Skip to content

Commit

Permalink
Release v3.2.1
Browse files Browse the repository at this point in the history
Signed-off-by: Bryan Hunt <[email protected]>
  • Loading branch information
bryan-hunt committed Jun 29, 2020
1 parent 159d8b8 commit ce939a9
Show file tree
Hide file tree
Showing 22 changed files with 143 additions and 48 deletions.
4 changes: 2 additions & 2 deletions app/pkcs11/example_pkcs11_config.c
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ CK_RV pkcs11_config_load_objects(pkcs11_slot_ctx_ptr pSlot)
xLabel.pValue = pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS;
xLabel.ulValueLen = strlen(xLabel.pValue);
xLabel.type = CKA_LABEL;
pkcs11_config_key(NULL, pSlot, pObject, &xLabel);
rv = pkcs11_config_key(NULL, pSlot, pObject, &xLabel);
}
}

Expand All @@ -148,7 +148,7 @@ CK_RV pkcs11_config_load_objects(pkcs11_slot_ctx_ptr pSlot)
xLabel.pValue = pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS;
xLabel.ulValueLen = strlen(xLabel.pValue);
xLabel.type = CKA_LABEL;
pkcs11_config_key(NULL, pSlot, pObject, &xLabel);
rv = pkcs11_config_key(NULL, pSlot, pObject, &xLabel);
}
}

Expand Down
27 changes: 18 additions & 9 deletions app/pkcs11/slot.conf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,26 @@
# These are processed in order. Configuration parameters must be comma
# delimited and may not contain spaces

interface = i2c,0xB0
freeslots = 1,2,3
# Set a label for this slot (optional) - will default to <slot>ABC so
# 0.conf will have a default label 00ABC
#label = MCHP

# Slot 0 is the primary private key
object = private,device,0
# Configure the device interface for an enabled HAL
# hid,i2c,<address>
# i2c,<address>,<bus>
# spi,<select_line>,<baud>
interface = hid,i2c,0x6c

# Configure the device type - base part number (optional)
device = ATECC608A-TFLXTLS

# Slot 10 is the certificate data for the device's public key
#object = certificate,device,10
#Configure open slots for additional pkcs11 objects (optional)
#freeslots = 1,2,3

# Slot 12 is the intermedate/signer certificate data
#object = certificate,signer,12
# Manually configure keys into device locations (slots/handles)

# Slot 0 is the primary private key
#object = private,device,0

# Slot 15 is a public key
object = public,root,15
#object = public,root,15
4 changes: 4 additions & 0 deletions harmony/config/pkcs11.py
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,10 @@ def instantiateComponent(calPkcs11Component):
calPkcs11DebugPrint.setLabel("Enable Debug Print?")
calPkcs11DebugPrint.setDefaultValue(False)

calPkcs11AwsFreeRTOS = calPkcs11Component.createBooleanSymbol("CAL_PKCS11_AWS_FREERTOS", None)
calPkcs11AwsFreeRTOS.setLabel("Enable AWS FreeRTOS Modifications?")
calPkcs11AwsFreeRTOS.setDefaultValue(False)

calPkcs11MaxSlots = calPkcs11Component.createIntegerSymbol('CAL_PKCS11_MAX_SLOTS', None)
calPkcs11MaxSlots.setLabel('Maximum number of PKCS11 slots')
calPkcs11MaxSlots.setDefaultValue(1)
Expand Down
4 changes: 4 additions & 0 deletions harmony/templates/pkcs11_config.h.ftl
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@
#define PKCS11_DEBUG_ENABLE ${CAL_PKCS11_ENABLE_DEBUG_PRINT?then(1,0)}
#endif

<#if CAL_PKCS11_AWS_FREERTOS>
#define PKCS11_LABEL_IS_SERNUM 1
</#if>

/** Use a compiled configuration rather than loading from a filestore */
#ifndef PKCS11_USE_STATIC_CONFIG
#define PKCS11_USE_STATIC_CONFIG 1
Expand Down
9 changes: 8 additions & 1 deletion lib/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ if(ATCA_PKCS11 AND (ATCA_TNGTLS_SUPPORT OR ATCA_TNGLORA_SUPPORT OR ATCA_TFLEX_SU
SET(TNG_SRC ${TNG_SRC} ../app/pkcs11/trust_pkcs11_config.c)
endif()

if(${CMAKE_VERSION} VERSION_GREATER "3.8.0")
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${ATCACERT_SRC})
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${CALIB_SRC})
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${TALIB_SRC})
Expand All @@ -73,6 +74,7 @@ source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${HOST_SRC})
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${JWT_SRC})
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${PKCS11_SRC})
source_group("App/Tng" FILES ${TNG_SRC})
endif()

if (ATCA_MBEDTLS)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/../third_party/CMakeLists-mbedtls.txt.in ${CMAKE_BINARY_DIR}/${DEPENDENCY_DIR}/mbedtls_downloader/CMakeLists.txt)
Expand All @@ -89,7 +91,9 @@ include_directories(mbedtls PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}


file(GLOB MBEDTLS_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "mbedtls/*.c")
if(${CMAKE_VERSION} VERSION_GREATER "3.8.0")
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${MBEDTLS_SRC})
endif()
endif(ATCA_MBEDTLS)

if (ATCA_WOLFSSL)
Expand All @@ -116,12 +120,16 @@ include_directories(wolfssl PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}


file(GLOB WOLFSSL_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "wolfssl/*.c")
if(${CMAKE_VERSION} VERSION_GREATER "3.8.0")
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${WOLFSSL_SRC})
endif()
endif(ATCA_WOLFSSL)

if (ATCA_OPENSSL)
file(GLOB OPENSSL_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "openssl/*.c")
if(${CMAKE_VERSION} VERSION_GREATER "3.8.0")
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${OPENSSL_SRC})
endif()
find_package(OpenSSL REQUIRED)
endif(ATCA_OPENSSL)

Expand Down Expand Up @@ -239,7 +247,6 @@ if(ATCA_BUILD_SHARED_LIBS)
add_definitions(-DATCA_BUILD_SHARED_LIBS)
endif(ATCA_BUILD_SHARED_LIBS)

#source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${CRYPTOAUTH_SRC})
add_library(cryptoauth ${CRYPTOAUTH_SRC} ${ATCACERT_DEF_SRC})

set_property(TARGET cryptoauth PROPERTY C_STANDARD 99)
Expand Down
6 changes: 3 additions & 3 deletions lib/atca_basic.c
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ ATCA_STATUS atcab_init_ext(ATCADevice* device, ATCAIfaceCfg *cfg)
// If a device has already been initialized, release it
if (*device)
{
atcab_release();
atcab_release_ext(device);
}

#ifdef ATCA_NO_HEAP
Expand Down Expand Up @@ -165,12 +165,12 @@ ATCA_STATUS atcab_init_device(ATCADevice ca_device)
ATCA_STATUS atcab_release_ext(ATCADevice* device)
{
#ifdef ATCA_NO_HEAP
ATCA_STATUS status = releaseATCADevice(_gDevice);
ATCA_STATUS status = releaseATCADevice(*device);
if (status != ATCA_SUCCESS)
{
return status;
}
_gDevice = NULL;
*device = NULL;
#else
deleteATCADevice(device);
#endif
Expand Down
2 changes: 1 addition & 1 deletion lib/atca_compiler.h
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
#define ATCA_UINT64_BE_TO_HOST(x) __builtin_bswap64(x)
#endif

#ifdef (WIN32)
#ifdef WIN32
#define SHARED_LIB_EXPORT __declspec(dllexport)
#define SHARED_LIB_IMPORT __declspec(dllimport)
#else
Expand Down
2 changes: 1 addition & 1 deletion lib/calib/calib_aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
ATCA_STATUS calib_aes(ATCADevice device, uint8_t mode, uint16_t key_id, const uint8_t* aes_in, uint8_t* aes_out)
{
ATCAPacket packet;
ATCACommand ca_cmd = _gDevice->mCommands;
ATCACommand ca_cmd = device->mCommands;
ATCA_STATUS status = ATCA_GEN_FAIL;

do
Expand Down
2 changes: 1 addition & 1 deletion lib/calib/calib_basic.c
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,7 @@ ATCA_STATUS calib_get_zone_size(ATCADevice device, uint8_t zone, uint16_t slot,
default: status = ATCA_BAD_PARAM; break;
}
}
else if (_gDevice->mIface->mIfaceCFG->devtype == ATSHA206A)
else if (device->mIface->mIfaceCFG->devtype == ATSHA206A)
{
switch (zone)
{
Expand Down
8 changes: 8 additions & 0 deletions lib/calib/calib_basic.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@
*
@{ */

#ifdef __cplusplus
extern "C" {
#endif

ATCA_STATUS calib_wakeup(ATCADevice device);
ATCA_STATUS calib_idle(ATCADevice device);
ATCA_STATUS calib_sleep(ATCADevice device);
Expand Down Expand Up @@ -183,6 +187,10 @@ ATCA_STATUS calib_write_enc(ATCADevice device, uint16_t key_id, uint8_t block, c

ATCA_STATUS calib_write_config_counter(ATCADevice device, uint16_t counter_id, uint32_t counter_value);

#ifdef __cplusplus
}
#endif

/** @} */

#endif
4 changes: 2 additions & 2 deletions lib/calib/calib_read.c
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,7 @@ ATCA_STATUS calib_read_config_zone(ATCADevice device, uint8_t* config_data)
break;
}

if ((_gDevice->mIface->mIfaceCFG->devtype == ATSHA204A) || (_gDevice->mIface->mIfaceCFG->devtype == ATSHA206A))
if ((device->mIface->mIfaceCFG->devtype == ATSHA204A) || (device->mIface->mIfaceCFG->devtype == ATSHA206A))
{
status = calib_read_bytes_zone(device, ATCA_ZONE_CONFIG, 0, 0x00, config_data, ATCA_SHA_CONFIG_SIZE);
}
Expand Down Expand Up @@ -432,7 +432,7 @@ ATCA_STATUS calib_cmp_config_zone(ATCADevice device, uint8_t* config_data, bool*
break;
}

if (_gDevice->mIface->mIfaceCFG->devtype == ATECC608A)
if (device->mIface->mIfaceCFG->devtype == ATECC608A)
{
/* Skip Counter[0], Counter[1], which can change during operation */

Expand Down
4 changes: 2 additions & 2 deletions lib/calib/calib_sha.c
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ ATCA_STATUS calib_hw_sha2_256_finish(ATCADevice device, atca_sha256_ctx_t* ctx,
uint32_t pad_zero_count;
uint16_t digest_size;

if (_gDevice->mIface->mIfaceCFG->devtype == ATSHA204A)
if (device->mIface->mIfaceCFG->devtype == ATSHA204A)
{
// ATSHA204A only implements the raw 64-byte block operation, but
// doesn't add in the final footer information. So we do that manually
Expand Down Expand Up @@ -456,7 +456,7 @@ ATCA_STATUS calib_sha_hmac_finish(ATCADevice device, atca_hmac_sha256_ctx_t *ctx
uint8_t mode = SHA_MODE_HMAC_END;
uint16_t digest_size = 32;

if (ATECC608A == _gDevice->mIface->mIfaceCFG->devtype)
if (ATECC608A == device->mIface->mIfaceCFG->devtype)
{
mode = SHA_MODE_608_HMAC_END;
}
Expand Down
2 changes: 1 addition & 1 deletion lib/calib/calib_sign.c
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ ATCA_STATUS calib_sign(ATCADevice device, uint16_t key_id, const uint8_t *msg, u
}

// Load message into device
if (_gDevice->mCommands->dt == ATECC608A)
if (device->mCommands->dt == ATECC608A)
{
// Use the Message Digest Buffer for the ATECC608A
nonce_target = NONCE_MODE_TARGET_MSGDIGBUF;
Expand Down
4 changes: 2 additions & 2 deletions lib/calib/calib_verify.c
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@ ATCA_STATUS calib_verify_extern(ATCADevice device, const uint8_t *message, const
do
{
// Load message into device
if (_gDevice->mCommands->dt == ATECC608A)
if (device->mCommands->dt == ATECC608A)
{
// Use the Message Digest Buffer for the ATECC608A
nonce_target = NONCE_MODE_TARGET_MSGDIGBUF;
Expand Down Expand Up @@ -348,7 +348,7 @@ ATCA_STATUS calib_verify_stored(ATCADevice device, const uint8_t *message, const
do
{
// Load message into device
if (_gDevice->mCommands->dt == ATECC608A)
if (device->mCommands->dt == ATECC608A)
{
// Use the Message Digest Buffer for the ATECC608A
nonce_target = NONCE_MODE_TARGET_MSGDIGBUF;
Expand Down
3 changes: 2 additions & 1 deletion lib/mbedtls/atca_mbedtls_wrap.c
Original file line number Diff line number Diff line change
Expand Up @@ -638,7 +638,8 @@ int atca_mbedtls_cert_add(mbedtls_x509_crt * cert, const atcacert_def_t * cert_d
}
}

if (NULL == (cert_buf = mbedtls_calloc(1, cert_def->cert_template_size + 8)))
cert_len = cert_def->cert_template_size + 8;
if (NULL == (cert_buf = mbedtls_calloc(1, cert_len)))
{
ret = -1;
}
Expand Down
42 changes: 41 additions & 1 deletion lib/pkcs11/pkcs11_config.c
Original file line number Diff line number Diff line change
Expand Up @@ -351,6 +351,26 @@ static CK_RV pkcs11_config_parse_interface(pkcs11_slot_ctx_ptr slot_ctx, char* c
return rv;
}

#ifndef PKCS11_LABEL_IS_SERNUM
static CK_RV pkcs11_config_parse_label(pkcs11_slot_ctx_ptr slot_ctx, char* cfgstr)
{
CK_RV rv = CKR_OK;
size_t len = strlen(cfgstr);

if (len && (len < PKCS11_MAX_LABEL_SIZE))
{
memcpy(slot_ctx->label, cfgstr, len);
slot_ctx->label[PKCS11_MAX_LABEL_SIZE] = 0;
}
else
{
rv = CKR_ARGUMENTS_BAD;
}

return rv;
}
#endif

static CK_RV pkcs11_config_parse_freeslots(pkcs11_slot_ctx_ptr slot_ctx, char* cfgstr)
{
int argc = 16;
Expand Down Expand Up @@ -486,6 +506,12 @@ static CK_RV pkcs11_config_parse_slot_file(pkcs11_slot_ctx_ptr slot_ctx, int arg
{
rv = pkcs11_config_parse_interface(slot_ctx, argv[i + 1]);
}
#ifndef PKCS11_LABEL_IS_SERNUM
else if (!strcmp(argv[i], "label"))
{
rv = pkcs11_config_parse_label(slot_ctx, argv[i + 1]);
}
#endif
else if (!strcmp(argv[i], "freeslots"))
{
rv = pkcs11_config_parse_freeslots(slot_ctx, argv[i + 1]);
Expand Down Expand Up @@ -578,6 +604,7 @@ CK_RV pkcs11_config_key(pkcs11_lib_ctx_ptr pLibCtx, pkcs11_slot_ctx_ptr pSlot, p
char *objtype = "";
char filename[200];
int i;
CK_RV rv = CKR_FUNCTION_FAILED;

/* Find a free slot that matches the object type */

Expand Down Expand Up @@ -626,10 +653,12 @@ CK_RV pkcs11_config_key(pkcs11_lib_ctx_ptr pLibCtx, pkcs11_slot_ctx_ptr pSlot, p
fprintf(fp, "type = %s\n", objtype);
fprintf(fp, "label = %s\n", pObject->name);
fclose(fp);
rv = CKR_OK;
}
}
}
return CKR_OK;

return rv;
}

CK_RV pkcs11_config_remove_object(pkcs11_lib_ctx_ptr pLibCtx, pkcs11_slot_ctx_ptr pSlot, pkcs11_object_ptr pObject)
Expand All @@ -642,6 +671,7 @@ CK_RV pkcs11_config_remove_object(pkcs11_lib_ctx_ptr pLibCtx, pkcs11_slot_ctx_pt
if (ret > 0 && ret < sizeof(filename))
{
remove(filename);
pSlot->flags |= (1 << pObject->slot);
}

return CKR_OK;
Expand Down Expand Up @@ -723,6 +753,16 @@ CK_RV pkcs11_config_load_objects(pkcs11_slot_ctx_ptr slot_ctx)
{
PKCS11_DEBUG("Failed to parse the slot configuration file");
}
#ifndef PKCS11_LABEL_IS_SERNUM
if (CKR_OK == rv)
{
/* If a label wasn't set - configure a default */
if (!slot_ctx->label[0])
{
snprintf((char*)slot_ctx->label, sizeof(slot_ctx->label)-1, "%02XABC", (uint8_t)i);
}
}
#endif
pkcs11_os_free(buffer);
}
}
Expand Down
9 changes: 7 additions & 2 deletions lib/pkcs11/pkcs11_object.c
Original file line number Diff line number Diff line change
Expand Up @@ -413,7 +413,7 @@ CK_RV pkcs11_object_create
)
{
CK_RV rv;
pkcs11_object_ptr pObject;
pkcs11_object_ptr pObject = NULL;
CK_ATTRIBUTE_PTR pLabel = NULL;
CK_OBJECT_CLASS_PTR pClass = NULL;
CK_ATTRIBUTE_PTR pData = NULL;
Expand Down Expand Up @@ -456,7 +456,12 @@ CK_RV pkcs11_object_create

rv = pkcs11_object_find(&pObject, pTemplate, ulCount);

if (rv)
if (rv)
{
return rv;
}

if (!pObject)
{
/* Allocate a new object */
rv = pkcs11_object_alloc(&pObject);
Expand Down
Loading

0 comments on commit ce939a9

Please sign in to comment.