Skip to content

Commit

Permalink
Release v3.2.2 (20200728)
Browse files Browse the repository at this point in the history
  • Loading branch information
bryan-hunt committed Jul 29, 2020
1 parent ce939a9 commit 1cb00de
Show file tree
Hide file tree
Showing 102 changed files with 1,754 additions and 762 deletions.
4 changes: 2 additions & 2 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ cmake_minimum_required(VERSION 2.6.4)
project (cryptoauthlib)

# Set the current release version
set(VERSION "3.2.0")
set(VERSION "3.2.2")
set(VERSION_MAJOR 3)
set(VERSION_MINOR 2)
set(VERSION_PATCH 0)
set(VERSION_PATCH 2)

# Build Options
option(BUILD_TESTS "Create Test Application with library" OFF)
Expand Down
12 changes: 6 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ Examples
for new examples coming online.
- Node Authentication Example Using Asymmetric PKI is a complete, all-in-one
example demonstrating all the stages of crypto authentication starting from
provisioning the Crypto Authentication device ATECC608A/ATECC508A with keys
provisioning the Crypto Authentication device ATECC608/ATECC508A with keys
and certificates to demonstrating an authentication sequence using
asymmetric techniques.
http://www.microchip.com/SWLibraryWeb/product.aspx?product=CryptoAuthLib
Expand All @@ -67,7 +67,7 @@ An example of the configuration:
#define ATCA_HAL_I2C
/* Included device support */
#define ATCA_ATECC608A_SUPPORT
#define ATCA_ATECC608_SUPPORT
/* \brief How long to wait after an initial wake failure for the POST to
* complete.
Expand Down Expand Up @@ -153,7 +153,7 @@ Tests
------------

There is a set of integration tests found in the test directory which will at least
partially demonstrate the use of the objects. Some tests may depend upon a
partially demonstrate the use of the objects. Some tests may depend upon a
certain device being configured in a certain way and may not work for all
devices or specific configurations of the device.

Expand All @@ -165,16 +165,16 @@ One first selects a device type, with one of the following commands:
- 204 (ATSHA204A)
- 108 (ATECC108A)
- 508 (ATECC508A)
- 608 (ATECC608A)
- 608 (ATECC608A/B)

From there the following unit test sweets are available:
- unit (test command builder functions)
- basic (test basic API functions)
- cio (test certification i/o functions)
- cd (test certificate data functions)
- util (test utility functions)
- crypto (test software crypto functions)

Tests available depend on the lock level of the device. The unit tests
won't lock the config or data zones automatically to allow retesting at desired
lock levels. Therefore, some commands will need to be repeated after locking
Expand Down
26 changes: 13 additions & 13 deletions app/secure_boot/README.md
Original file line number Diff line number Diff line change
@@ -1,32 +1,32 @@
# Secure boot using ATECC608A
# Secure boot using ATECC608

The SecureBoot command is a new feature on the
[ATECC608A](https://www.microchip.com/wwwproducts/en/ATECC608A) device compared
to earlier CryptoAuthentication devices from Microchip. This feature helps the
MCU to identify fraudulent code installed on it. When this feature is
implemented, the MCU can send a firmware digest and signature to the ATECC608A.
The ATECC608A validates this information (ECDSA verify) and responds to host
implemented, the MCU can send a firmware digest and signature to the ATECC608.
The ATECC608 validates this information (ECDSA verify) and responds to host
with a yes or no answer.

The ATECC608A provides options to reduce the firmware verification time by
The ATECC608 provides options to reduce the firmware verification time by
storing the signature or digest after a good full verification (FullStore mode
of the SecureBoot command).

- When the ATECC608A stores the digest (SecureBootMode is FullDig), the host
- When the ATECC608 stores the digest (SecureBootMode is FullDig), the host
only needs to send the firmware digest, which is compared to the stored
copy. This skips the comparatively lengthy ECDSA verify, speeding up the
secure boot process.

- When the ATECC608A stores the signature (SecureBootMode is FullSig), the
- When the ATECC608 stores the signature (SecureBootMode is FullSig), the
host only needs to send the firmware digest, which is verified against the
stored signature using ECDSA. This saves time by not needing to send the
signature in the command over the bus.

The ATECC608A also provides wire protection features for the SecureBoot
The ATECC608 also provides wire protection features for the SecureBoot
command, which can be used to encrypt the digest being sent from the host to
the ATECC608A and add a MAC to the verify result coming back to the host so it
the ATECC608 and add a MAC to the verify result coming back to the host so it
can't be forced to a success state. This feature makes use of a shared secret
between the host and ATECC608A, called the IO protection key.
between the host and ATECC608, called the IO protection key.

The secure boot feature can be easily integrated to an existing project. The
project should include the following files from the secure_boot folder:
Expand Down Expand Up @@ -61,9 +61,9 @@ the secure_boot_process() function.

- The host needs to be able to generate a nonce (number used once).
This is the NumIn parameter to the Nonce command that is sent before the
SecureBoot command. The ATECC608A can not be used to generate NumIn, but
SecureBoot command. The ATECC608 can not be used to generate NumIn, but
it should come from a good random or non-repeating source in the host.

- If the host has any protected internal memory, it should be used to store
its copy of the IO protection key.

Expand All @@ -72,8 +72,8 @@ the secure_boot_process() function.
easily skipped. Boot loader should ideally be stored in an immutable
(unchangeable) location like a boot ROM or write-protected flash.

- Note that these APIs don't provision the ATECC608A. They assume the
ATECC608A has already been configured and provisioned with the necessary
- Note that these APIs don't provision the ATECC608. They assume the
ATECC608 has already been configured and provisioned with the necessary
keys for secure boot.

Examples
Expand Down
Binary file modified cryptoauthlib-manual.pdf
Binary file not shown.
10 changes: 5 additions & 5 deletions harmony/config/device_instance.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@
*****************************************************************************"""

_DEFAULT_I2C_ADDRESS = {'ecc': 0xC0, 'sha': 0xC8, 'ta100': 0x2e}
_SWI_DEVICES = ['ATSHA204A', 'ATSHA206A', 'ATECC108A', 'ATECC508A', 'ATECC608A']
_I2C_DEVICES = ['ATSHA204A', 'ATECC108A', 'ATECC508A', 'ATECC608A', 'TA100']
_SWI_DEVICES = ['ATSHA204A', 'ATSHA206A', 'ATECC108A', 'ATECC508A', 'ATECC608']
_I2C_DEVICES = ['ATSHA204A', 'ATECC108A', 'ATECC508A', 'ATECC608', 'TA100']
_SPI_DEVICES = ['TA100']


Expand All @@ -40,7 +40,7 @@ def updatePartInterfaceSettings(symbol, event):
symObj = event['symbol']
updateId = event['id'].upper()
selected_key = symObj.getSelectedKey()

if updateId == 'INTERFACE':
if selected_key == 'ATCA_SPI_IFACE':
symbol.setVisible('SPI' in symbol.getID())
Expand Down Expand Up @@ -84,7 +84,7 @@ def instantiateComponent(deviceComponent, index):
interfaceType.setLabel('Interface Type')
if deviceType in _I2C_DEVICES:
interfaceType.addKey("ATCA_I2C_IFACE", "0", "I2C")
# if deviceType in _SWI_DEVICES:
# if deviceType in _SWI_DEVICES:
# interfaceType.addKey("ATCA_SWI_IFACE", "1", "SWI")
if deviceType in _SPI_DEVICES:
interfaceType.addKey("ATCA_SPI_IFACE", "2", "SPI")
Expand All @@ -109,7 +109,7 @@ def instantiateComponent(deviceComponent, index):
else:
deviceAddress = deviceComponent.createHexSymbol("I2C_ADDR", interfaceType)
deviceAddress.setLabel("I2C Address")

if 'ECC' in deviceID:
deviceAddress.setDefaultValue(_DEFAULT_I2C_ADDRESS['ecc'])
elif 'SHA' in deviceID:
Expand Down
8 changes: 4 additions & 4 deletions harmony/config/test_app.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@
numFileCntr = 0

_TEST_PATHS = ['atcacert/*', 'jwt/*', 'api_atcab/*', 'api_calib/*', 'api_talib/*', 'vectors/*']
_TEST_SOURCES = ['atca_crypto_sw_tests.c', 'atca_test.c', 'atca_test_config.c', 'atca_test_console.c',
'atca_utils_atecc608a.c', 'cmd-processor.c']
_TEST_SOURCES = ['atca_crypto_sw_tests.c', 'atca_test.c', 'atca_test_config.c', 'atca_test_console.c',
'atca_utils_atecc608.c', 'cmd-processor.c']
_TEST_HEADERS = ['atca_crypto_sw_tests.h', 'atca_test.h', 'cbuf.h', 'cmd-processor.h']


Expand Down Expand Up @@ -93,10 +93,10 @@ def instantiateComponent(calTestingApplication):
AddFilesDir(calTestingApplication, 'test', search_path, 'library/cryptoauthlib/test',
'config/{}/library/cryptoauthlib/test'.format(configName))
for fname in _TEST_SOURCES:
AddFile(calTestingApplication, 'test' + os.path.sep + fname, 'library/cryptoauthlib/test',
AddFile(calTestingApplication, 'test' + os.path.sep + fname, 'library/cryptoauthlib/test',
'config/{}/library/cryptoauthlib/test'.format(configName))
for fname in _TEST_HEADERS:
AddFile(calTestingApplication, 'test' + os.path.sep + fname, 'library/cryptoauthlib/test',
AddFile(calTestingApplication, 'test' + os.path.sep + fname, 'library/cryptoauthlib/test',
'config/{}/library/cryptoauthlib/test'.format(configName), file_type='HEADER')

AddFilesDir(calTestingApplication, 'third_party/unity', '*', 'library/cryptoauthlib/third_party/unity', 'config/{}/library/cryptoauthlib/third_party/unity'.format(configName))
Expand Down
6 changes: 3 additions & 3 deletions harmony/module.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

import os

_CALIB_SUPPORTED_DEVICES = ['ATECC108A', 'ATECC508A', 'ATECC608A', 'ATSHA204A']
_CALIB_SUPPORTED_DEVICES = ['ATECC108A', 'ATECC508A', 'ATECC608', 'ATSHA204A']
_TALIB_SUPPORTED_DEVICES = ['TA100']

def loadModule():
Expand All @@ -36,11 +36,11 @@ def loadModule():
cryptoAuthLibTng = Module.CreateSharedComponent("cryptoauthlib_tng", "Trust&Go", "/Libraries/Cryptoauthlib", "/harmony/config/tng.py")
cryptoAuthLibTng.setDisplayType("TNGTLS & TNGLORA Certificates")
cryptoAuthLibTng.addDependency("CAL_LIB_CAP", "CA_LIB", True, False)

cryptoAuthLibPkcs11 = Module.CreateSharedComponent("cryptoauthlib_pkcs11", "PKCS11", "/Libraries/Cryptoauthlib", "/harmony/config/pkcs11.py")
cryptoAuthLibPkcs11.setDisplayType("PKCS#11 Interface")
cryptoAuthLibPkcs11.addDependency("CAL_LIB_CAP", "CA_LIB", True, False)

cryptoAuthLibTest = Module.CreateSharedComponent("cryptoauthlib_test", "Tester", "/Libraries/Cryptoauthlib", "/harmony/config/test_app.py")
cryptoAuthLibTest.setDisplayType("Library Testing Application")
cryptoAuthLibTest.addDependency("CAL_LIB_CAP", "CA_LIB", True, False)
Expand Down
7 changes: 4 additions & 3 deletions lib/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ option(ATCA_ATSHA204A_SUPPORT "Include support for ATSHA204A device" ON)
option(ATCA_ATSHA206A_SUPPORT "Include support for ATSHA206A device" ON)
option(ATCA_ATECC108A_SUPPORT "Include support for ATECC108A device" ON)
option(ATCA_ATECC508A_SUPPORT "Include support for ATECC508A device" ON)
option(ATCA_ATECC608A_SUPPORT "Include support for ATECC608A device" ON)
option(ATCA_ATECC608_SUPPORT "Include support for ATECC608 device" ON)
option(ATCA_TA100_SUPPORT "Include support for TA100 device" OFF)
cmake_dependent_option(ATCA_TA100_AES_AUTH_SUPPORT "Include Encrypted (GCM) and CMAC Auth session support" ON "ATCA_TA100_SUPPORT" OFF)
option(ATCA_BUILD_SHARED_LIBS "Build CryptoAuthLib as shared library" ON)
Expand Down Expand Up @@ -102,7 +102,7 @@ execute_process(COMMAND ${CMAKE_COMMAND} -G "${CMAKE_GENERATOR}" .
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/${DEPENDENCY_DIR}/wolfssl_downloader/)
execute_process(COMMAND ${CMAKE_COMMAND} --build .
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/${DEPENDENCY_DIR}/wolfssl_downloader/)

#file(GLOB WOLFSSL_LIB_SRC RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "../third_party/wolfssl/wolfcrypt/src/*.c")

set(WOLFSSL_LIB_SRC ../third_party/wolfssl/wolfcrypt/src/aes.c
Expand Down Expand Up @@ -134,7 +134,8 @@ find_package(OpenSSL REQUIRED)
endif(ATCA_OPENSSL)

if (ATCA_ATSHA204A_SUPPORT OR ATCA_ATSHA206A_SUPPORT OR
ATCA_ATECC108A_SUPPORT OR ATCA_ATECC508A_SUPPORT OR ATCA_ATECC608A_SUPPORT)
ATCA_ATECC108A_SUPPORT OR ATCA_ATECC508A_SUPPORT OR
ATCA_ATECC608_SUPPORT)
set(LIB_SRC ${LIB_SRC} ${CALIB_SRC} ${HOST_SRC})
endif()

Expand Down
Loading

0 comments on commit 1cb00de

Please sign in to comment.