unsafe { bitbox02_sys::securechip_monotonic_increments_remaining(&mut result as _) } { + match unsafe { bitbox02_sys::atecc_monotonic_increments_remaining(&mut result as _) } { true => Ok(result), false => Err(()), } @@ -34,7 +34,7 @@ pub fn monotonic_increments_remaining() -> Result { #[cfg(feature = "app-u2f")] #[cfg(not(feature = "testing"))] pub fn u2f_counter_set(counter: u32) -> Result<(), ()> { - match unsafe { bitbox02_sys::securechip_u2f_counter_set(counter) } { + match unsafe { bitbox02_sys::atecc_u2f_counter_set(counter) } { true => Ok(()), false => Err(()), } @@ -48,7 +48,7 @@ pub fn u2f_counter_set(_counter: u32) -> Result<(), ()> { pub fn model() -> Result { let mut ver = core::mem::MaybeUninit::uninit(); - match unsafe { bitbox02_sys::securechip_model(ver.as_mut_ptr()) } { + match unsafe { bitbox02_sys::atecc_model(ver.as_mut_ptr()) } { true => Ok(unsafe { ver.assume_init() }), false => Err(()), } diff --git a/src/u2f.c b/src/u2f.c index 2f1ea1d04..59d11e8bd 100644 --- a/src/u2f.c +++ b/src/u2f.c @@ -17,12 +17,12 @@ #include #include +#include #include #include #include #include #include -#include #include #include #include @@ -480,7 +480,7 @@ static void _register_continue(const USB_APDU* apdu, Packet* out_packet) if (!_keyhandle_gen(reg_request->appId, nonce, privkey, mac)) { continue; } - if (securechip_ecc_generate_public_key(privkey, (uint8_t*)&response->pubKey.x)) { + if (atecc_ecc_generate_public_key(privkey, (uint8_t*)&response->pubKey.x)) { break; } } @@ -504,7 +504,7 @@ static void _register_continue(const USB_APDU* apdu, Packet* out_packet) uint8_t hash[SHA256_LEN] = {0}; wally_sha256((uint8_t*)&sig_base, sizeof(sig_base), hash, SHA256_LEN); - if (!securechip_ecc_unsafe_sign(U2F_ATT_PRIV_KEY, hash, sig)) { + if (!atecc_ecc_unsafe_sign(U2F_ATT_PRIV_KEY, hash, sig)) { _error(U2F_SW_CONDITIONS_NOT_SATISFIED, out_packet); return; } @@ -666,7 +666,7 @@ static void _authenticate_continue(const USB_APDU* apdu, Packet* out_packet) U2F_AUTHENTICATE_RESP* response = (U2F_AUTHENTICATE_RESP*)&buf; uint32_t counter; - if (!securechip_u2f_counter_inc(&counter)) { + if (!atecc_u2f_counter_inc(&counter)) { _error(U2F_SW_CONDITIONS_NOT_SATISFIED, out_packet); return; } @@ -687,7 +687,7 @@ static void _authenticate_continue(const USB_APDU* apdu, Packet* out_packet) uint8_t hash[SHA256_LEN] = {0}; wally_sha256((uint8_t*)&sig_base, sizeof(sig_base), hash, SHA256_LEN); - if (!securechip_ecc_unsafe_sign(privkey, hash, sig)) { + if (!atecc_ecc_unsafe_sign(privkey, hash, sig)) { _error(U2F_SW_WRONG_DATA, out_packet); return; } diff --git a/test/simulator/CMakeLists.txt b/test/simulator/CMakeLists.txt index 7ce2c01ef..9f906f989 100644 --- a/test/simulator/CMakeLists.txt +++ b/test/simulator/CMakeLists.txt @@ -63,7 +63,7 @@ add_library(bitbox_objects-simulator framework/mock_memory.c framework/mock_screen.c framework/mock_smarteeprom.c - framework/mock_securechip.c + framework/mock_atecc.c ) add_library(bitbox-simulator diff --git a/test/simulator/framework/mock_securechip.c b/test/simulator/framework/mock_atecc.c similarity index 69% rename from test/simulator/framework/mock_securechip.c rename to test/simulator/framework/mock_atecc.c index 91a8bc506..b9fb75d4d 100644 --- a/test/simulator/framework/mock_securechip.c +++ b/test/simulator/framework/mock_atecc.c @@ -17,7 +17,7 @@ #include #include -#include +#include #include #include #include @@ -25,11 +25,11 @@ typedef enum { SECURECHIP_SLOT_ROLLKEY = 3, SECURECHIP_SLOT_KDF = 4, -} securechip_slot_t; +} atecc_slot_t; static uint32_t _u2f_counter; -bool securechip_update_keys(void) +bool atecc_update_keys(void) { return true; } @@ -44,7 +44,7 @@ static const uint8_t _kdfkey[32] = "\xd2\xe1\xe6\xb1\x8b\x6c\x6b\x08\x43\x3e\xdb\xc1\xd1\x68\xc1\xa0\x04\x37\x74\xa4\x22\x18\x77" "\xe7\x9e\xd5\x66\x84\xbe\x5a\xc0\x1b"; -static int _securechip_kdf(securechip_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out) +static int _securechip_kdf(atecc_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out) { const uint8_t* key; switch (slot) { @@ -55,55 +55,55 @@ static int _securechip_kdf(securechip_slot_t slot, const uint8_t* msg, size_t le key = _kdfkey; break; default: - return SC_ERR_INVALID_ARGS; + return ATECC_ERR_INVALID_ARGS; } wally_hmac_sha256(key, 32, msg, len, kdf_out, 32); return 0; } -int securechip_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out) +int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out) { return _securechip_kdf(SECURECHIP_SLOT_KDF, msg, len, kdf_out); } -int securechip_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out) +int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out) { return _securechip_kdf(SECURECHIP_SLOT_ROLLKEY, msg, len, kdf_out); } -bool securechip_u2f_counter_set(uint32_t counter) +bool atecc_u2f_counter_set(uint32_t counter) { _u2f_counter = counter; return true; } -bool securechip_u2f_counter_inc(uint32_t* counter) +bool atecc_u2f_counter_inc(uint32_t* counter) { *counter = _u2f_counter++; return true; } -bool securechip_ecc_unsafe_sign(const uint8_t* priv_key, const uint8_t* msg, uint8_t* sig) +bool atecc_ecc_unsafe_sign(const uint8_t* priv_key, const uint8_t* msg, uint8_t* sig) { return false; } -bool securechip_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key) +bool atecc_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key) { return false; } -bool securechip_attestation_sign(const uint8_t* msg, uint8_t* signature_out) +bool atecc_attestation_sign(const uint8_t* msg, uint8_t* signature_out) { return false; } -bool securechip_monotonic_increments_remaining(uint32_t* remaining_out) +bool atecc_monotonic_increments_remaining(uint32_t* remaining_out) { *remaining_out = 1; return true; } -bool securechip_model(securechip_model_t* model_out) +bool atecc_model(atecc_model_t* model_out) { - *model_out = SECURECHIP_ATECC608B; + *model_out = ATECC_ATECC608B; return true; } diff --git a/test/unit-test/CMakeLists.txt b/test/unit-test/CMakeLists.txt index cf2874ecc..7584a31ae 100644 --- a/test/unit-test/CMakeLists.txt +++ b/test/unit-test/CMakeLists.txt @@ -68,7 +68,7 @@ add_library(bitbox_objects framework/mock_gestures.c framework/mock_component.c framework/mock_smarteeprom.c - framework/mock_securechip.c + framework/mock_atecc.c framework/mock_delay.c ) diff --git a/test/unit-test/framework/mock_securechip.c b/test/unit-test/framework/mock_atecc.c similarity index 69% rename from test/unit-test/framework/mock_securechip.c rename to test/unit-test/framework/mock_atecc.c index ffacc9779..5a53b8190 100644 --- a/test/unit-test/framework/mock_securechip.c +++ b/test/unit-test/framework/mock_atecc.c @@ -18,7 +18,7 @@ #include #include -#include +#include #include #include #include @@ -26,11 +26,11 @@ typedef enum { SECURECHIP_SLOT_ROLLKEY = 3, SECURECHIP_SLOT_KDF = 4, -} securechip_slot_t; +} atecc_slot_t; static uint32_t _u2f_counter; -bool securechip_update_keys(void) +bool atecc_update_keys(void) { return true; } @@ -45,7 +45,7 @@ static const uint8_t _kdfkey[32] = "\xd2\xe1\xe6\xb1\x8b\x6c\x6b\x08\x43\x3e\xdb\xc1\xd1\x68\xc1\xa0\x04\x37\x74\xa4\x22\x18\x77" "\xe7\x9e\xd5\x66\x84\xbe\x5a\xc0\x1b"; -static int _securechip_kdf(securechip_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out) +static int _securechip_kdf(atecc_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out) { const uint8_t* key; switch (slot) { @@ -56,55 +56,55 @@ static int _securechip_kdf(securechip_slot_t slot, const uint8_t* msg, size_t le key = _kdfkey; break; default: - return SC_ERR_INVALID_ARGS; + return ATECC_ERR_INVALID_ARGS; } wally_hmac_sha256(key, 32, msg, len, kdf_out, 32); return 0; } -int securechip_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out) +int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out) { return _securechip_kdf(SECURECHIP_SLOT_KDF, msg, len, kdf_out); } -int securechip_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out) +int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out) { return _securechip_kdf(SECURECHIP_SLOT_ROLLKEY, msg, len, kdf_out); } -bool securechip_u2f_counter_set(uint32_t counter) +bool atecc_u2f_counter_set(uint32_t counter) { _u2f_counter = counter; return true; } -bool securechip_u2f_counter_inc(uint32_t* counter) +bool atecc_u2f_counter_inc(uint32_t* counter) { *counter = _u2f_counter++; return true; } -bool securechip_ecc_unsafe_sign(const uint8_t* priv_key, const uint8_t* msg, uint8_t* sig) +bool atecc_ecc_unsafe_sign(const uint8_t* priv_key, const uint8_t* msg, uint8_t* sig) { return false; } -bool securechip_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key) +bool atecc_ecc_generate_public_key(uint8_t* priv_key, uint8_t* pub_key) { return false; } -bool securechip_attestation_sign(const uint8_t* msg, uint8_t* signature_out) +bool atecc_attestation_sign(const uint8_t* msg, uint8_t* signature_out) { return false; } -bool securechip_monotonic_increments_remaining(uint32_t* remaining_out) +bool atecc_monotonic_increments_remaining(uint32_t* remaining_out) { *remaining_out = 1; return true; } -bool securechip_model(securechip_model_t* model_out) +bool atecc_model(atecc_model_t* model_out) { - *model_out = SECURECHIP_ATECC608B; + *model_out = ATECC_ATECC608B; return true; } diff --git a/test/unit-test/test_keystore.c b/test/unit-test/test_keystore.c index 1dc109a2f..741dc2a09 100644 --- a/test/unit-test/test_keystore.c +++ b/test/unit-test/test_keystore.c @@ -17,6 +17,7 @@ #include #include +#include #include #include #include @@ -26,7 +27,6 @@ #include #include #include -#include #include #include diff --git a/test/unit-test/test_keystore_functional.c b/test/unit-test/test_keystore_functional.c index 9de48edc4..6a3a1abb4 100644 --- a/test/unit-test/test_keystore_functional.c +++ b/test/unit-test/test_keystore_functional.c @@ -19,11 +19,11 @@ #include +#include #include #include #include #include -#include #include #include