diff --git a/CMakeLists.txt b/CMakeLists.txt index a4d3601fa..00e8caecc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,10 +2,10 @@ cmake_minimum_required(VERSION 2.6.4) project (cryptoauthlib) # Set the current release version -set(VERSION "3.2.3") +set(VERSION "3.2.4") set(VERSION_MAJOR 3) set(VERSION_MINOR 2) -set(VERSION_PATCH 3) +set(VERSION_PATCH 4) # Build Options option(BUILD_TESTS "Create Test Application with library" OFF) @@ -21,6 +21,8 @@ if(WIN32) string(REPLACE "\\" "/" LOCAL_APP_DATA "$ENV{LOCALAPPDATA}/Microchip") set(DEFAULT_LIB_PATH "${LOCAL_APP_DATA}" CACHE STRING "The default absolute library path") +set(DEFAULT_INC_PATH "${LOCAL_APP_DATA}/${PROJECT_NAME}" CACHE + STRING "The default include install path") set(DEFAULT_CONF_PATH "${LOCAL_APP_DATA}" CACHE STRING "The default location of ${PROJECT_NAME}.conf") set(DEFAULT_STORE_PATH "${LOCAL_APP_DATA}/${PROJECT_NAME}" CACHE @@ -29,6 +31,8 @@ else() include(GNUInstallDirs) set(DEFAULT_LIB_PATH "${CMAKE_INSTALL_FULL_LIBDIR}" CACHE STRING "The default absolute library path") +set(DEFAULT_INC_PATH "${CMAKE_INSTALL_INCLUDEDIR}/${PROJECT_NAME}" CACHE + STRING "The default include install path") set(DEFAULT_CONF_PATH "${CMAKE_INSTALL_FULL_SYSCONFDIR}/${PROJECT_NAME}" CACHE STRING "The default location of ${PROJECT_NAME}.conf") set(DEFAULT_STORE_PATH "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/${PROJECT_NAME}" CACHE @@ -82,8 +86,12 @@ install(CODE " DESTINATION ${DEFAULT_CONF_PATH}) endif() ") -install(DIRECTORY DESTINATION ${DEFAULT_STORE_PATH}) -install(CODE "execute_process(COMMAND chmod 1777 ${DEFAULT_STORE_PATH})") +install(DIRECTORY DESTINATION ${DEFAULT_STORE_PATH} + DIRECTORY_PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_WRITE GROUP_READ + WORLD_EXECUTE WORLD_WRITE WORLD_READ + ) install(CODE " if(NOT EXISTS ${DEFAULT_STORE_PATH}/slot.conf.tmpl) file(INSTALL ${PROJECT_SOURCE_DIR}/app/pkcs11/slot.conf.tmpl diff --git a/README.md b/README.md index 5c84b4406..0ab081a91 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -CryptoAuthLib - Microchip CryptoAuthentication Library +CryptoAuthLib - Microchip CryptoAuthentication Library {#mainpage} ==================================================== Introduction @@ -10,6 +10,7 @@ device. The family of devices supported currently are: - [ATECC108A](http://www.microchip.com/ATECC108A) - [ATECC508A](http://www.microchip.com/ATECC508A) - [ATECC608A](http://www.microchip.com/ATECC608A) +- [ATECC608B](http://www.microchip.com/ATECC608B) The best place to start is with the [Microchip Trust Platform](https://www.microchip.com/design-centers/security-ics/trust-platform) diff --git a/app/README.md b/app/README.md index 0f354f7e8..b46f02406 100644 --- a/app/README.md +++ b/app/README.md @@ -1,8 +1,13 @@ -app directory - Purpose -=================== +Application Support +======================== This directory is for application specific implementation of various use cases. Methods in this directory provide a simple API to perform potentially complex combinations of calls to the main library or API. +@subpage app_info_ip_prot + +@subpage app_info_pkcs11 + +@subpage app_info_secure_boot diff --git a/app/ip_protection/README.md b/app/ip_protection/README.md index 7579a8474..c6a931f8c 100644 --- a/app/ip_protection/README.md +++ b/app/ip_protection/README.md @@ -1,5 +1,7 @@ IP Protection with Symmetric Authentication ------------------------- +=========================================== +@page app_info_ip_prot IP Protection with Symmetric Authentication + The IP protection can be easily integrated to the existing projects.The user project should include symmetric_authentication.c & symmetric_authentication.h files which contains the api - **symmetric_authenticate()** - For Performing the authentication between host & device. diff --git a/app/pkcs11/README.md b/app/pkcs11/README.md index 60fbdf81a..5480dd965 100644 --- a/app/pkcs11/README.md +++ b/app/pkcs11/README.md @@ -1,3 +1,7 @@ +PKCS11 Application Information +=========================================== +@page app_info_pkcs11 PKCS11 Application Information + # Setting up cryptoauthlib as a PKCS11 Provider for your system (LINUX) These instructions are for building, installing and configuring cryptoauthlib as a pkcs11 @@ -341,4 +345,3 @@ $ p11tool --provider=/usr/lib/libcryptoauth.so 6e:bf:00:e2:61:f2:7c:82:10:d6:87:d8:06:0f:10:3b:d8:d9 ``` - diff --git a/app/secure_boot/README.md b/app/secure_boot/README.md index c4cb190f8..2b59cee77 100644 --- a/app/secure_boot/README.md +++ b/app/secure_boot/README.md @@ -1,4 +1,6 @@ -# Secure boot using ATECC608 +Secure boot using ATECC608 +========================================================= +@page app_info_secure_boot Secure boot using ATECC608 The SecureBoot command is a new feature on the [ATECC608A](https://www.microchip.com/wwwproducts/en/ATECC608A) device compared @@ -80,4 +82,4 @@ Examples ----------- For more information about secure boot, please see the example implementation project and documentation at: -https://github.com/MicrochipTech/cryptoauth_usecase_secureboot \ No newline at end of file +https://github.com/MicrochipTech/cryptoauth_usecase_secureboot diff --git a/app/tng/readme.md b/app/tng/readme.md index 496d3142a..da4439894 100644 --- a/app/tng/readme.md +++ b/app/tng/readme.md @@ -4,4 +4,7 @@ This folder has a number of convenience functions for working with TNG devices (currently ATECC608A-MAHTN-T). These devices have standard certificates that can be easily read using the -functions in tng_atcacert_client.h \ No newline at end of file +functions in tng_atcacert_client.h + +@ingroup tng_ + diff --git a/app/tng/tng_atca.c b/app/tng/tng_atca.c index 74400a2dc..0d6a03ab0 100644 --- a/app/tng/tng_atca.c +++ b/app/tng/tng_atca.c @@ -45,22 +45,22 @@ typedef struct static tng_cert_map_element g_tng_cert_def_map[] = { #ifdef ATCA_TNG_LEGACY_SUPPORT - { "wdNxAjae", &g_tngtls_cert_def_2_device }, - { "Rsuy5YJh", &g_tngtls_cert_def_2_device }, - { "BxZvm6q2", &g_tnglora_cert_def_2_device }, + { "wdNxAjae", &g_tngtls_cert_def_2_device }, + { "Rsuy5YJh", &g_tngtls_cert_def_2_device }, + { "BxZvm6q2", &g_tnglora_cert_def_2_device }, #endif #ifdef ATCA_TFLEX_SUPPORT - { "MKMwyhP1", &g_tflxtls_cert_def_4_device }, + { "MKMwyhP1", &g_tflxtls_cert_def_4_device }, #endif #ifdef ATCA_TNGTLS_SUPPORT - { "KQp2ZkD8", &g_tngtls_cert_def_3_device }, - { "x6tjuZMy", &g_tngtls_cert_def_3_device }, + { "KQp2ZkD8", &g_tngtls_cert_def_3_device }, + { "x6tjuZMy", &g_tngtls_cert_def_3_device }, #endif #ifdef ATCA_TNGLORA_SUPPORT - { "jsMu7iYO", &g_tnglora_cert_def_4_device }, - { "09qJNxI3", &g_tnglora_cert_def_4_device }, + { "jsMu7iYO", &g_tnglora_cert_def_4_device }, + { "09qJNxI3", &g_tnglora_cert_def_4_device }, #endif - { "", NULL } + { "", NULL } }; static const size_t g_tng_cert_def_cnt = sizeof(g_tng_cert_def_map) / sizeof(tng_cert_map_element) - 1; @@ -122,4 +122,4 @@ ATCA_STATUS tng_get_device_pubkey(uint8_t *public_key) } return status; -} \ No newline at end of file +} diff --git a/app/tng/tnglora_cert_def_1_signer.c b/app/tng/tnglora_cert_def_1_signer.c index 7f3a81060..0a58931aa 100644 --- a/app/tng/tnglora_cert_def_1_signer.c +++ b/app/tng/tnglora_cert_def_1_signer.c @@ -31,7 +31,7 @@ extern const uint8_t g_tngtls_cert_template_1_signer[]; extern const atcacert_cert_element_t g_tngtls_cert_elements_1_signer[]; -const atcacert_def_t g_tnglora_cert_def_1_signer = { +SHARED_LIB_EXPORT const atcacert_def_t g_tnglora_cert_def_1_signer = { .type = CERTTYPE_X509, .template_id = 1, .chain_id = 0, diff --git a/app/tng/tnglora_cert_def_1_signer.h b/app/tng/tnglora_cert_def_1_signer.h index d2786f8fd..686455642 100644 --- a/app/tng/tnglora_cert_def_1_signer.h +++ b/app/tng/tnglora_cert_def_1_signer.h @@ -37,8 +37,7 @@ extern "C" { /** \ingroup tng_ * @{ */ - -extern const atcacert_def_t g_tnglora_cert_def_1_signer; +ATCA_DLL const atcacert_def_t g_tnglora_cert_def_1_signer; /** @} */ diff --git a/app/tng/tnglora_cert_def_2_device.c b/app/tng/tnglora_cert_def_2_device.c index 058cf8745..15e95f695 100644 --- a/app/tng/tnglora_cert_def_2_device.c +++ b/app/tng/tnglora_cert_def_2_device.c @@ -27,12 +27,13 @@ #include "atcacert/atcacert_def.h" #include "tngtls_cert_def_2_device.h" +#include "tngtls_cert_def_1_signer.h" #include "tnglora_cert_def_1_signer.h" extern const uint8_t g_tngtls_cert_template_2_device[]; extern const atcacert_cert_element_t g_tngtls_cert_elements_2_device[]; -const atcacert_def_t g_tnglora_cert_def_2_device = { +SHARED_LIB_EXPORT const atcacert_def_t g_tnglora_cert_def_2_device = { .type = CERTTYPE_X509, .template_id = 2, .chain_id = 0, diff --git a/app/tng/tnglora_cert_def_2_device.h b/app/tng/tnglora_cert_def_2_device.h index a4d04773f..c52b0cff8 100644 --- a/app/tng/tnglora_cert_def_2_device.h +++ b/app/tng/tnglora_cert_def_2_device.h @@ -38,7 +38,7 @@ extern "C" { * @{ */ -extern const atcacert_def_t g_tnglora_cert_def_2_device; +SHARED_LIB_IMPORT const atcacert_def_t g_tnglora_cert_def_2_device; /** @} */ diff --git a/app/tng/tnglora_cert_def_4_device.c b/app/tng/tnglora_cert_def_4_device.c index ea261eb66..505abbf87 100644 --- a/app/tng/tnglora_cert_def_4_device.c +++ b/app/tng/tnglora_cert_def_4_device.c @@ -29,7 +29,7 @@ #include "tnglora_cert_def_4_device.h" #include "tnglora_cert_def_1_signer.h" -const uint8_t g_tnglora_cert_template_4_device[TNGLORA_CERT_TEMPLATE_4_DEVICE_SIZE] = { +SHARED_LIB_EXPORT const uint8_t g_tnglora_cert_template_4_device[TNGLORA_CERT_TEMPLATE_4_DEVICE_SIZE] = { 0x30, 0x82, 0x02, 0x24, 0x30, 0x82, 0x01, 0xc9, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x55, 0xce, 0x2e, 0x8f, 0xf6, 0x1c, 0x62, 0x50, 0xb7, 0xe1, 0x68, 0x03, 0x54, 0x14, 0x1c, 0x94, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x4f, 0x31, 0x21, 0x30, @@ -67,7 +67,7 @@ const uint8_t g_tnglora_cert_template_4_device[TNGLORA_CERT_TEMPLATE_4_DEVICE_SI 0x22, 0x7f, 0x91, 0x9c, 0xd2, 0x63, 0x34, 0x82 }; -const atcacert_cert_element_t g_tnglora_cert_elements_4_device[] = { +SHARED_LIB_EXPORT const atcacert_cert_element_t g_tnglora_cert_elements_4_device[] = { { .id = "SN03", .device_loc ={ @@ -124,7 +124,7 @@ const atcacert_cert_element_t g_tnglora_cert_elements_4_device[] = { } }; -const atcacert_def_t g_tnglora_cert_def_4_device = { +SHARED_LIB_EXPORT const atcacert_def_t g_tnglora_cert_def_4_device = { .type = CERTTYPE_X509, .template_id = 4, .chain_id = 0, diff --git a/app/tng/tnglora_cert_def_4_device.h b/app/tng/tnglora_cert_def_4_device.h index f63a577f8..b6569a66b 100644 --- a/app/tng/tnglora_cert_def_4_device.h +++ b/app/tng/tnglora_cert_def_4_device.h @@ -38,7 +38,7 @@ extern "C" { * @{ */ #define TNGLORA_CERT_TEMPLATE_4_DEVICE_SIZE 552 -extern const atcacert_def_t g_tnglora_cert_def_4_device; +ATCA_DLL const atcacert_def_t g_tnglora_cert_def_4_device; /** @} */ diff --git a/app/tng/tngtls_cert_def_1_signer.c b/app/tng/tngtls_cert_def_1_signer.c index e61cfd0c4..12482b004 100644 --- a/app/tng/tngtls_cert_def_1_signer.c +++ b/app/tng/tngtls_cert_def_1_signer.c @@ -28,7 +28,7 @@ #include "atcacert/atcacert_def.h" #include "tngtls_cert_def_1_signer.h" -const uint8_t g_tngtls_cert_template_1_signer[TNGTLS_CERT_TEMPLATE_1_SIGNER_SIZE] = { +SHARED_LIB_EXPORT const uint8_t g_tngtls_cert_template_1_signer[TNGTLS_CERT_TEMPLATE_1_SIGNER_SIZE] = { 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0xaa, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x44, 0x0e, 0xe4, 0x17, 0x0c, 0xb5, 0x45, 0xce, 0x59, 0x69, 0x8e, 0x30, 0x56, 0x99, 0x0a, 0x5d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x4f, 0x31, 0x21, 0x30, @@ -64,7 +64,7 @@ const uint8_t g_tngtls_cert_template_1_signer[TNGTLS_CERT_TEMPLATE_1_SIGNER_SIZE 0xbf, 0x3b, 0x22, 0x78, 0x8e, 0x75, 0x41, 0x86 }; -const atcacert_cert_element_t g_tngtls_cert_elements_1_signer[] = { +SHARED_LIB_EXPORT const atcacert_cert_element_t g_tngtls_cert_elements_1_signer[] = { { .id = "subject", .device_loc ={ @@ -77,7 +77,7 @@ const atcacert_cert_element_t g_tngtls_cert_elements_1_signer[] = { } }; -const atcacert_def_t g_tngtls_cert_def_1_signer = { +SHARED_LIB_EXPORT const atcacert_def_t g_tngtls_cert_def_1_signer = { .type = CERTTYPE_X509, .template_id = 1, .chain_id = 0, diff --git a/app/tng/tngtls_cert_def_2_device.c b/app/tng/tngtls_cert_def_2_device.c index a71f3e8f7..bd6cd81aa 100644 --- a/app/tng/tngtls_cert_def_2_device.c +++ b/app/tng/tngtls_cert_def_2_device.c @@ -29,7 +29,7 @@ #include "tngtls_cert_def_2_device.h" #include "tngtls_cert_def_1_signer.h" -const uint8_t g_tngtls_cert_template_2_device[TNGTLS_CERT_TEMPLATE_2_DEVICE_SIZE] = { +SHARED_LIB_EXPORT const uint8_t g_tngtls_cert_template_2_device[TNGTLS_CERT_TEMPLATE_2_DEVICE_SIZE] = { 0x30, 0x82, 0x01, 0xf5, 0x30, 0x82, 0x01, 0x9b, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x55, 0xce, 0x2e, 0x8f, 0xf6, 0x1c, 0x62, 0x50, 0xb7, 0xe1, 0x68, 0x03, 0x54, 0x14, 0x1c, 0x94, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x4f, 0x31, 0x21, 0x30, @@ -64,7 +64,7 @@ const uint8_t g_tngtls_cert_template_2_device[TNGTLS_CERT_TEMPLATE_2_DEVICE_SIZE 0xd3, 0x9f, 0x3d, 0xf6, 0x3e, 0xe5, 0xb3, 0x7a, 0x19 }; -const atcacert_cert_element_t g_tngtls_cert_elements_2_device[TNGTLS_CERT_ELEMENTS_2_DEVICE_COUNT] = { +SHARED_LIB_EXPORT const atcacert_cert_element_t g_tngtls_cert_elements_2_device[TNGTLS_CERT_ELEMENTS_2_DEVICE_COUNT] = { { .id = "SN03", .device_loc ={ @@ -103,7 +103,7 @@ const atcacert_cert_element_t g_tngtls_cert_elements_2_device[TNGTLS_CERT_ELEMEN } }; -const atcacert_def_t g_tngtls_cert_def_2_device = { +SHARED_LIB_EXPORT const atcacert_def_t g_tngtls_cert_def_2_device = { .type = CERTTYPE_X509, .template_id = 2, .chain_id = 0, diff --git a/app/tng/tngtls_cert_def_2_device.h b/app/tng/tngtls_cert_def_2_device.h index c4f9a6bea..7ed9b9434 100644 --- a/app/tng/tngtls_cert_def_2_device.h +++ b/app/tng/tngtls_cert_def_2_device.h @@ -40,7 +40,7 @@ extern "C" { #define TNGTLS_CERT_TEMPLATE_2_DEVICE_SIZE 505 #define TNGTLS_CERT_ELEMENTS_2_DEVICE_COUNT 2 -extern const atcacert_def_t g_tngtls_cert_def_2_device; +ATCA_DLL const atcacert_def_t g_tngtls_cert_def_2_device; /** @} */ diff --git a/app/tng/tngtls_cert_def_3_device.c b/app/tng/tngtls_cert_def_3_device.c index f7ea5722c..1aaf34cc8 100644 --- a/app/tng/tngtls_cert_def_3_device.c +++ b/app/tng/tngtls_cert_def_3_device.c @@ -29,7 +29,7 @@ #include "tngtls_cert_def_3_device.h" #include "tngtls_cert_def_1_signer.h" -const uint8_t g_tngtls_cert_template_3_device[TNGTLS_CERT_TEMPLATE_3_DEVICE_SIZE] = { +SHARED_LIB_EXPORT const uint8_t g_tngtls_cert_template_3_device[TNGTLS_CERT_TEMPLATE_3_DEVICE_SIZE] = { 0x30, 0x82, 0x02, 0x1e, 0x30, 0x82, 0x01, 0xc5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x55, 0xce, 0x2e, 0x8f, 0xf6, 0x1c, 0x62, 0x50, 0xb7, 0xe1, 0x68, 0x03, 0x54, 0x14, 0x1c, 0x94, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x4f, 0x31, 0x21, 0x30, @@ -67,7 +67,7 @@ const uint8_t g_tngtls_cert_template_3_device[TNGTLS_CERT_TEMPLATE_3_DEVICE_SIZE 0x15, 0xe2 }; -const atcacert_cert_element_t g_tngtls_cert_elements_3_device[] = { +SHARED_LIB_EXPORT const atcacert_cert_element_t g_tngtls_cert_elements_3_device[] = { { .id = "SN03", .device_loc ={ @@ -124,7 +124,7 @@ const atcacert_cert_element_t g_tngtls_cert_elements_3_device[] = { } }; -const atcacert_def_t g_tngtls_cert_def_3_device = { +SHARED_LIB_EXPORT const atcacert_def_t g_tngtls_cert_def_3_device = { .type = CERTTYPE_X509, .template_id = 3, .chain_id = 0, diff --git a/app/tng/tngtls_cert_def_3_device.h b/app/tng/tngtls_cert_def_3_device.h index 55f39144d..e24617b63 100644 --- a/app/tng/tngtls_cert_def_3_device.h +++ b/app/tng/tngtls_cert_def_3_device.h @@ -38,7 +38,7 @@ extern "C" { * @{ */ #define TNGTLS_CERT_TEMPLATE_3_DEVICE_SIZE 546 -extern const atcacert_def_t g_tngtls_cert_def_3_device; +ATCA_DLL const atcacert_def_t g_tngtls_cert_def_3_device; /** @} */ #ifdef __cplusplus diff --git a/cryptoauthlib-manual.pdf b/cryptoauthlib-manual.pdf index 146775995..349456733 100644 Binary files a/cryptoauthlib-manual.pdf and b/cryptoauthlib-manual.pdf differ diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index 7353c343f..c574d9fbb 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -6,7 +6,7 @@ include(CheckSymbolExists) # Various Options for Build option(ATCA_HAL_KIT_HID "Include the HID HAL Driver") -option(ATCA_HAL_KIT_CDC "Include the CDC HAL Driver (Legacy)" OFF) +option(ATCA_HAL_KIT_BRIDGE "General purpose kit protocol (Packet and Stream)") option(ATCA_HAL_I2C "Include the I2C Hal Driver - Linux & MCU only") option(ATCA_HAL_SPI "Include the SPI HAL Driver - Linux & MCU only") option(ATCA_HAL_CUSTOM "Include support for Custom/Plug-in Hal Driver") @@ -50,16 +50,26 @@ set(BUILD_SHARED_LIBS ${ATCA_BUILD_SHARED_LIBS}) # Collect Library Sources file(GLOB LIB_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*.c") +file(GLOB LIB_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*.h") file(GLOB ATCACERT_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "atcacert/*.c") +file(GLOB ATCACERT_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "atcacert/*.h") file(GLOB CALIB_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "calib/*.c") +file(GLOB CALIB_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "calib/*.h") file(GLOB TALIB_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "talib/*.c") +file(GLOB TALIB_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "talib/*.h") file(GLOB_RECURSE CRYPTO_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "crypto/*.c") +file(GLOB CRYPTO_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "crypto/*.h") +file(GLOB CRYPTO_HASHES_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "crypto/hashes/*.h") file(GLOB HOST_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "host/*.c") +file(GLOB HOST_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "host/*.h") file(GLOB JWT_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "jwt/*.c") +file(GLOB JWT_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "jwt/*.h") file(GLOB PKCS11_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "pkcs11/*.c") +file(GLOB PKCS11_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "pkcs11/*.h") file(GLOB TNG_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../app/tng/*.c") +file(GLOB TNG_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../app/tng/*.h") file(GLOB SHA206_API_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../app/api_206a/*.c") - +file(GLOB SHA206_API_INC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../app/api_206a/*.h") if(ATCA_PKCS11 AND (ATCA_TNGTLS_SUPPORT OR ATCA_TNGLORA_SUPPORT OR ATCA_TFLEX_SUPPORT)) SET(TNG_SRC ${TNG_SRC} ../app/pkcs11/trust_pkcs11_config.c) @@ -159,6 +169,8 @@ set(CRYPTOAUTH_SRC ${LIB_SRC} ${OPENSSL_SRC} hal/atca_hal.c ) +set(HAL_INC hal/atca_hal.h) + if(ATCA_HAL_KIT_HID OR ATCA_HAL_KIT_CDC) set(NEED_USB true) endif() @@ -232,6 +244,10 @@ if(ATCA_HAL_SPI) set(CRYPTOAUTH_SRC ${CRYPTOAUTH_SRC} ${SPI_SRC}) endif(ATCA_HAL_SPI) +if(ATCA_HAL_KIT_BRIDGE) +set(CRYPTOAUTH_SRC ${CRYPTOAUTH_SRC} hal/hal_kit_bridge.c) +endif(ATCA_HAL_KIT_BRIDGE) + # Add Remaining Sources depending on target library type if(ATCA_MBEDTLS) set(CRYPTOAUTH_SRC ${CRYPTOAUTH_SRC} ${MBEDTLS_SRC}) @@ -266,9 +282,11 @@ set(ATCA_TESTS_ENABLED ON CACHE INTERNAL "") endif(BUILD_TESTS) configure_file(atca_config.h.in atca_config.h @ONLY) +set(LIB_INC ${LIB_INC} ${CMAKE_CURRENT_BINARY_DIR}/atca_config.h) if(ATCA_PKCS11) configure_file(pkcs11/pkcs11_config.h.in pkcs11_config.h @ONLY) +set(PKCS11_INC ${PKCS11_INC} ${CMAKE_CURRENT_BINARY_DIR}/pkcs11_config.h) endif() include_directories(cryptoauth PUBLIC ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR} ../app/tng ../third_party/hidapi/hidapi ${USB_INCLUDE_DIR}) @@ -308,5 +326,24 @@ target_link_libraries(cryptoauth rt) endif(LINUX) if(DEFAULT_LIB_PATH) -install(TARGETS ${PROJECT_NAME} DESTINATION ${DEFAULT_LIB_PATH}) -endif() +install(TARGETS ${PROJECT_NAME} + LIBRARY + DESTINATION ${DEFAULT_LIB_PATH} + COMPONENT Libraries + NAMELINK_COMPONENT Development) +endif(DEFAULT_LIB_PATH) + +if(DEFAULT_INC_PATH) +install(FILES ${LIB_INC} DESTINATION ${DEFAULT_INC_PATH} COMPONENT Development) +install(FILES ${HAL_INC} DESTINATION ${DEFAULT_INC_PATH}/hal COMPONENT Development) +install(FILES ${ATCACERT_INC} DESTINATION ${DEFAULT_INC_PATH}/atcacert COMPONENT Development) +install(FILES ${CALIB_INC} DESTINATION ${DEFAULT_INC_PATH}/calib COMPONENT Development) +install(FILES ${TALIB_INC} DESTINATION ${DEFAULT_INC_PATH}/talib COMPONENT Development) +install(FILES ${CRYPTO_INC} DESTINATION ${DEFAULT_INC_PATH}/crypto COMPONENT Development) +install(FILES ${CRYPTO_HASHES_INC} DESTINATION ${DEFAULT_INC_PATH}/crypto/hashes COMPONENT Development) +install(FILES ${HOST_INC} DESTINATION ${DEFAULT_INC_PATH}/host COMPONENT Development) +install(FILES ${JWT_INC} DESTINATION ${DEFAULT_INC_PATH}/jwt COMPONENT Development) +install(FILES ${PKCS11_INC} DESTINATION ${DEFAULT_INC_PATH}/pkcs11 COMPONENT Development) +install(FILES ${TNG_INC} DESTINATION ${DEFAULT_INC_PATH}/app/tng COMPONENT Development) +install(FILES ${SHA206_API_INC} DESTINATION ${DEFAULT_INC_PATH}/app/api_206a COMPONENT Development) +endif(DEFAULT_INC_PATH) diff --git a/lib/atca_basic.c b/lib/atca_basic.c index 383244f75..625da032d 100644 --- a/lib/atca_basic.c +++ b/lib/atca_basic.c @@ -38,7 +38,7 @@ #endif const char atca_version[] = ATCA_LIBRARY_VERSION_DATE; -SHARED_LIB_EXPORT ATCADevice _gDevice = NULL; +ATCADevice _gDevice = NULL; #ifdef ATCA_NO_HEAP SHARED_LIB_EXPORT struct atca_command g_atcab_command; SHARED_LIB_EXPORT struct atca_iface g_atcab_iface; diff --git a/lib/atca_compiler.h b/lib/atca_compiler.h index 2062b09a7..fc82d9cbc 100644 --- a/lib/atca_compiler.h +++ b/lib/atca_compiler.h @@ -185,4 +185,16 @@ #endif +#ifdef ATCA_BUILD_SHARED_LIBS +#if defined(cryptoauth_EXPORTS) && defined(_WIN32) +#define ATCA_DLL SHARED_LIB_EXPORT +#else +#define ATCA_DLL SHARED_LIB_IMPORT +#endif +#else +#undef SHARED_LIB_EXPORT +#define SHARED_LIB_EXPORT +#define ATCA_DLL extern +#endif + #endif /* ATCA_COMPILER_H_ */ diff --git a/lib/atca_config.h.in b/lib/atca_config.h.in index 3a6dd010d..04fa81db7 100644 --- a/lib/atca_config.h.in +++ b/lib/atca_config.h.in @@ -7,6 +7,7 @@ #cmakedefine ATCA_HAL_KIT_CDC #cmakedefine ATCA_HAL_I2C #cmakedefine ATCA_HAL_SPI +#cmakedefine ATCA_HAL_KIT_BRIDGE #cmakedefine ATCA_HAL_CUSTOM /* Included device support */ diff --git a/lib/atca_iface.h b/lib/atca_iface.h index 6db0b25a8..80789d0dc 100644 --- a/lib/atca_iface.h +++ b/lib/atca_iface.h @@ -51,6 +51,7 @@ typedef enum ATCA_UART_IFACE, ATCA_SPI_IFACE, ATCA_HID_IFACE, + ATCA_KIT_IFACE, ATCA_CUSTOM_IFACE, // additional physical interface types here ATCA_UNKNOWN_IFACE @@ -124,6 +125,13 @@ typedef struct uint32_t packetsize; // Size of the USB packet } atcahid; + struct + { + ATCAKitType dev_interface; // Target Bus Type + uint8_t dev_identity; // Target device identity + uint32_t flags; + } atcakit; + struct { ATCA_STATUS (*halinit)(void *hal, void *cfg); diff --git a/lib/atca_version.h b/lib/atca_version.h index 63d7425db..cb4fc3047 100644 --- a/lib/atca_version.h +++ b/lib/atca_version.h @@ -30,9 +30,9 @@ #define _ATCA_VERSION_H // Version format yyyymmdd -#define ATCA_LIBRARY_VERSION_DATE "20200912" +#define ATCA_LIBRARY_VERSION_DATE "20201017" #define ATCA_LIBRARY_VERSION_MAJOR 3 #define ATCA_LIBRARY_VERSION_MINOR 2 -#define ATCA_LIBRARY_VERSION_BUILD 3 +#define ATCA_LIBRARY_VERSION_BUILD 4 #endif /* _ATCA_VERSION_H */ diff --git a/lib/calib/README.md b/lib/calib/README.md index de532f644..0c4bdef55 100644 --- a/lib/calib/README.md +++ b/lib/calib/README.md @@ -13,3 +13,5 @@ can employ the full power of the CryptoAuthLib object model. See the Doxygen documentation in cryptoauthlib/docs for details on the API of the calib commands. + +@ingroup calib_ diff --git a/lib/crypto/README.md b/lib/crypto/README.md index c08959f31..27b1e2d7d 100644 --- a/lib/crypto/README.md +++ b/lib/crypto/README.md @@ -4,3 +4,4 @@ This directory contains software implementations of cryptographic functions. The functions at the base level are wrappers that will point to the final implementations of the software crypto functions. +@ingroup atcac_ diff --git a/lib/cryptoauthlib.h b/lib/cryptoauthlib.h index 2a5c6924f..b7eef0345 100644 --- a/lib/cryptoauthlib.h +++ b/lib/cryptoauthlib.h @@ -70,12 +70,6 @@ #define ATCA_TA_SUPPORT 0 #endif -#ifdef ATCA_BUILD_SHARED_LIBS -#define ATCA_DLL SHARED_LIB_EXPORT -#else -#define ATCA_DLL SHARED_LIB_IMPORT -#endif - #include "atca_status.h" #include "atca_debug.h" #include "atca_iface.h" diff --git a/lib/hal/README.md b/lib/hal/README.md index 0cd870938..882649b67 100644 --- a/lib/hal/README.md +++ b/lib/hal/README.md @@ -1,73 +1,73 @@ -HAL Directory - Purpose -=========================== -This directory contains all the Hardware Abstraction Layer (HAL) files used to -adapt the upper levels of atca-ng and abstractions to physical hardware. - -HAL contains physical implementations for I2C, SWI, SPI, UART and timers for -specific hardware platforms. - -**Include just those HAL files you require based on platform type.** - -CryptoAuthLib Supported HAL Layers -============================================= - -HAL Layers files are combined into groups. Initial group is generic files that are typically included in a project. -Files are then broken out by uController Family and or Operating System Interface. - - -| Protocol Files | Interface | Files | API | Notes | -|----------------|------------|------------------------------|-------------|------------------------------------| -|atca | | atca_hal.c/h | | For all projects | -|kit protocol | | kit_protocol.c/h | | For all Kit Protocol projects | -| | | kit_phy.h | | | - - -Microchip Harmony 3 for all PIC32 & ARM products - Use the Harmony 3 Configurator to generate and configure prjects --------------------------------------------- -Obtain library and configure using [Harmony 3](https://github.com/Microchip-MPLAB-Harmony/Microchip-MPLAB-Harmony.github.io/wiki) - -| Interface | Files | API | Notes | -|------------|------------------------------|-------------|-------------------------------------------------| -| I2C | hal_i2c_harmony.c | plib.h | For all Harmony 3 based projects | -| SPI | hal_spi_harmony.c | plib.h | | - -Microchip 8 & 16 bit products - AVR, PIC16/18, PIC24/DSPIC --------------------------------------------- -Obtain library and integration through [Microchip Code Configurator](https://www.microchip.com/mplab/mplab-code-configurator) - - -OS & RTOS integrations --------------------------------------------- -Use [CMake](https://cmake.org/download/) to configure the library in Linux, Windows, and MacOS environments - -| OS | Interface | Files | API | Notes | -|----------------|------------|----------------------------------|-------------|------------------------------------| -| Linux | I2C | hal_linux_i2c_userspace.c/h | i2c-dev | | -| Linux | SPI | hal_linux_spi_userspace.c/h | spidev | | -| Linux/Mac | | hal_linux.c | | For all Linux/Mac projects | -| Windows | | hal_windows.c | | For all Windows projects -| All | kit-hid | hal_all_platforms_kit_hidapi.c/h | hidapi | Works for Windows, Linux, and Mac | -| freeRTOS | | hal_freertos.c | | freeRTOS common routines | - - -Legacy Support - [Atmel START](https://www.microchip.com/start) for AVR, ARM based processesors (SAM) ---------------------------------------------- - -| Interface | Files | API | Notes | -|------------|------------------------------|-------------|------------------------------------| -| | hal_timer_start.c | START | Timer implementation | -| I2C | hal_i2c_start.c/h | START | | -| SWI | swi_uart_start.c/h | START | SWI using UART | - - -Legacy Support - ASF3 for ARM Cortex-m0 & Cortex-m based processors (SAM) ---------------------------------------------- - -|SAM Micros | Interface | Files | API | Notes | -|----------------|------------|------------------------------|-------------|------------------------------------| -| cortex-m0 | I2C | hal_sam0_i2c_asf.c/h | ASF3 | SAMD21, SAMB11, etc | -| cortex-m3/4/7 | I2C | hal_sam_i2c_asf.c/h | ASF3 | SAM4S, SAMG55, SAMV71, etc | -| all | | hal_sam_timer_asf.c | ASF3 | Common timer hal for all platforms | - - - +HAL Directory - Purpose +=========================== +This directory contains all the Hardware Abstraction Layer (HAL) files used to +adapt the upper levels of atca-ng and abstractions to physical hardware. + +HAL contains physical implementations for I2C, SWI, SPI, UART and timers for +specific hardware platforms. + +**Include just those HAL files you require based on platform type.** + +CryptoAuthLib Supported HAL Layers +============================================= + +HAL Layers files are combined into groups. Initial group is generic files that are typically included in a project. +Files are then broken out by uController Family and or Operating System Interface. + + +| Protocol Files | Interface | Files | API | Notes | +|----------------|------------|------------------------------|-------------|------------------------------------| +|atca | | atca_hal.c/h | | For all projects | +|kit protocol | | kit_protocol.c/h | | For all Kit Protocol projects | +| | | kit_phy.h | | | + + +Microchip Harmony 3 for all PIC32 & ARM products - Use the Harmony 3 Configurator to generate and configure prjects +-------------------------------------------- +Obtain library and configure using [Harmony 3](https://github.com/Microchip-MPLAB-Harmony/Microchip-MPLAB-Harmony.github.io/wiki) + +| Interface | Files | API | Notes | +|------------|------------------------------|-------------|-------------------------------------------------| +| I2C | hal_i2c_harmony.c | plib.h | For all Harmony 3 based projects | +| SPI | hal_spi_harmony.c | plib.h | | + +Microchip 8 & 16 bit products - AVR, PIC16/18, PIC24/DSPIC +-------------------------------------------- +Obtain library and integration through [Microchip Code Configurator](https://www.microchip.com/mplab/mplab-code-configurator) + + +OS & RTOS integrations +-------------------------------------------- +Use [CMake](https://cmake.org/download/) to configure the library in Linux, Windows, and MacOS environments + +| OS | Interface | Files | API | Notes | +|----------------|------------|----------------------------------|-------------|------------------------------------| +| Linux | I2C | hal_linux_i2c_userspace.c/h | i2c-dev | | +| Linux | SPI | hal_linux_spi_userspace.c/h | spidev | | +| Linux/Mac | | hal_linux.c | | For all Linux/Mac projects | +| Windows | | hal_windows.c | | For all Windows projects +| All | kit-hid | hal_all_platforms_kit_hidapi.c/h | hidapi | Works for Windows, Linux, and Mac | +| freeRTOS | | hal_freertos.c | | freeRTOS common routines | + + +Legacy Support - [Atmel START](https://www.microchip.com/start) for AVR, ARM based processesors (SAM) +--------------------------------------------- + +| Interface | Files | API | Notes | +|------------|------------------------------|-------------|------------------------------------| +| | hal_timer_start.c | START | Timer implementation | +| I2C | hal_i2c_start.c/h | START | | +| SWI | swi_uart_start.c/h | START | SWI using UART | + + +Legacy Support - ASF3 for ARM Cortex-m0 & Cortex-m based processors (SAM) +--------------------------------------------- + +|SAM Micros | Interface | Files | API | Notes | +|----------------|------------|------------------------------|-------------|------------------------------------| +| cortex-m0 | I2C | hal_sam0_i2c_asf.c/h | ASF3 | SAMD21, SAMB11, etc | +| cortex-m3/4/7 | I2C | hal_sam_i2c_asf.c/h | ASF3 | SAM4S, SAMG55, SAMV71, etc | +| all | | hal_sam_timer_asf.c | ASF3 | Common timer hal for all platforms | + + +@ingroup hal_ diff --git a/lib/hal/atca_hal.c b/lib/hal/atca_hal.c index 866767d7d..2fa18d06e 100644 --- a/lib/hal/atca_hal.c +++ b/lib/hal/atca_hal.c @@ -113,6 +113,19 @@ static ATCAHAL_t hal_hid = { }; #endif +#ifdef ATCA_HAL_KIT_BRIDGE +static ATCAHAL_t hal_kit_bridge = { + hal_kit_init, + hal_kit_post_init, + hal_kit_send, + hal_kit_receive, + hal_kit_wake, + hal_kit_idle, + hal_kit_sleep, + hal_kit_release +}; +#endif + #ifdef ATCA_HAL_CUSTOM static ATCAHAL_t hal_custom; #endif @@ -143,6 +156,11 @@ static ATCAHAL_t * atca_registered_hal_list[ATCA_UNKNOWN_IFACE] = { #else NULL, #endif +#ifdef ATCA_HAL_KIT_BRIDGE + &hal_kit_bridge, +#else + NULL, +#endif #ifdef ATCA_HAL_CUSTOM &hal_custom, #else diff --git a/lib/hal/atca_hal.h b/lib/hal/atca_hal.h index 0a0928512..85851d05f 100644 --- a/lib/hal/atca_hal.h +++ b/lib/hal/atca_hal.h @@ -67,6 +67,15 @@ typedef struct void *hal_data; // points to whatever the HAL implementation for this interface wants it to, HAL manages. } ATCAHAL_t; +typedef struct +{ + ATCA_STATUS (*send)(void* ctx, uint8_t* txdata, uint16_t txlen); /**< Must be a blocking send */ + ATCA_STATUS (*recv)(void* ctx, uint8_t* rxdata, uint16_t* rxlen); /**< Must be a blocking receive */ + void* (*packet_alloc)(size_t bytes); /**< Allocate a phy packet */ + void (*packet_free)(uint8_t* packet); /**< Free a phy packet */ + void* hal_data; /**< Physical layer context */ +} atca_hal_kit_phy_t; + #ifdef __cplusplus extern "C" { #endif @@ -154,6 +163,19 @@ ATCA_STATUS hal_kit_hid_discover_buses(int hid_buses[], int max_buses); ATCA_STATUS hal_kit_hid_discover_devices(int bus_num, ATCAIfaceCfg *cfg, int *found); #endif +#ifdef ATCA_HAL_KIT_BRIDGE +ATCA_STATUS hal_kit_init(void* hal, ATCAIfaceCfg* cfg); +ATCA_STATUS hal_kit_post_init(ATCAIface iface); +ATCA_STATUS hal_kit_send(ATCAIface iface, uint8_t word_address, uint8_t* txdata, int txlength); +ATCA_STATUS hal_kit_receive(ATCAIface iface, uint8_t word_address, uint8_t* rxdata, uint16_t* rxlength); +ATCA_STATUS hal_kit_wake(ATCAIface iface); +ATCA_STATUS hal_kit_idle(ATCAIface iface); +ATCA_STATUS hal_kit_sleep(ATCAIface iface); +ATCA_STATUS hal_kit_release(void* hal_data); +ATCA_STATUS hal_kit_discover_buses(int hid_buses[], int max_buses); +ATCA_STATUS hal_kit_discover_devices(int bus_num, ATCAIfaceCfg* cfg, int* found); +#endif + /* Polling defaults if not overwritten by the configuration */ #ifndef ATCA_POLLING_INIT_TIME_MSEC #define ATCA_POLLING_INIT_TIME_MSEC 1 diff --git a/lib/hal/hal_i2c_harmony.c b/lib/hal/hal_i2c_harmony.c index 00b17ee13..1d326b15d 100644 --- a/lib/hal/hal_i2c_harmony.c +++ b/lib/hal/hal_i2c_harmony.c @@ -77,7 +77,10 @@ ATCA_STATUS hal_i2c_discover_devices(int bus_num, ATCAIfaceCfg cfg[], int *found static ATCA_STATUS hal_i2c_wait(atca_plib_i2c_api_t* plib, uint32_t rate, uint16_t length) { ATCA_STATUS status = ATCA_SUCCESS; + + /* I2C Address, start & stop, R/W and ACK (11 bits) + packet size */ /* Maximum packet size is 1024 bytes (TA device) and 200 bytes (CA device) */ + length += 2; /* so assume rate can be sub 1kHz */ uint32_t timeout = (uint32_t)length * 9 * 1000; @@ -169,7 +172,7 @@ ATCA_STATUS hal_i2c_send(ATCAIface iface, uint8_t word_address, uint8_t *txdata, if (ATCA_SUCCESS == status) { status = ATCA_COMM_FAIL; - if (plib->write(cfg->atcai2c.slave_address>>1, txdata, txlength) == true) + if (plib->write(cfg->atcai2c.slave_address >> 1, txdata, txlength) == true) { /* Wait for the I2C transfer to complete */ status = hal_i2c_wait(plib, cfg->atcai2c.baud, txlength); @@ -235,7 +238,7 @@ ATCA_STATUS hal_i2c_receive(ATCAIface iface, uint8_t word_address, uint8_t *rxda #if ATCA_TA_SUPPORT /*Set read length.. Check for register reads or 1 byte reads*/ - if((word_address == ATCA_MAIN_PROCESSOR_RD_CSR) || (word_address == ATCA_FAST_CRYPTO_RD_FSR) + if ((word_address == ATCA_MAIN_PROCESSOR_RD_CSR) || (word_address == ATCA_FAST_CRYPTO_RD_FSR) || (rxdata_max_size == 1)) { read_length = 1; @@ -244,7 +247,7 @@ ATCA_STATUS hal_i2c_receive(ATCAIface iface, uint8_t word_address, uint8_t *rxda /* Read length bytes to know number of bytes to read */ status = ATCA_COMM_FAIL; - if (plib->read(cfg->atcai2c.slave_address>>1, rxdata, read_length) == true) + if (plib->read(cfg->atcai2c.slave_address >> 1, rxdata, read_length) == true) { /* Wait for the I2C transfer to complete */ if (ATCA_SUCCESS == (status = hal_i2c_wait(plib, cfg->atcai2c.baud, read_length))) @@ -293,7 +296,7 @@ ATCA_STATUS hal_i2c_receive(ATCAIface iface, uint8_t word_address, uint8_t *rxda /* Read given length bytes from device */ status = ATCA_COMM_FAIL; - if (plib->read(cfg->atcai2c.slave_address>>1, &rxdata[2], read_length - 2) == true) + if (plib->read(cfg->atcai2c.slave_address >> 1, &rxdata[2], read_length - 2) == true) { /* Wait for the I2C transfer to complete */ if (ATCA_SUCCESS == (status = hal_i2c_wait(plib, cfg->atcai2c.baud, read_length - 2))) @@ -365,7 +368,7 @@ ATCA_STATUS hal_i2c_wake(ATCAIface iface) atca_plib_i2c_api_t * plib; int retries; uint32_t bdrt; - uint8_t data[4] = {0}; + uint8_t data[4] = { 0 }; if (!cfg) { @@ -391,13 +394,13 @@ ATCA_STATUS hal_i2c_wake(ATCAIface iface) { /* Wait for the I2C bus to be ready */ /* Since the wait time is unknown, waiting for 30 bytes duration */ - if (ATCA_SUCCESS == (status = hal_i2c_wait(plib, cfg->atcai2c.baud, 30))) + if (ATCA_SUCCESS == (status = hal_i2c_wait(plib, 100000, 30))) { // Send the 00 address as the wake pulse; part will NACK, so don't check for status (void)plib->write(0x00, (uint8_t*)&data[0], 1); /* Wait for the I2C transfer to complete */ - status = hal_i2c_wait(plib, cfg->atcai2c.baud, 1); + status = hal_i2c_wait(plib, 100000, 1); } } @@ -409,10 +412,10 @@ ATCA_STATUS hal_i2c_wake(ATCAIface iface) status = ATCA_COMM_FAIL; while (retries-- > 0 && status == ATCA_COMM_FAIL) { - if (plib->read(cfg->atcai2c.slave_address>>1, (uint8_t*)&data[0], 4) == true) + if (plib->read(cfg->atcai2c.slave_address >> 1, (uint8_t*)&data[0], 4) == true) { /* Wait for the I2C transfer to complete */ - status = hal_i2c_wait(plib, cfg->atcai2c.baud, 4); + status = hal_i2c_wait(plib, 100000, 4); if (ATCA_SUCCESS == status) { @@ -474,7 +477,7 @@ ATCA_STATUS hal_i2c_idle(ATCAIface iface) if (ATCA_SUCCESS == status) { status = ATCA_COMM_FAIL; - if (plib->write(cfg->atcai2c.slave_address>>1, (uint8_t*)&data[0], 1) == true) + if (plib->write(cfg->atcai2c.slave_address >> 1, (uint8_t*)&data[0], 1) == true) { /* Wait for the I2C transfer to complete */ status = hal_i2c_wait(plib, cfg->atcai2c.baud, 1); @@ -525,7 +528,7 @@ ATCA_STATUS hal_i2c_sleep(ATCAIface iface) if (ATCA_SUCCESS == status) { status = ATCA_COMM_FAIL; - if (plib->write(cfg->atcai2c.slave_address>>1, (uint8_t*)&data[0], 1) == true) + if (plib->write(cfg->atcai2c.slave_address >> 1, (uint8_t*)&data[0], 1) == true) { /* Wait for the I2C transfer to complete */ status = hal_i2c_wait(plib, cfg->atcai2c.baud, 1); diff --git a/lib/hal/hal_kit_bridge.c b/lib/hal/hal_kit_bridge.c new file mode 100644 index 000000000..17c4dbe52 --- /dev/null +++ b/lib/hal/hal_kit_bridge.c @@ -0,0 +1,378 @@ +/** + * \file + * \brief Kit Bridging HAL for cryptoauthlib. This is not intended to be a zero + * copy driver. It should work with any interface that confirms to a few basic + * requirements: a) will accept an arbitrary number of bytes and packetize it if + * necessary for transmission, b) will block for the duration of the transmit. + * + * \copyright (c) 2015-2020 Microchip Technology Inc. and its subsidiaries. + * + * \page License + * + * Subject to your compliance with these terms, you may use Microchip software + * and any derivatives exclusively with Microchip products. It is your + * responsibility to comply with third party license terms applicable to your + * use of third party software (including open source software) that may + * accompany Microchip software. + * + * THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER + * EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED + * WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, + * SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE + * OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF + * MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE + * FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL + * LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED + * THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR + * THIS SOFTWARE. + */ + +#include "cryptoauthlib.h" +#include "atca_hal.h" +#include "hal_kit_bridge.h" + +/** \defgroup hal_ Hardware abstraction layer (hal_) + * + * \brief + * These methods define the hardware abstraction layer for communicating with a CryptoAuth device + * + @{ */ + +/** \brief Helper function that connects a physical layer context structure that will be used by the kit protocol bridge + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_attach_phy( + ATCAIfaceCfg* cfg, /**< [IN] Interface configuration structure */ + atca_hal_kit_phy_t* phy /**< [IN] Structure with physical layer interface functions and context */ + ) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if (cfg && phy) + { + cfg->cfg_data = phy; + status = ATCA_SUCCESS; + } + return status; +} + +#ifdef ATCA_HAL_KIT_DONT_CHECK_PHY +#define hal_kit_phy_send(phy, txdata, txlen) phy->send(phy->hal_data, txdata, txlen) +#define hal_kit_phy_recv(phy, rxdata, rxlen) phy->recv(phy->hal_data, rxdata, rxlen) +#define hal_kit_phy_packet_alloc(phy, length) phy->packet_alloc(length) +#define hal_kit_phy_packet_free(phy, packet) phy->packet_free(packet) +#else +/** \brief Helper function that sends data using the atca_hal_kit_phy_t structure + */ +static ATCA_STATUS hal_kit_phy_send(atca_hal_kit_phy_t* phy, uint8_t * txdata, uint16_t txlen) +{ + return (phy && phy->send) ? phy->send(phy->hal_data, txdata, txlen) : ATCA_BAD_PARAM; +} + + +/** \brief Helper function that receives data using the atca_hal_kit_phy_t structure + */ +static ATCA_STATUS hal_kit_phy_recv(atca_hal_kit_phy_t* phy, uint8_t* rxdata, uint16_t* rxlen) +{ + return (phy && phy->recv) ? phy->recv(phy->hal_data, rxdata, rxlen) : ATCA_BAD_PARAM; +} + + +/** \brief Helper function that allocates a packet using the atca_hal_kit_phy_t structure + */ +static uint8_t* hal_kit_phy_packet_alloc(atca_hal_kit_phy_t* phy, uint16_t length) +{ + return (phy && phy->packet_alloc) ? phy->packet_alloc(length) : NULL; +} + + +/** \brief Helper function that releases a packet using the atca_hal_kit_phy_t structure + */ +static void hal_kit_phy_packet_free(atca_hal_kit_phy_t* phy, uint8_t* packet) +{ + if (phy && phy->packet_free) + { + phy->packet_free(packet); + } +} +#endif + +/** \brief Request a list of busses from the kit host + */ +ATCA_STATUS hal_kit_discover_buses(int busses[], int max_buses) +{ + return ATCA_UNIMPLEMENTED; +} + +/** \brief discover any CryptoAuth devices on a given logical bus number + * \param[in] bus_num - logical bus number on which to look for CryptoAuth devices + * \param[out] cfg[] - pointer to head of an array of interface config structures which get filled in by this method + * \param[out] *found - number of devices found on this bus + */ +ATCA_STATUS hal_kit_discover_devices(int bus_num, ATCAIfaceCfg cfg[], int* found) +{ + return ATCA_UNIMPLEMENTED; +} + +/** \brief HAL implementation of Kit USB HID init + * \param[in] hal pointer to HAL specific data that is maintained by this HAL + * \param[in] cfg pointer to HAL specific configuration data that is used to initialize this HAL + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_init(void* hal, ATCAIfaceCfg* cfg) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + /* Perform rationality checks on the configuration structure */ + if (cfg && cfg->cfg_data) + { + atca_hal_kit_phy_t* phy = cfg->cfg_data; + /* Make sure all of the correct functions are attached */ + if (phy && phy->send && phy->recv && phy->packet_alloc && phy->packet_free) + { + status = ATCA_SUCCESS; + } + } + + return status; +} + +/** \brief HAL implementation of Kit HID post init + * \param[in] iface instance + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_post_init(ATCAIface iface) +{ + return ATCA_SUCCESS; +} + +/** \brief HAL implementation of kit protocol send over USB HID + * \param[in] iface instance + * \param[in] word_address determine device transaction type + * \param[in] txdata pointer to bytes to send + * \param[in] txlength number of bytes to send + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_send(ATCAIface iface, uint8_t word_address, uint8_t* txdata, int txlength) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if (iface && iface->mIfaceCFG && txdata && txlength) + { + atca_hal_kit_phy_t* phy = iface->mIfaceCFG->cfg_data; + + uint16_t packet_size = txlength + HAL_KIT_HEADER_LEN + 1; + uint8_t* packet = hal_kit_phy_packet_alloc(phy, packet_size); + + + if (packet) + { + packet[0] = 1; + packet[1] = HAL_KIT_COMMAND_SEND | (iface->mIfaceCFG->atcakit.dev_interface << 4); + packet[2] = iface->mIfaceCFG->atcakit.dev_identity; + packet[3] = word_address; + memcpy(&packet[4], &txdata[1], txlength); + + status = hal_kit_phy_send(phy, packet, txlength + HAL_KIT_HEADER_LEN + 1); + + if (ATCA_SUCCESS == status) + { + status = hal_kit_phy_recv(phy, packet, &packet_size); + } + + if (ATCA_SUCCESS == status) + { + status = packet[3]; + } + + hal_kit_phy_packet_free(phy, packet); + } + + } + return status; +} + +/** \brief HAL implementation of send over USB HID + * \param[in] iface instance + * \param[in] word_address determine device transaction type + * \param[in] rxdata pointer to space to receive the data + * \param[in,out] rxsize ptr to expected number of receive bytes to request + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_receive(ATCAIface iface, uint8_t word_address, uint8_t* rxdata, uint16_t* rxsize) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if (iface && iface->mIfaceCFG && rxdata && rxsize && *rxsize) + { + atca_hal_kit_phy_t* phy = iface->mIfaceCFG->cfg_data; + uint8_t* packet = hal_kit_phy_packet_alloc(phy, 1200); + uint16_t packet_size = 1200; + + if (packet) + { + packet[0] = 1; + packet[1] = HAL_KIT_COMMAND_RECV | (iface->mIfaceCFG->atcakit.dev_interface << 4); + packet[2] = iface->mIfaceCFG->atcakit.dev_identity; + packet[3] = word_address; + packet[4] = *rxsize & 0xFF; + packet[5] = (*rxsize >> 8) & 0xFF; + + status = hal_kit_phy_send(phy, packet, HAL_KIT_HEADER_LEN + 3); + + if (ATCA_SUCCESS == status) + { + status = hal_kit_phy_recv(phy, packet, &packet_size); + } + + if (ATCA_SUCCESS == status) + { + if (*rxsize < packet_size - HAL_KIT_HEADER_LEN - 1) + { + status = ATCA_SMALL_BUFFER; + } + else + { + *rxsize = packet_size - HAL_KIT_HEADER_LEN - 1; + } + + memcpy(rxdata, &packet[4], *rxsize); + } + + hal_kit_phy_packet_free(phy, packet); + } + } + return status; +} + +/** \brief Call the wake for kit protocol + * \param[in] iface ATCAIface instance that is the interface object to send the bytes over + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_wake(ATCAIface iface) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if (iface && iface->mIfaceCFG) + { + atca_hal_kit_phy_t* phy = iface->mIfaceCFG->cfg_data; + uint8_t* packet = hal_kit_phy_packet_alloc(phy, 10); + uint16_t packet_size = HAL_KIT_HEADER_LEN; + + if (packet) + { + packet[0] = 1; + packet[1] = HAL_KIT_COMMAND_WAKE | (iface->mIfaceCFG->atcakit.dev_interface << 4); + packet[2] = iface->mIfaceCFG->atcakit.dev_identity; + + status = hal_kit_phy_send(phy, packet, packet_size); + + if (ATCA_SUCCESS == status) + { + packet_size = HAL_KIT_HEADER_LEN + 1; + status = hal_kit_phy_recv(phy, packet, &packet_size); + } + + if (ATCA_SUCCESS == status) + { + status = packet[3]; + } + + hal_kit_phy_packet_free(phy, packet); + } + } + + return status; +} + +/** \brief Call the idle for kit protocol + * \param[in] iface ATCAIface instance that is the interface object to send the bytes over + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_idle(ATCAIface iface) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if (iface && iface->mIfaceCFG) + { + atca_hal_kit_phy_t* phy = iface->mIfaceCFG->cfg_data; + uint8_t* packet = hal_kit_phy_packet_alloc(phy, 10); + uint16_t packet_size = HAL_KIT_HEADER_LEN; + + if (packet) + { + packet[0] = 1; + packet[1] = HAL_KIT_COMMAND_IDLE | (iface->mIfaceCFG->atcakit.dev_interface << 4); + packet[2] = iface->mIfaceCFG->atcakit.dev_identity; + + status = hal_kit_phy_send(phy, packet, packet_size); + + if (ATCA_SUCCESS == status) + { + packet_size = HAL_KIT_HEADER_LEN + 1; + status = hal_kit_phy_recv(phy, packet, &packet_size); + } + + if (ATCA_SUCCESS == status) + { + status = packet[3]; + } + + hal_kit_phy_packet_free(phy, packet); + } + } + + return status; +} + +/** \brief Call the sleep for kit protocol + * \param[in] iface ATCAIface instance that is the interface object to send the bytes over + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_sleep(ATCAIface iface) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if (iface && iface->mIfaceCFG) + { + atca_hal_kit_phy_t* phy = iface->mIfaceCFG->cfg_data; + uint8_t* packet = hal_kit_phy_packet_alloc(phy, 10); + uint16_t packet_size = HAL_KIT_HEADER_LEN; + + if (packet) + { + packet[0] = 1; + packet[1] = HAL_KIT_COMMAND_SLEEP | (iface->mIfaceCFG->atcakit.dev_interface << 4); + packet[2] = iface->mIfaceCFG->atcakit.dev_identity; + + status = hal_kit_phy_send(phy, packet, packet_size); + + if (ATCA_SUCCESS == status) + { + packet_size = HAL_KIT_HEADER_LEN + 1; + status = hal_kit_phy_recv(phy, packet, &packet_size); + } + + if (ATCA_SUCCESS == status) + { + status = packet[3]; + } + + hal_kit_phy_packet_free(phy, packet); + } + } + + return status; +} + +/** \brief Close the physical port for HID + * \param[in] hal_data The hardware abstraction data specific to this HAL + * \return ATCA_STATUS + */ +ATCA_STATUS hal_kit_release(void* hal_data) +{ + return ATCA_SUCCESS; +} + +/** @} */ diff --git a/lib/hal/hal_kit_bridge.h b/lib/hal/hal_kit_bridge.h new file mode 100644 index 000000000..8ade8f86c --- /dev/null +++ b/lib/hal/hal_kit_bridge.h @@ -0,0 +1,62 @@ +/** + * \file + * \brief Kit Bridging HAL for cryptoauthlib. This is not intended to be a zero + * copy driver. It should work with any interface that confirms to a few basic + * requirements: a) will accept an arbitrary number of bytes and packetize it if + * necessary for transmission, b) will block for the duration of the transmit. + * + * \copyright (c) 2015-2020 Microchip Technology Inc. and its subsidiaries. + * + * \page License + * + * Subject to your compliance with these terms, you may use Microchip software + * and any derivatives exclusively with Microchip products. It is your + * responsibility to comply with third party license terms applicable to your + * use of third party software (including open source software) that may + * accompany Microchip software. + * + * THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER + * EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED + * WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, + * SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE + * OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF + * MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE + * FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL + * LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED + * THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR + * THIS SOFTWARE. + */ + +#ifndef HAL_KIT_BRIDGE_H +#define HAL_KIT_BRIDGE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define HAL_KIT_COMMAND_SEND 0x01 +#define HAL_KIT_COMMAND_RECV 0x02 +#define HAL_KIT_COMMAND_WAKE 0x03 +#define HAL_KIT_COMMAND_IDLE 0x04 +#define HAL_KIT_COMMAND_SLEEP 0x05 + +#define HAL_KIT_HEADER_LEN (3) + +/* Kit Protocol Header defintion + * Byte Bits Definition + * ---- ---- ----------------- + * 0 0..4 Protocol Version + * 0 5..8 Protocol Options + * 1 0..4 Kit Command + * 1 5..8 Interface Type + * 2 Device Identity + */ + +ATCA_STATUS hal_kit_attach_phy(ATCAIfaceCfg* cfg, atca_hal_kit_phy_t* phy); + +#ifdef __cplusplus +} +#endif + +#endif /* HAL_KIT_BRIDGE_H */ diff --git a/lib/mbedtls/README.md b/lib/mbedtls/README.md index 00aac375b..1374b08f9 100644 --- a/lib/mbedtls/README.md +++ b/lib/mbedtls/README.md @@ -4,3 +4,4 @@ This directory contains the interfacing and wrapper functions to integrate mbedtls as the software crypto library as well as provide eliptic curve cryptography (ECC) hardware acceleration. +@ingroup atca_mbedtls_ diff --git a/module.xml b/module.xml index f7546240c..2d7f39122 100644 --- a/module.xml +++ b/module.xml @@ -1,4 +1,4 @@ - + diff --git a/package.xml b/package.xml index ecb8222c3..03f504e16 100644 --- a/package.xml +++ b/package.xml @@ -1,6 +1,6 @@ - + diff --git a/release_notes.md b/release_notes.md index 78e976f4f..de597d04f 100644 --- a/release_notes.md +++ b/release_notes.md @@ -1,6 +1,23 @@ # Microchip Cryptoauthlib Release Notes +## Release v3.2.4 (10/17/2020) + +### New features + - Additional TA100 command support (requires NDA, consult with your FAE or + submit a request through your myMicrochip account) + - Library build and install on linux now also installs the headers that + were used to build the library including all configuration files like + atca_config.h - customer applications building against the library will + need to add the include/cryptoauthlib to their include search paths + +### Fixes + - Fixed errors produced when -fno-common was used during build of the library + by resolving the variable declaration and exporting macros (tested with + static/dynamic linkage on linux & windows platforms) + - Added a timeout during i2c plib commands in the Harmony3 hals to prevent + system lockups from failed peripheral transfers that don't return errors. + ## Release v3.2.3 (09/12/2020) ### New features diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index e4690d969..e1dbf8b1e 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -49,6 +49,9 @@ if(UNIX) target_link_libraries(cryptoauth_test pthread) endif() +if(ATCA_BUILD_SHARED_LIBS) +target_compile_definitions(cryptoauth_test PUBLIC -DATCA_BUILD_SHARED_LIBS) +endif(ATCA_BUILD_SHARED_LIBS) if(ATCA_TEST_LOCK_ENABLE) target_compile_definitions(cryptoauth_test PUBLIC -DATCA_TEST_LOCK_ENABLE) diff --git a/test/api_talib/test_talib_config.c b/test/api_talib/test_talib_config.c index 59d5d81d4..c5c2662ef 100644 --- a/test/api_talib/test_talib_config.c +++ b/test/api_talib/test_talib_config.c @@ -40,12 +40,19 @@ const uint8_t test_ta100_configdata[TA_CONFIG_SIZE] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; -static ta_element_attributes_t attr_rw_data = { 3, 72, 0, 0, 0, 0x54, 4 }; +const char test_template_text[] = "CAL Sign Internal Test"; +uint8_t test_template_tlv[] = { 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x02, 0x81, 0x01, 0x05, 0x06, + 0x07, 0x01, 0x01, 0x08, 0x01, 0x01 }; + +static ta_element_attributes_t attr_rw_data = { 3, 72, 0, 0, 0, 0x55, 4 }; +static ta_element_attributes_t attr_template_data = { 3, 4135, 0, 0, 0, 0x11, 0 }; static ta_element_attributes_t attr_ecc_private = { 1, 0x1700, 0, 0, 0, 0x01, 0 }; static ta_element_attributes_t attr_ecc_public = { 0, 0x00, 0, 0, 0, 0x55, 4 }; static ta_element_attributes_t attr_hmac_key = { 0x42, 0x0600, 0, 0, 0, 0x55, 8 }; static ta_element_attributes_t attr_aes_key = { 0x62, 0x0600, 0, 0, 0, 0x55, 8 }; -static ta_element_attributes_t attr_ecc_root_public = { 0, 0x06FF, 0, 0, 0, 0x55, 4 }; +static ta_element_attributes_t attr_ecc_root_public = { 0, 0x07FF, 0, 0, 0, 0x55, 4 }; uint8_t auth_hmac_key[] = { 0xa2, 0x26, 0xe1, 0x65, 0x69, 0x01, 0x80, 0xeb, 0x1a, 0x0c, 0x9c, 0x5b, 0x64, 0x5e, 0x42, 0x02, 0xfa, 0x2f, 0x4f, 0xfd, 0x68, 0x75 }; @@ -53,17 +60,18 @@ uint8_t auth_hmac_key[] = { 0xa2, 0x26, 0xe1, 0x65, 0x69, 0x01, 0x80, 0xeb, 0x1a static device_object_meta_t talib_config_object_data[] = { - { TEST_TYPE_ECC_SIGN, 0x8102, &attr_ecc_private }, - { TEST_TYPE_ECC_VERIFY, 0x8103, &attr_ecc_public }, - { TEST_TYPE_ECC_GENKEY, TA_HANDLE_VOLATILE_REGISTER0, &attr_ecc_private }, - { TEST_TYPE_ECDH, TA_HANDLE_VOLATILE_REGISTER1, &attr_ecc_private }, - { TEST_TYPE_AES, 0x8106, &attr_aes_key }, - { TEST_TYPE_HMAC, 0x8105, &attr_hmac_key }, - { TEST_TYPE_AUTH_HMAC, 0xAB1D, &attr_hmac_key }, - { TEST_TYPE_AUTH_GCM, 0xAAD1, &attr_aes_key }, - { TEST_TYPE_AUTH_CMAC, 0x9492, &attr_aes_key }, - { TEST_TYPE_DATA, 0x8101, &attr_rw_data }, - { TEST_TYPE_ECC_ROOT_KEY, 0x8107, &attr_ecc_root_public }, + { TEST_TYPE_ECC_SIGN, 0x8102, &attr_ecc_private }, + { TEST_TYPE_ECC_VERIFY, 0x8103, &attr_ecc_public }, + { TEST_TYPE_ECC_GENKEY, TA_HANDLE_VOLATILE_REGISTER0, &attr_ecc_private }, + { TEST_TYPE_ECDH, TA_HANDLE_VOLATILE_REGISTER1, &attr_ecc_private }, + { TEST_TYPE_AES, 0x8106, &attr_aes_key }, + { TEST_TYPE_HMAC, 0x8105, &attr_hmac_key }, + { TEST_TYPE_AUTH_HMAC, 0xAB1D, &attr_hmac_key }, + { TEST_TYPE_AUTH_GCM, 0xAAD1, &attr_aes_key }, + { TEST_TYPE_AUTH_CMAC, 0x9492, &attr_aes_key }, + { TEST_TYPE_DATA, 0x8101, &attr_rw_data }, + { TEST_TYPE_ECC_ROOT_KEY, 0x8107, &attr_ecc_root_public }, + { TEST_TYPE_TEMPLATE_DATA, 0X8108, &attr_template_data }, { 0, 0, NULL } }; @@ -198,6 +206,29 @@ int talib_configure_device(int argc, char* argv[]) } } + else if (TEST_TYPE_TEMPLATE_DATA == create_ptr->test_type) + { + bool is_locked = false; + status = talib_is_setup_locked(atcab_get_device(), &is_locked); + + if (is_locked) + { + printf("Template Handle 0x%04x Create Failed, setup must be unlocked \r\n", create_ptr->handle); + } + else + { + status = talib_create_element_with_handle(atcab_get_device(), create_ptr->handle, attr_ptr); + + if (ATCA_SUCCESS == status) + { + // copy the template text into template tlv + memcpy(&test_template_tlv[2], test_template_text, strlen(test_template_text)); + status = talib_write_element(atcab_get_device(), create_ptr->handle, sizeof(test_template_tlv), + test_template_tlv); + } + } + } + else { status = talib_create_element_with_handle(atcab_get_device(), create_ptr->handle, attr_ptr); @@ -233,6 +264,7 @@ extern t_test_case_info* talib_managecert_tests[]; extern t_test_case_info* talib_power_tests[]; extern t_test_case_info* talib_random_tests[]; extern t_test_case_info* talib_rsa_enc_tests[]; +extern t_test_case_info* talib_secureboot_tests[]; extern t_test_case_info* talib_selftest_tests[]; extern t_test_case_info* talib_sha_tests[]; extern t_test_case_info* talib_sign_tests[]; @@ -260,6 +292,7 @@ void run_all_talib_tests(void) RunAllTests(talib_sign_tests); RunAllTests(talib_verify_tests); RunAllTests(talib_write_tests); + RunAllTests(talib_secureboot_tests); } int run_talib_tests(int argc, char* argv[]) diff --git a/test/api_talib/test_talib_genkey.c b/test/api_talib/test_talib_genkey.c index 6d659557d..eaaa3ef66 100644 --- a/test/api_talib/test_talib_genkey.c +++ b/test/api_talib/test_talib_genkey.c @@ -31,7 +31,7 @@ #if ATCA_TA_SUPPORT /** \brief Execute key gen command to generate symmetric key to do aes encrypt and decrypt. - */ + */ TEST(atca_cmd_basic_test, genkey_symmetric_key) { ATCA_STATUS status; @@ -42,13 +42,10 @@ TEST(atca_cmd_basic_test, genkey_symmetric_key) uint8_t cipher_text[ATCA_AES128_BLOCK_SIZE]; uint8_t plain_text_out[ATCA_AES128_BLOCK_SIZE]; - // Skip test if setup isn't locked - test_assert_data_is_locked(); - status = talib_handle_init_symmetric_key(&attr_aes_handle, TA_KEY_TYPE_AES128, TA_PROP_SYMM_KEY_USAGE_ANY); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_create_hmac_element_with_handle(atcab_get_device(), TA_KEY_TYPE_AES128_SIZE, aes_handle, + status = talib_create_hmac_element_with_handle(atcab_get_device(), TA_KEY_TYPE_AES128_SIZE, aes_handle, &attr_aes_handle); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -67,7 +64,7 @@ TEST(atca_cmd_basic_test, genkey_symmetric_key) } /** \brief Execute key gen command to generate RSA2048 key. - */ + */ TEST(atca_cmd_basic_test, genkey_rsa_key) { ATCA_STATUS status; @@ -77,7 +74,7 @@ TEST(atca_cmd_basic_test, genkey_rsa_key) size_t pub_key_len = sizeof(pub_key); uint8_t frag[4] = { 0x44, 0x44, 0x44, 0x44 }; - status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_RSA2048, TA_ALG_MODE_RSA_SSA_PSS, + status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_RSA2048, TA_ALG_MODE_RSA_SSA_PSS, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_KEY_AGREEMENT_OUT_BUFF); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -96,7 +93,7 @@ TEST(atca_cmd_basic_test, genkey_rsa_key) } /** \brief Execute key gen command to generate ECCP224 key. - */ + */ TEST(atca_cmd_basic_test, genkey_p224_key) { ATCA_STATUS status; @@ -106,7 +103,7 @@ TEST(atca_cmd_basic_test, genkey_p224_key) size_t pub_key_len = sizeof(pub_key); uint8_t frag[4] = { 0x44, 0x44, 0x44, 0x44 }; - status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP224, TA_ALG_MODE_ECC_ECDSA, + status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP224, TA_ALG_MODE_ECC_ECDSA, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_NO_KEY_AGREEMENT); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -125,7 +122,7 @@ TEST(atca_cmd_basic_test, genkey_p224_key) } /** \brief Execute key gen command to generate ECCP384 key. - */ + */ TEST(atca_cmd_basic_test, genkey_p384_key) { ATCA_STATUS status; @@ -135,7 +132,7 @@ TEST(atca_cmd_basic_test, genkey_p384_key) size_t pub_key_len = sizeof(pub_key); uint8_t frag[4] = { 0x44, 0x44, 0x44, 0x44 }; - status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP384, TA_ALG_MODE_ECC_ECDSA, + status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP384, TA_ALG_MODE_ECC_ECDSA, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_NO_KEY_AGREEMENT); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -164,7 +161,7 @@ TEST(atca_cmd_basic_test, get_p224_pubkey) uint8_t frag[4] = { 0x44, 0x44, 0x44, 0x44 }; size_t pub_key_len = sizeof(pub_key); - status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP224, TA_ALG_MODE_ECC_ECDSA, + status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP224, TA_ALG_MODE_ECC_ECDSA, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_NO_KEY_AGREEMENT); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); diff --git a/test/api_talib/test_talib_info.c b/test/api_talib/test_talib_info.c index c9524d5fa..682158651 100644 --- a/test/api_talib/test_talib_info.c +++ b/test/api_talib/test_talib_info.c @@ -53,7 +53,7 @@ TEST(atca_cmd_basic_test, info_sernum) } /** \brief This test case gives how much non volatile memory is remaining - */ + */ TEST(atca_cmd_basic_test, info_nv_remain) { ATCA_STATUS status; @@ -86,7 +86,7 @@ TEST(atca_cmd_basic_test, info_chip_status) } /** \brief This test case check whether the given volatile register id is created or not (valid or not) - */ + */ TEST(atca_cmd_basic_test, info_volreg_status) { ATCA_STATUS status; @@ -98,8 +98,8 @@ TEST(atca_cmd_basic_test, info_volreg_status) status = talib_handle_init_symmetric_key(&attr_aes_handle, TA_KEY_TYPE_AES128, TA_PROP_SYMM_KEY_USAGE_ANY); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_create_hmac_element_with_handle(atcab_get_device(), TA_KEY_TYPE_AES128_SIZE, aes_handle, - &attr_aes_handle); + status = talib_create_hmac_element_with_handle(atcab_get_device(), TA_KEY_TYPE_AES128_SIZE, aes_handle, + &attr_aes_handle); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); //Get the last byte of volatile register id @@ -159,7 +159,7 @@ TEST(atca_cmd_basic_test, info_handle_size) TEST(atca_cmd_basic_test, info_handle_attributes) { ATCA_STATUS status; - ta_element_attributes_t rw_data_attr = { 3, 72, 0, 0, 0, 0x54, 0 }; + ta_element_attributes_t rw_data_attr = { 3, 72, 0, 0, 0, 0x55, 0 }; uint8_t handle_info[TA_HANDLE_INFO_SIZE]; uint16_t handle; diff --git a/test/api_talib/test_talib_secureboot.c b/test/api_talib/test_talib_secureboot.c new file mode 100644 index 000000000..32819c2ff --- /dev/null +++ b/test/api_talib/test_talib_secureboot.c @@ -0,0 +1,287 @@ + +#include "atca_config.h" +#include "cryptoauthlib.h" +#include "atca_test.h" + +#if ATCA_TA_SUPPORT + +const uint8_t ta_sboot_dummy_image[] = +{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + +static const uint8_t sboot_digest[] = +{ 0xFE, 0x10, 0x74, 0xAA, 0xEC, 0x4C, 0x28, 0x72, 0x7C, 0xDC, 0x58, 0x20, 0xB2, 0xED, 0xFB, 0x3B, + 0xFF, 0xBF, 0xC4, 0x1C, 0xC4, 0x7B, 0x0E, 0xE5, 0x87, 0xC3, 0x8A, 0xBA, 0x2A, 0x49, 0x54, 0xED, }; + +static const uint8_t sboot_signature[] = +{ 0x4E, 0xEF, 0xCE, 0x5E, 0x90, 0xDC, 0x04, 0xE8, 0xAA, 0x7A, 0x6A, 0x3D, 0xC2, 0xED, 0xA6, 0xE8, + 0x8F, 0x6B, 0xA8, 0x6A, 0x47, 0xB4, 0x64, 0x30, 0x9D, 0x53, 0x82, 0xA8, 0x79, 0xB0, 0x15, 0xD8, + 0xE9, 0x23, 0x2D, 0xE3, 0x7E, 0xF2, 0x44, 0x48, 0xA2, 0x16, 0xED, 0xC4, 0x14, 0xBA, 0x1C, 0x88, + 0xF4, 0x0E, 0x6A, 0xB3, 0x2F, 0xA6, 0xA7, 0xCD, 0x3E, 0x36, 0x89, 0x83, 0xEF, 0xC3, 0x2E, 0x68, }; + +/** \brief Execute Secureboot preset phase to allocate memory to store digest in vega + * NOTE: This should run before config lock only + */ +TEST(atca_cmd_basic_test, sboot_preset) +{ + ATCA_STATUS status; + bool is_preboot_enabled = false; + + // Skip if config zone is locked + test_assert_config_is_unlocked(); + + // Preboot + if ((test_ta100_configdata[33] & TA_SECUREBOOT_CONFIG_PREBOOT_ENABLE_MASK) + == TA_SECUREBOOT_CONFIG_PREBOOT_ENABLE_MASK) + { + is_preboot_enabled = true; + status = talib_secureboot_preboot_preset(atcab_get_device(), NULL); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + } + // Full store + if ((test_ta100_configdata[32] & TA_SECUREBOOT_CONFIG_MODE_MASK) + == TA_SECUREBOOT_CONFIG_FULL_STORE_MODE) + { + status = talib_secureboot_fullstore_preset(atcab_get_device(), NULL); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + } + // Partial + else if ((test_ta100_configdata[32] & TA_SECUREBOOT_CONFIG_MODE_MASK) + == TA_SECUREBOOT_CONFIG_PARTIAL_MODE) + { + status = talib_secureboot_partial_preset(atcab_get_device()); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + } + else + { + if (!is_preboot_enabled) + { + TEST_IGNORE_MESSAGE("Ignoring the test, Secureboot is not configured"); + } + } +} + +/** \brief Execute Preboot update and boot phase. Secureboot image signature + * verified and store the digest into vega secureboot handle. + * This test case run only when Preboot is enabled in sboot config + */ +TEST(atca_cmd_basic_test, sboot_preboot) +{ + ATCA_STATUS status; + uint16_t public_key_id; + bool is_validated; + + // skip if config is not locked + test_assert_config_is_locked(); + + // skip if setup is not locked + test_assert_data_is_locked(); + + // check secureboot preboot mode is enabled + check_config_ta_sboot_preboot_enable(); + + // Get secureboot public key handle + status = atca_test_config_get_id(TEST_TYPE_ECC_ROOT_KEY, &public_key_id); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Secureboot preboot update phase + status = talib_secureboot_preboot_update(atcab_get_device(), TA_HANDLE_INPUT_BUFFER, + public_key_id, sboot_digest, sboot_signature, + TA_SIGN_P256_SIG_SIZE, &is_validated); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT(is_validated); + + + + + is_validated = false; + // Secureboot preboot boot phase + status = talib_secureboot_preboot_boot(atcab_get_device(), TA_HANDLE_INPUT_BUFFER, + sboot_digest, &is_validated); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT(is_validated); +} + +/** \brief Execute secureboot command in full asymmetric mode + */ +TEST(atca_cmd_basic_test, sboot_full_asymmetric) +{ + ATCA_STATUS status; + uint16_t public_key_id; + bool is_validated = false; + + // skip if config is not locked + test_assert_config_is_locked(); + + // skip if setup is not locked + test_assert_data_is_locked(); + + // check FULL asymmetric mode is enabled in secureboot configuration + check_config_ta_sboot_enable(TA_SECUREBOOT_CONFIG_FULL_ASYMM_MODE); + + // Get secureboot public key handle + status = atca_test_config_get_id(TEST_TYPE_ECC_ROOT_KEY, &public_key_id); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Secure boot full asymmetric + status = talib_secureboot_full_asymmetric(atcab_get_device(), TA_HANDLE_INPUT_BUFFER, + public_key_id, sboot_digest, sboot_signature, + TA_SIGN_P256_SIG_SIZE, &is_validated); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT(is_validated); +} + +/** \brief Execute Full store update and boot phase. Secureboot image signature + * verified and store the digest into vega secureboot handle. + * This test case run only when full store mode is enabled in sboot config + */ +TEST(atca_cmd_basic_test, sboot_fullstore) +{ + ATCA_STATUS status; + uint16_t public_key_id; + bool is_validated; + + // skip if config is not locked + test_assert_config_is_locked(); + + // skip if setup is not locked + test_assert_data_is_locked(); + + // Check Full store is enabled in secureboot configuration + check_config_ta_sboot_enable(TA_SECUREBOOT_CONFIG_FULL_STORE_MODE); + + + // Get secureboot public key handle + status = atca_test_config_get_id(TEST_TYPE_ECC_ROOT_KEY, &public_key_id); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Secureboot full store update phase + status = talib_secureboot_fullstore_update(atcab_get_device(), TA_HANDLE_INPUT_BUFFER, + public_key_id, sboot_digest, sboot_signature, + TA_SIGN_P256_SIG_SIZE, &is_validated); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT(is_validated); + + + + + + is_validated = false; + // Secureboot full store boot phase + status = talib_secureboot_fullstore_boot(atcab_get_device(), TA_HANDLE_INPUT_BUFFER, + sboot_digest, &is_validated); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT(is_validated); + +} + +/** \brief Execute partial code, final and complete phase to verify the secureboot image signature + * Once signature is verified, the digest will be stored in vega. + * this test can be run only when partial mode is enabled in sboot config + * NOTE: here secureboot code image size is 256 bytes. So portion_count should be one + */ +TEST(atca_cmd_basic_test, sboot_partial) +{ + ATCA_STATUS status; + uint16_t public_key_id; + uint8_t digest[TA_SHA256_DIGEST_SIZE]; + int32_t code_size = sizeof(ta_sboot_dummy_image); + uint16_t index = 0; + bool is_validated; + uint32_t begin; + uint32_t end; + + // skip if config is not locked + test_assert_config_is_locked(); + + // skip if setup is not locked + test_assert_data_is_locked(); + + // Check Full store is enabled in secureboot configuration + check_config_ta_sboot_enable(TA_SECUREBOOT_CONFIG_PARTIAL_MODE); + + // secureboot partial setup phase + status = talib_secureboot_partial_setup(atcab_get_device(), (uint32_t)code_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // secureboot partial code phase + while (code_size > TA_SECUREBOOT_PARTIAL_CODE_SIZE_MAX) + { + status = talib_secureboot_partial_code(atcab_get_device(), &ta_sboot_dummy_image[index]); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + index += TA_SECUREBOOT_PARTIAL_CODE_SIZE_MAX; + code_size -= TA_SECUREBOOT_PARTIAL_CODE_SIZE_MAX; + } + + // secureboot partial final phase + status = talib_secureboot_partial_final(atcab_get_device(), &ta_sboot_dummy_image[index], + (size_t)code_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Get secureboot public key handle + status = atca_test_config_get_id(TEST_TYPE_ECC_ROOT_KEY, &public_key_id); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // secureboot partial complete phase - verify signature + status = talib_secureboot_partial_complete(atcab_get_device(), public_key_id, sboot_signature, + TA_SIGN_P256_SIG_SIZE, &is_validated); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT(is_validated); + + + + + + + // get begin and end address + status = talib_secureboot_partial_address(atcab_get_device(), &begin, &end); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // compute digest + status = talib_sha(atcab_get_device(), (end - begin) + 1, &ta_sboot_dummy_image[begin], digest); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // secureboot partial boot phase + is_validated = false; + status = talib_secureboot_partial_boot(atcab_get_device(), TA_HANDLE_INPUT_BUFFER, + digest, &is_validated); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT(is_validated); +} + +// *INDENT-OFF* - Preserve formatting +t_test_case_info talib_secureboot_info[] = +{ + /* Dafault configuration enables pre boot and full store secureboot config mode only */ + { REGISTER_TEST_CASE(atca_cmd_basic_test, sboot_preset), DEVICE_MASK(TA100) }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, sboot_preboot), DEVICE_MASK(TA100) }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, sboot_full_asymmetric), DEVICE_MASK(TA100) }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, sboot_fullstore), DEVICE_MASK(TA100) }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, sboot_partial), DEVICE_MASK(TA100) }, + /* Array Termination element*/ + { (fp_test_case)NULL, (uint8_t)0 }, +}; +// *INDENT-ON* + +t_test_case_info* talib_secureboot_tests[] = { + talib_secureboot_info, + /* Array Termination element*/ + (t_test_case_info*)NULL +}; + +#endif \ No newline at end of file diff --git a/test/api_talib/test_talib_sign.c b/test/api_talib/test_talib_sign.c index b235895c2..394aec318 100644 --- a/test/api_talib/test_talib_sign.c +++ b/test/api_talib/test_talib_sign.c @@ -31,7 +31,7 @@ #if ATCA_TA_SUPPORT /** \brief Execute sign operation using RSA2048 key type and verify it with same. - */ + */ TEST(atca_cmd_basic_test, rsa_key_sign_extern) { ATCA_STATUS status; @@ -44,27 +44,27 @@ TEST(atca_cmd_basic_test, rsa_key_sign_extern) uint16_t sign_size = sizeof(signature); bool is_verified = false; - status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_RSA2048, TA_ALG_MODE_RSA_SSA_PSS, + status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_RSA2048, TA_ALG_MODE_RSA_SSA_PSS, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_KEY_AGREEMENT_OUT_BUFF); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); status = talib_create_element(atcab_get_device(), &attr_priv_key_handle, &private_key_handle); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY, (uint32_t)private_key_handle, + status = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY, (uint32_t)private_key_handle, pub_key, &pub_key_len); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); status = atcab_random(message); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_sign_external(atcab_get_device(), TA_KEY_TYPE_RSA2048, private_key_handle, - TA_HANDLE_INPUT_BUFFER, message, (uint16_t)sizeof(message), signature, + status = talib_sign_external(atcab_get_device(), TA_KEY_TYPE_RSA2048, private_key_handle, + TA_HANDLE_INPUT_BUFFER, message, (uint16_t)sizeof(message), signature, &sign_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_verify(atcab_get_device(), TA_KEY_TYPE_RSA2048, TA_HANDLE_INPUT_BUFFER, TA_HANDLE_INPUT_BUFFER, - signature, sign_size, message, TA_VERIFY_OTHER_KEY_TYPE_MSG_SIZE, + status = talib_verify(atcab_get_device(), TA_KEY_TYPE_RSA2048, TA_HANDLE_INPUT_BUFFER, TA_HANDLE_INPUT_BUFFER, + signature, sign_size, message, TA_VERIFY_OTHER_KEY_TYPE_MSG_SIZE, pub_key, TA_KEY_TYPE_RSA2048_SIZE, &is_verified); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); TEST_ASSERT(is_verified); @@ -74,7 +74,7 @@ TEST(atca_cmd_basic_test, rsa_key_sign_extern) } /** \brief Execute sign operation using ECCP224 key type and verify it with same. - */ + */ TEST(atca_cmd_basic_test, p224_key_sign_extern) { ATCA_STATUS status; @@ -88,26 +88,26 @@ TEST(atca_cmd_basic_test, p224_key_sign_extern) uint16_t sign_size = sizeof(signature); bool is_verified = false; - status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP224, TA_ALG_MODE_ECC_ECDSA, + status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP224, TA_ALG_MODE_ECC_ECDSA, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_NO_KEY_AGREEMENT); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); status = talib_create_element(atcab_get_device(), &attr_priv_key_handle, &private_key_handle); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY, (uint32_t)private_key_handle, + status = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY, (uint32_t)private_key_handle, pub_key, &pub_key_len); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); status = talib_random(atcab_get_device(), NULL, message, message_len); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_sign_external(atcab_get_device(), TA_KEY_TYPE_ECCP224, private_key_handle, - TA_HANDLE_INPUT_BUFFER, message, (uint16_t)sizeof(message), signature, + status = talib_sign_external(atcab_get_device(), TA_KEY_TYPE_ECCP224, private_key_handle, + TA_HANDLE_INPUT_BUFFER, message, (uint16_t)sizeof(message), signature, &sign_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_verify(atcab_get_device(), TA_KEY_TYPE_ECCP224, TA_HANDLE_INPUT_BUFFER, TA_HANDLE_INPUT_BUFFER, + status = talib_verify(atcab_get_device(), TA_KEY_TYPE_ECCP224, TA_HANDLE_INPUT_BUFFER, TA_HANDLE_INPUT_BUFFER, signature, sign_size, message, message_len, pub_key, (uint16_t)pub_key_len, &is_verified); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); TEST_ASSERT(is_verified); @@ -117,7 +117,7 @@ TEST(atca_cmd_basic_test, p224_key_sign_extern) } /** \brief Execute sign operation using ECCP384 key type and verify it with same. - */ + */ TEST(atca_cmd_basic_test, p384_key_sign_extern) { ATCA_STATUS status; @@ -131,28 +131,28 @@ TEST(atca_cmd_basic_test, p384_key_sign_extern) uint16_t sign_size = sizeof(signature); bool is_verified = false; - status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP384, TA_ALG_MODE_ECC_ECDSA, + status = talib_handle_init_private_key(&attr_priv_key_handle, TA_KEY_TYPE_ECCP384, TA_ALG_MODE_ECC_ECDSA, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_NO_KEY_AGREEMENT); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_create_element(atcab_get_device(), &attr_priv_key_handle, - &private_key_handle); + status = talib_create_element(atcab_get_device(), &attr_priv_key_handle, + &private_key_handle); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY, (uint32_t)private_key_handle, + status = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY, (uint32_t)private_key_handle, pub_key, &pub_key_len); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); status = talib_random(atcab_get_device(), NULL, message, message_len); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_sign_external(atcab_get_device(), TA_KEY_TYPE_ECCP384, private_key_handle, - TA_HANDLE_INPUT_BUFFER, message, (uint16_t)sizeof(message), signature, + status = talib_sign_external(atcab_get_device(), TA_KEY_TYPE_ECCP384, private_key_handle, + TA_HANDLE_INPUT_BUFFER, message, (uint16_t)sizeof(message), signature, &sign_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - status = talib_verify(atcab_get_device(), TA_KEY_TYPE_ECCP384, TA_HANDLE_INPUT_BUFFER, - TA_HANDLE_INPUT_BUFFER, signature, sign_size, message, message_len, + status = talib_verify(atcab_get_device(), TA_KEY_TYPE_ECCP384, TA_HANDLE_INPUT_BUFFER, + TA_HANDLE_INPUT_BUFFER, signature, sign_size, message, message_len, pub_key, (uint16_t)pub_key_len, &is_verified); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); TEST_ASSERT(is_verified); @@ -161,12 +161,164 @@ TEST(atca_cmd_basic_test, p384_key_sign_extern) TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); } +/** \brief The test case sign the internally generated message and verify it + * +*/ +TEST(atca_cmd_basic_test, ta_sign_internal) +{ + ATCA_STATUS status; + ta_element_attributes_t attr_private_key_handle; + uint8_t template_attributes[TA_HANDLE_INFO_SIZE]; + uint8_t target_attributes[TA_HANDLE_INFO_SIZE]; + uint16_t template_handle; + uint16_t data_handle; + uint16_t target_priv_handle; + uint16_t private_key_handle; + uint32_t counter_value; + uint8_t data[72]; + uint16_t data_size = sizeof(data); + uint8_t dedicated_memory[TA_DEDICATED_MEMORY_SIZE]; + uint8_t target_pubkey[TA_ECC256_PUB_KEY_SIZE]; + uint8_t verify_pub_key[TA_ECC256_PUB_KEY_SIZE]; + const char test_template_text[] = "CAL Sign Internal Test"; + uint8_t message[194] = { 0 }; + uint8_t digest[TA_SHA256_DIGEST_SIZE]; + uint8_t signature[TA_SIGN_P256_SIG_SIZE]; + uint16_t sign_size = sizeof(signature); + bool is_verified = false; + uint8_t is_valid = false; + uint16_t msg_index = 0; + + // Get the template data handle, which will be created during config + status = atca_test_config_get_id(TEST_TYPE_TEMPLATE_DATA, &template_handle); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Check the template data handle is being created + status = talib_is_handle_valid(atcab_get_device(), template_handle, &is_valid); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + if (!is_valid) + { + TEST_IGNORE_MESSAGE("Ignoring the test as template handle is not created, do config before running this test"); + } + + + // Get data handle and target handle + status = atca_test_config_get_id(TEST_TYPE_DATA, &data_handle); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + status = atca_test_config_get_id(TEST_TYPE_ECC_SIGN, &target_priv_handle); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + + + // Get the known data to form internal message on host before do sign operation + // 1. target public key + // 2. get dedicated memory which consists of serial number and group number + // 3. data from data handle + // 4. target private key attributes + // 5. template attributes + // 6. counter value + // Generate public key from target private key handle + status = talib_get_pubkey_compat(atcab_get_device(), target_priv_handle, target_pubkey); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + status = talib_info_get_dedicated_memory(atcab_get_device(), dedicated_memory); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + status = talib_random(atcab_get_device(), NULL, data, data_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + status = talib_write_element(atcab_get_device(), data_handle, data_size, data); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + status = talib_info_get_handle_info(atcab_get_device(), target_priv_handle, target_attributes); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + status = talib_info_get_handle_info(atcab_get_device(), template_handle, template_attributes); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + status = talib_counter_read(atcab_get_device(), TA_HANDLE_COUNTER1, &counter_value); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + + + // Create private key handle which sign internal message and set req attributes + status = talib_handle_init_private_key(&attr_private_key_handle, TA_KEY_TYPE_ECCP256, + TA_ALG_MODE_ECC_ECDSA, TA_PROP_SIGN_ONLY_INT_DIGEST, + TA_PROP_NO_KEY_AGREEMENT); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + attr_private_key_handle.byte7_settings |= 0x01; // link counter1 to priv key handle + + status = talib_create_element(atcab_get_device(), &attr_private_key_handle, &private_key_handle); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + + + // Generate private key to sign + status = atcab_genkey(private_key_handle, verify_pub_key); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + + // Sign the internally generated message + status = talib_sign_internal(atcab_get_device(), TA_SIGN_MODE_INTERNAL_MSG, private_key_handle, + template_handle, target_priv_handle, signature, &sign_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + + + // Form internal message and calculate SHA256 digest of it + memcpy(&message[msg_index], test_template_text, strlen(test_template_text)); + msg_index += strlen(test_template_text); + + memcpy(&message[msg_index], target_pubkey, sizeof(target_pubkey)); + msg_index += sizeof(target_pubkey); + + memcpy(&message[msg_index], dedicated_memory, 10); + msg_index += 10; + + memcpy(&message[msg_index], data, sizeof(data)); + msg_index += sizeof(data); + + memcpy(&message[msg_index], target_attributes, TA_HANDLE_INFO_SIZE); + msg_index += TA_HANDLE_INFO_SIZE; + + memcpy(&message[msg_index], template_attributes, TA_HANDLE_INFO_SIZE); + msg_index += TA_HANDLE_INFO_SIZE; + + counter_value += 1; + counter_value = ATCA_UINT32_BE_TO_HOST(counter_value); + memcpy(&message[msg_index], (uint8_t*)&counter_value, sizeof(counter_value)); + msg_index += sizeof(counter_value); + + memcpy(&message[msg_index], (uint8_t*)&counter_value, sizeof(counter_value)); + msg_index += sizeof(counter_value); + + status = talib_sha(atcab_get_device(), msg_index, message, digest); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + + + + // Verify the signature with public key (corresponding to sign private key) + status = atcab_verify_extern(digest, signature, verify_pub_key, &is_verified); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT(is_verified); + + + // delete handle + status = talib_delete_handle(atcab_get_device(), private_key_handle); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); +} + // *INDENT-OFF* - Preserve formatting t_test_case_info talib_sign_basic_test_info[] = { { REGISTER_TEST_CASE(atca_cmd_basic_test, rsa_key_sign_extern), DEVICE_MASK(TA100) }, { REGISTER_TEST_CASE(atca_cmd_basic_test, p224_key_sign_extern), DEVICE_MASK(TA100) }, { REGISTER_TEST_CASE(atca_cmd_basic_test, p384_key_sign_extern), DEVICE_MASK(TA100) }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, ta_sign_internal), DEVICE_MASK(TA100) }, { (fp_test_case)NULL, (uint8_t)0 }, /* Array Termination element*/ }; // *INDENT-OFN* diff --git a/test/atca_test.c b/test/atca_test.c index 77c3037cc..ecf61bf31 100644 --- a/test/atca_test.c +++ b/test/atca_test.c @@ -409,6 +409,51 @@ void atca_test_assert_aes_enabled(UNITY_LINE_TYPE from_line) } } +#if ATCA_TA_SUPPORT +//The Function checks the Secureboot mode byte in configuration zone , if it is not set, it skips the test +void atca_test_assert_ta_sboot_enabled(UNITY_LINE_TYPE from_line, uint8_t mode) +{ + if (TA100 == gCfg->devtype) + { + ATCA_STATUS status; + uint8_t check_config_sboot_enable[8]; + uint16_t config_size = sizeof(check_config_sboot_enable); + + // Bytes 32 of the config zone contains the Secure boot config bit + status = talib_read_partial_element(atcab_get_device(), TA_HANDLE_CONFIG_MEMORY, 32, &config_size, + &check_config_sboot_enable[0]); + UNITY_TEST_ASSERT_EQUAL_INT(ATCA_SUCCESS, status, from_line, NULL); + + if ((check_config_sboot_enable[0] & TA_SECUREBOOT_CONFIG_MODE_MASK) != mode) + { + TEST_IGNORE_MESSAGE("Ignoring the test, Secureboot mode is not configured"); + } + } +} + +//The Function checks the Secureboot preboot mode byte in configuration zone , if it is not set, it skips the test +void atca_test_assert_ta_sboot_preboot_enabled(UNITY_LINE_TYPE from_line) +{ + if (TA100 == gCfg->devtype) + { + ATCA_STATUS status; + uint8_t check_config_sboot_enable[8]; + uint16_t config_size = sizeof(check_config_sboot_enable); + + // Bytes 32 of the config zone contains the Secure boot config bit + status = talib_read_partial_element(atcab_get_device(), TA_HANDLE_CONFIG_MEMORY, 32, &config_size, + &check_config_sboot_enable[0]); + UNITY_TEST_ASSERT_EQUAL_INT(ATCA_SUCCESS, status, from_line, NULL); + + if ((check_config_sboot_enable[1] & TA_SECUREBOOT_CONFIG_PREBOOT_ENABLE_MASK) + != TA_SECUREBOOT_CONFIG_PREBOOT_ENABLE_MASK) + { + TEST_IGNORE_MESSAGE("Ignoring the test, Secureboot preboot is not configured"); + } + } +} +#endif + ATCA_STATUS atca_test_config_get_id(uint8_t test_type, uint16_t* handle) { ATCA_STATUS status = ATCA_BAD_PARAM; diff --git a/test/atca_test.h b/test/atca_test.h index 79cd7816c..71ce23124 100644 --- a/test/atca_test.h +++ b/test/atca_test.h @@ -39,6 +39,7 @@ extern const uint8_t g_slot4_key[]; #define AES_CONFIG_ENABLE_BIT_MASK (uint8_t)0x01 +#define CMD_PROCESSOR_MAX_ARGS 10 typedef void (*fp_test_case)(void); @@ -48,6 +49,15 @@ typedef struct uint32_t support_device_mask; }t_test_case_info; +typedef int (*fp_menu_handler)(int argc, char* argv[]); + +typedef struct +{ + const char* menu_cmd; + const char* menu_cmd_description; + fp_menu_handler fp_handler; +} t_menu_info; + #define DEVICE_MASK(device) ((uint8_t)1 << device) #define REGISTER_TEST_CASE(group, name) TEST_ ## group ## _ ## name ## _run @@ -126,7 +136,7 @@ extern const uint8_t test_ecc_configdata[ATCA_ECC_CONFIG_SIZE]; extern const uint8_t sha204_default_config[ATCA_SHA_CONFIG_SIZE]; #endif #if ATCA_TA_SUPPORT -const uint8_t test_ta100_configdata[TA_CONFIG_SIZE]; +extern const uint8_t test_ta100_configdata[TA_CONFIG_SIZE]; #endif void atca_test_assert_config_is_unlocked(UNITY_LINE_TYPE from_line); @@ -134,6 +144,10 @@ void atca_test_assert_config_is_locked(UNITY_LINE_TYPE from_line); void atca_test_assert_data_is_unlocked(UNITY_LINE_TYPE from_line); void atca_test_assert_data_is_locked(UNITY_LINE_TYPE from_line); void atca_test_assert_aes_enabled(UNITY_LINE_TYPE from_line); +#if ATCA_TA_SUPPORT +void atca_test_assert_ta_sboot_enabled(UNITY_LINE_TYPE from_line, uint8_t mode); +void atca_test_assert_ta_sboot_preboot_enabled(UNITY_LINE_TYPE from_line); +#endif #define unit_test_assert_config_is_locked() atca_test_assert_config_is_locked(__LINE__) #define unit_test_assert_config_is_unlocked() atca_test_assert_config_is_unlocked(__LINE__) @@ -146,6 +160,8 @@ void atca_test_assert_aes_enabled(UNITY_LINE_TYPE from_line); #define test_assert_data_is_locked() atca_test_assert_data_is_locked(__LINE__) #define check_config_aes_enable() atca_test_assert_aes_enabled(__LINE__) +#define check_config_ta_sboot_enable(mode) atca_test_assert_ta_sboot_enabled(__LINE__, mode) +#define check_config_ta_sboot_preboot_enable() atca_test_assert_ta_sboot_preboot_enabled(__LINE__) #define TEST_TYPE_ECC_SIGN (1) @@ -159,6 +175,7 @@ void atca_test_assert_aes_enabled(UNITY_LINE_TYPE from_line); #define TEST_TYPE_AUTH_CMAC (9) #define TEST_TYPE_AUTH_GCM (10) #define TEST_TYPE_ECC_ROOT_KEY (11) +#define TEST_TYPE_TEMPLATE_DATA (12) typedef struct { @@ -171,6 +188,7 @@ typedef struct ATCA_STATUS atca_test_config_get_id(uint8_t test_type, uint16_t* handle); // Helper tests +int run_tests(int test); void RunAllHelperTests(void); void RunBasicOtpZero(void); void RunAllBasicTests(void); diff --git a/test/atca_test_config.c b/test/atca_test_config.c index 14fe380f2..33e20b476 100644 --- a/test/atca_test_config.c +++ b/test/atca_test_config.c @@ -27,7 +27,6 @@ #include "atca_test.h" #include "cryptoauthlib.h" -#include "cmd-processor.h" #ifdef ATCA_HAL_CUSTOM extern int select_204_custom(int argc, char* argv[]); diff --git a/test/atca_test_console.c b/test/atca_test_console.c index 468637be1..b61e0cac7 100644 --- a/test/atca_test_console.c +++ b/test/atca_test_console.c @@ -27,7 +27,6 @@ #include "cryptoauthlib.h" #include "atca_test.h" -#include "cmd-processor.h" #include "atca_crypto_sw_tests.h" #ifndef ATCA_SERIAL_NUM_SIZE diff --git a/test/cmd-processor.h b/test/cmd-processor.h index 61c95b525..9f5752283 100644 --- a/test/cmd-processor.h +++ b/test/cmd-processor.h @@ -33,7 +33,6 @@ #include "cryptoauthlib.h" #define cmdQ_SIZE 512 -#define CMD_PROCESSOR_MAX_ARGS 10 int processCmd_interactive(void); int processCmd(void); @@ -46,17 +45,4 @@ volatile struct uint8_t m_entry[ cmdQ_SIZE ]; } cmdQ; -typedef int (*fp_menu_handler)(int argc, char* argv[]); - -typedef struct -{ - const char* menu_cmd; - const char* menu_cmd_description; - fp_menu_handler fp_handler; -} t_menu_info; - - -int run_tests(int test); - - #endif /* CMD-PROCESSOR_H_ */ \ No newline at end of file