Skip to content

Commit

Permalink
Release 20191122
Browse files Browse the repository at this point in the history
  • Loading branch information
bryan-hunt committed Nov 23, 2019
1 parent af81877 commit eabc052
Show file tree
Hide file tree
Showing 1,062 changed files with 901 additions and 137,375 deletions.
13 changes: 12 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,17 @@ Examples

Release notes
-----------
11/22/2019
- Patches for CVE-2019-16128 & CVE-2019-16129: Ensure reported packet length
is valid for the packet being processed.
- Improvement to encrypted read operations to allow supply of a host nonce
(prevent replay of a read sequence to the host). Default API is changed
but can be reverted by setting the option ATCA_USE_CONSTANT_HOST_NONCE
- Added Azure compatible TNGTLS and TNGLORA certificates. Use the TNG client
API to retrieve the proper certificate based on the device.
- Misc Python updates (updated APIs for encrypted reads to match the C-API change)
atcacert_cert_element_t now initializes properly

08/30/2019
- Added big-endian architecture support
- Fixes to atcah_gen_dig() and atcah_nonce()
Expand Down Expand Up @@ -461,4 +472,4 @@ sudo touch mchp-cryptoauth.rules
Edit the mchp-cryptoauth.rules file and add the following line to the file:
```text
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2312", MODE="0666"
```
```
69 changes: 63 additions & 6 deletions app/tng/tng_atca.c
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
#include <string.h>
#include "tng_atca.h"
#include "tnglora_cert_def_2_device.h"
#include "tnglora_cert_def_4_device.h"
#include "tngtls_cert_def_2_device.h"
#include "tngtls_cert_def_3_device.h"


ATCA_STATUS tng_get_type(tng_type_t* type)
Expand All @@ -17,18 +22,70 @@ ATCA_STATUS tng_get_type(tng_type_t* type)
return ret;
}

if (sn[0] == 0x01 && sn[1] == 0x23 && sn[8] == 0x27)
if (sn[8] == 0x10 || sn[8] == 0x27)
{
*type = TNGTYPE_TN;
*type = TNGTYPE_LORA;
}
else
{
*type = TNGTYPE_22;
*type = TNGTYPE_TLS;
}

return ATCA_SUCCESS;
}

ATCA_STATUS tng_get_device_cert_def(const atcacert_def_t **cert_def)
{
ATCA_STATUS status = ATCA_SUCCESS;
uint8_t sn[ATCA_SERIAL_NUM_SIZE];
uint8_t otpcode[32];

if (cert_def == NULL)
{
return ATCA_BAD_PARAM;
}

//Set default certificate definition
*cert_def = &g_tngtls_cert_def_2_device;

status = atcab_read_serial_number(sn);
if (status != ATCA_SUCCESS)
{
return status;
}

if (sn[8] == 0x01 || sn[8] == 0x10 || sn[8] == 0x27)
{
status = atcab_read_zone(ATCA_ZONE_OTP, 0, 0, 0, otpcode, 32);
if (status != ATCA_SUCCESS)
{
return status;
}

if ((strncmp("wdNxAjae", otpcode, 8) == 0) || (strncmp("Rsuy5YJh", otpcode, 8) == 0))
{
*cert_def = &g_tngtls_cert_def_2_device;
}
else if ((strncmp("KQp2ZkD8", otpcode, 8) == 0) || (strncmp("x6tjuZMy", otpcode, 8) == 0))
{
*cert_def = &g_tngtls_cert_def_3_device;
}
else if (strncmp("BxZvm6q2", otpcode, 8) == 0)
{
*cert_def = &g_tnglora_cert_def_2_device;
}
else if ((strncmp("jsMu7iYO", otpcode, 8) == 0) || (strncmp("09qJNxI3", otpcode, 8) == 0))
{
*cert_def = &g_tnglora_cert_def_4_device;
}
else
{
//Nothing to do...Already initialized to default
}
}
return status;
}

ATCA_STATUS tng_get_device_pubkey(uint8_t *public_key)
{
ATCA_STATUS ret;
Expand All @@ -40,12 +97,12 @@ ATCA_STATUS tng_get_device_pubkey(uint8_t *public_key)
return ret;
}

if (type == TNGTYPE_TN)
if (type == TNGTYPE_LORA)
{
return atcab_get_pubkey(TNGTN_PRIMARY_KEY_SLOT, public_key);
return atcab_get_pubkey(TNGLORA_PRIMARY_KEY_SLOT, public_key);
}
else
{
return atcab_get_pubkey(TNG22_PRIMARY_KEY_SLOT, public_key);
return atcab_get_pubkey(TNGTLS_PRIMARY_KEY_SLOT, public_key);
}
}
18 changes: 14 additions & 4 deletions app/tng/tng_atca.h
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
#define TNG_ATCA_H

#include "basic/atca_basic.h"
#include "atcacert/atcacert_def.h"

#ifdef __cplusplus
extern "C" {
Expand All @@ -15,14 +16,14 @@ extern "C" {
*
@{ */

#define TNG22_PRIMARY_KEY_SLOT 0
#define TNGTN_PRIMARY_KEY_SLOT 1
#define TNGTLS_PRIMARY_KEY_SLOT 0
#define TNGLORA_PRIMARY_KEY_SLOT 1

typedef enum
{
TNGTYPE_UNKNOWN,
TNGTYPE_22,
TNGTYPE_TN
TNGTYPE_TLS,
TNGTYPE_LORA
} tng_type_t;

/** \brief Get the type of TNG device.
Expand All @@ -33,6 +34,15 @@ typedef enum
*/
ATCA_STATUS tng_get_type(tng_type_t* type);

/** \brief Get the TNG device certificate definition.
*
* \param[out] cert_def TNG device certificate defnition is returned here.
*
* \return ATCA_SUCCESS on success, otherwise an error code.
*/

ATCA_STATUS tng_get_device_cert_def(const atcacert_def_t **cert_def);

/** \brief Uses GenKey command to calculate the public key from the primary
* device public key.
*
Expand Down
97 changes: 33 additions & 64 deletions app/tng/tng_atcacert_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,39 +28,30 @@
#include "tng_atca.h"
#include "atcacert/atcacert_client.h"
#include "tng_atcacert_client.h"
#include "tng22_cert_def_2_device.h"
#include "tng22_cert_def_1_signer.h"
#include "tngtn_cert_def_2_device.h"
#include "tngtn_cert_def_1_signer.h"
#include "tngtls_cert_def_1_signer.h"
#include "tngtls_cert_def_2_device.h"
#include "tngtls_cert_def_3_device.h"
#include "tnglora_cert_def_1_signer.h"
#include "tnglora_cert_def_2_device.h"
#include "tnglora_cert_def_4_device.h"
#include "tng_root_cert.h"

int tng_atcacert_max_device_cert_size(size_t* max_cert_size)
{
return atcacert_max_cert_size(&g_tng22_cert_def_2_device, max_cert_size);
return atcacert_max_cert_size(&g_tnglora_cert_def_4_device, max_cert_size);
}

int tng_atcacert_read_device_cert(uint8_t* cert, size_t* cert_size, const uint8_t* signer_cert)
{
int ret;
tng_type_t type;
const atcacert_def_t* cert_def = NULL;
uint8_t ca_public_key[72];

ret = tng_get_type(&type);
ret = tng_get_device_cert_def(&cert_def);
if (ret != ATCA_SUCCESS)
{
return ret;
}

if (type == TNGTYPE_TN)
{
cert_def = &g_tngtn_cert_def_2_device;
}
else
{
cert_def = &g_tng22_cert_def_2_device;
}

// Get the CA (signer) public key
if (signer_cert != NULL)
{
Expand Down Expand Up @@ -96,7 +87,6 @@ int tng_atcacert_read_device_cert(uint8_t* cert, size_t* cert_size, const uint8_
int tng_atcacert_device_public_key(uint8_t* public_key, uint8_t* cert)
{
int ret;
tng_type_t type;
const atcacert_def_t* cert_def = NULL;
uint8_t raw_public_key[72];

Expand All @@ -105,54 +95,33 @@ int tng_atcacert_device_public_key(uint8_t* public_key, uint8_t* cert)
return ATCACERT_E_BAD_PARAMS;
}

if (cert != NULL)
ret = tng_get_device_cert_def(&cert_def);
if (ret != ATCA_SUCCESS)
{
// TNG 22 cert def will work for either if the certificate is supplied
return atcacert_get_subj_public_key(
&g_tng22_cert_def_2_device,
cert,
g_tng22_cert_def_2_device.cert_template_size, // cert size doesn't need to be accurate
public_key);
return ret;
}

ret = atcacert_read_device_loc(&cert_def->public_key_dev_loc, raw_public_key);
if (ret != ATCACERT_E_SUCCESS)
{
return ret;
}
if (cert_def->public_key_dev_loc.count == 72)
{
// Public key is formatted with padding bytes in front of the X and Y components
atcacert_public_key_remove_padding(raw_public_key, public_key);
}
else
{
ret = tng_get_type(&type);
if (ret != ATCA_SUCCESS)
{
return ret;
}

if (type == TNGTYPE_TN)
{
cert_def = &g_tngtn_cert_def_2_device;
}
else
{
cert_def = &g_tng22_cert_def_2_device;
}

ret = atcacert_read_device_loc(&cert_def->public_key_dev_loc, raw_public_key);
if (ret != ATCACERT_E_SUCCESS)
{
return ret;
}
if (cert_def->public_key_dev_loc.count == 72)
{
// Public key is formatted with padding bytes in front of the X and Y components
atcacert_public_key_remove_padding(raw_public_key, public_key);
}
else
{
memcpy(public_key, raw_public_key, 64);
}
memcpy(public_key, raw_public_key, 64);
}

return ATCACERT_E_SUCCESS;
}

int tng_atcacert_max_signer_cert_size(size_t* max_cert_size)
{
return atcacert_max_cert_size(&g_tng22_cert_def_1_signer, max_cert_size);
return atcacert_max_cert_size(&g_tngtls_cert_def_1_signer, max_cert_size);
}

int tng_atcacert_read_signer_cert(uint8_t* cert, size_t* cert_size)
Expand All @@ -168,13 +137,13 @@ int tng_atcacert_read_signer_cert(uint8_t* cert, size_t* cert_size)
return ret;
}

if (type == TNGTYPE_TN)
if (type == TNGTYPE_LORA)
{
cert_def = &g_tngtn_cert_def_1_signer;
cert_def = &g_tnglora_cert_def_1_signer;
}
else
{
cert_def = &g_tng22_cert_def_1_signer;
cert_def = &g_tngtls_cert_def_1_signer;
}

// Get the CA (root) public key
Expand All @@ -197,11 +166,11 @@ int tng_atcacert_signer_public_key(uint8_t* public_key, uint8_t* cert)

if (cert != NULL)
{
// TNG 22 cert def will work for either if the certificate is supplied
// TNG TLS cert def will work for either if the certificate is supplied
return atcacert_get_subj_public_key(
&g_tng22_cert_def_1_signer,
&g_tngtls_cert_def_1_signer,
cert,
g_tng22_cert_def_1_signer.cert_template_size, // cert size doesn't need to be accurate
g_tngtls_cert_def_1_signer.cert_template_size, // cert size doesn't need to be accurate
public_key);
}
else
Expand All @@ -212,13 +181,13 @@ int tng_atcacert_signer_public_key(uint8_t* public_key, uint8_t* cert)
return ret;
}

if (type == TNGTYPE_TN)
if (type == TNGTYPE_LORA)
{
cert_def = &g_tngtn_cert_def_1_signer;
cert_def = &g_tnglora_cert_def_1_signer;
}
else
{
cert_def = &g_tng22_cert_def_1_signer;
cert_def = &g_tngtls_cert_def_1_signer;
}

ret = atcacert_read_device_loc(&cert_def->public_key_dev_loc, raw_public_key);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/**
* \file
* \brief TNG TN signer certificate definition
* \brief TNG LORA signer certificate definition
*
* \copyright (c) 2015-2019 Microchip Technology Inc. and its subsidiaries.
*
Expand All @@ -26,11 +26,11 @@
*/

#include "atcacert/atcacert_def.h"
#include "tng22_cert_def_1_signer.h"
#include "tngtls_cert_def_1_signer.h"

extern const uint8_t g_tng22_cert_template_1_signer[];
extern const uint8_t g_tngtls_cert_template_1_signer[];

const atcacert_def_t g_tngtn_cert_def_1_signer = {
const atcacert_def_t g_tnglora_cert_def_1_signer = {
.type = CERTTYPE_X509,
.template_id = 1,
.chain_id = 0,
Expand Down Expand Up @@ -100,7 +100,7 @@ const atcacert_def_t g_tngtn_cert_def_1_signer = {
},
.cert_elements = NULL,
.cert_elements_count = 0,
.cert_template = g_tng22_cert_template_1_signer,
.cert_template_size = TNG22_CERT_TEMPLATE_1_SIGNER_SIZE,
.cert_template = g_tngtls_cert_template_1_signer,
.cert_template_size = TNGTLS_CERT_TEMPLATE_1_SIGNER_SIZE,
.ca_cert_def = NULL
};
Loading

0 comments on commit eabc052

Please sign in to comment.