Skip to content

Develop support for Atmel crypto engine ATCAECC508A #6104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 32 commits into from
Feb 26, 2018
Merged

Develop support for Atmel crypto engine ATCAECC508A #6104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
a57f543
Develop support for Atmel crypto engine ATCAECC508A
Jan 26, 2018
feb08db
Add function comments and restructure device factory class
Feb 17, 2018
6e39a6c
Fixups after code restructure
Feb 17, 2018
d6c2b9c
Add missing ATCAFactory destructor
Feb 17, 2018
9a46c6d
Rename ATCA.h/c to ATCAFactory.h/c
Feb 17, 2018
3004483
Method for creating transparent pk context from HW engine
Feb 18, 2018
c3e9538
Fetch ECP PK info via API
Feb 18, 2018
0a9066f
Fix README extension
Feb 19, 2018
a413ad8
First draft of README
mazimkhan Feb 19, 2018
5783fa7
Add steps to generate server certificate.
mazimkhan Feb 19, 2018
b1329cf
Complete README with SSL sample setup.
mazimkhan Feb 19, 2018
58a72c3
Minor fixes and rework
Feb 20, 2018
9e16c31
Change ATCA_ERR_NO_ERROR to ATCA_SUCCESS
Feb 20, 2018
b69e999
Incorporate code review comments
Feb 21, 2018
4fed598
Calculate configuration zone CRC with device specific data.
Feb 21, 2018
deea022
Changes after basing with mbedtls:feature-opaque-keys branch
Feb 22, 2018
a3e9ac8
Change ATCA_ERR_SMALL_BUFFER to ATCA_ERR_BUFFER_TOO_SMALL
Feb 22, 2018
34185c3
Correct names where appropriate 'asn format'->'EC octet string'
Feb 22, 2018
123061b
Initialize pk context with API and return library error codes
Feb 22, 2018
81ce174
Improve comment explaining first 16 bytes of the sample configuration
Feb 22, 2018
2c1f903
Merge branch 'feature-opaque-keys' of github.com:ARMmbed/mbed-os into…
Feb 25, 2018
04369ac
Disable ATCAECC508A commission app in mbed_lib.json
Feb 25, 2018
54d1c9c
Add check for I2C dependency
Feb 25, 2018
7052a84
Add I2C pin names for NUMAKER_PFM_NUC472
Feb 25, 2018
02aaa63
Add check for ethernet dependency
Feb 25, 2018
e52971a
Add I2C pin names for NRF 52840 and 52832
Feb 25, 2018
6510453
Add I2C pin names for Maxim targets
Feb 25, 2018
4668930
Enable feature only for K64F
Feb 25, 2018
f4efd98
Check if mbedtls is enabled
Feb 26, 2018
100399f
Fix doxygen comments
Feb 26, 2018
d55a3b1
Guard I2C use under DEVICE_I2C
Feb 26, 2018
e4c8c48
Conditionally delete I2C pointer
Feb 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 97 additions & 0 deletions features/atcryptoauth/ATCAConfig.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
/* mbed Microcontroller Library
* Copyright (c) 2018 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

#include "ATCAConfig.h"

ATCAError SlotConfig::EnableGenKey()
{
if (!IsPrivKey())
return ATCA_ERR_SLOT_NOT_PRIV_KEY;
_register = (_register & ~SLOT_CONFIG_WRITE_CONFIG_MASK) | SLOT_CONFIG_GEN_KEY_ENABLE_FLAG;
return ATCA_SUCCESS;
}

void SlotConfig::SetAsPrivKey()
{
/* Declare ECC Private key */
_register |= SLOT_CONFIG_IS_SECRET_MASK;
/* Disable reads */
_register &= ~SLOT_CONFIG_ENCRYPT_READ_MASK;
}

void SlotConfig::EnableExtMsgSig()
{
/* Disable ECDH operations and internal signatures */
_register &= ~SLOT_CONFIG_READ_KEY_MASK;
/* Enable signing of arbitrary external messages */
_register |= SLOT_CONFIG_INT_SIG_FLAG;
_register |= SLOT_CONFIG_EXT_SIG_FLAG;
}

bool SlotConfig::GenKeyEnabled()
{
return ( (_register & SLOT_CONFIG_WRITE_CONFIG_MASK) == SLOT_CONFIG_GEN_KEY_ENABLE_FLAG);
}

bool SlotConfig::IsPrivKey()
{
return (_register & SLOT_CONFIG_IS_SECRET_MASK) == SLOT_CONFIG_IS_SECRET_MASK &&
(_register & SLOT_CONFIG_ENCRYPT_READ_MASK) == 0;
}


ATCAError KeyConfig::SetECCKeyType()
{
_register &= ~KEY_CONFIG_KEY_TYPE_MASK;
_register |= KEY_CONFIG_P256_ECC_KEY;
return ATCA_SUCCESS;
}

ATCAError KeyConfig::SetNonECCKeyType()
{
_register &= ~KEY_CONFIG_KEY_TYPE_MASK;
_register |= KEY_CONFIG_NON_ECC_KEY;
return ATCA_SUCCESS;
}

ATCAError KeyConfig::EnablePubKeyGen()
{
if (!IsPrivate())
return ATCA_ERR_SLOT_NOT_PRIV_KEY;
_register |= KEY_CONFIG_EN_PUB_KEY_MASK;
return ATCA_SUCCESS;
}

void KeyConfig::SetPrivate()
{
_register |= KEY_CONFIG_PRIVATE_KEY_MASK;
}

bool KeyConfig::IsECCKey()
{
return ( (_register & KEY_CONFIG_P256_ECC_KEY) == KEY_CONFIG_P256_ECC_KEY);
}

bool KeyConfig::PubKeyGenEnabled()
{
return ( (_register & KEY_CONFIG_EN_PUB_KEY_MASK) == KEY_CONFIG_EN_PUB_KEY_MASK);
}

bool KeyConfig::IsPrivate()
{
return ( (_register & KEY_CONFIG_PRIVATE_KEY_MASK) == KEY_CONFIG_PRIVATE_KEY_MASK);
}

102 changes: 102 additions & 0 deletions features/atcryptoauth/ATCAConfig.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
/* mbed Microcontroller Library
* Copyright (c) 2018 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

#ifndef ATCACONFIG_H
#define ATCACONFIG_H

#include <stdint.h>
#include "ATCAError.h"

/* Field masks */
#define SLOT_CONFIG_WRITE_CONFIG_MASK 0xF000
#define SLOT_CONFIG_IS_SECRET_MASK 0x0080
#define SLOT_CONFIG_ENCRYPT_READ_MASK 0x0040
#define SLOT_CONFIG_READ_KEY_MASK 0x000F

#define KEY_CONFIG_KEY_TYPE_MASK 0x001C
#define KEY_CONFIG_PRIVATE_KEY_MASK 0x0001
#define KEY_CONFIG_EN_PUB_KEY_MASK 0x0002

/* Configuration flags */
#define SLOT_CONFIG_GEN_KEY_ENABLE_FLAG 0x2000
#define SLOT_CONFIG_INT_SIG_FLAG 0x0002
#define SLOT_CONFIG_EXT_SIG_FLAG 0x0001

#define KEY_CONFIG_P256_ECC_KEY 0x0010
#define KEY_CONFIG_NON_ECC_KEY 0x001C

/** class for validating and preparing slot config for a data zone.
*/
class SlotConfig
{
private:
uint16_t _register;
public:
SlotConfig(uint16_t slot_config)
: _register(slot_config)
{}
SlotConfig()
{
Reset();
}

void Reset(){ _register = 0; }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing any documentation for methods

ATCAError EnableGenKey();
void SetAsPrivKey();
void EnableExtMsgSig();

bool GenKeyEnabled();
bool IsPrivKey();
uint16_t Get()
{
return _register;
}
};


/** class for validating and preparing key config for a data zone.
*/
class KeyConfig
{
private:
uint16_t _register;

public:
KeyConfig(uint16_t key_config)
: _register(key_config)
{}

KeyConfig()
{
Reset();
}

void Reset(){ _register = 0; }
ATCAError SetECCKeyType();
ATCAError SetNonECCKeyType();
ATCAError EnablePubKeyGen();
void SetPrivate();

bool IsECCKey();
bool PubKeyGenEnabled();
bool IsPrivate();
uint16_t Get()
{
return _register;
}
};

#endif /* ATCACONFIG_H */
125 changes: 125 additions & 0 deletions features/atcryptoauth/ATCAConstants.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
/* mbed Microcontroller Library
* Copyright (c) 2018 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

#ifndef ATCAECCCONSTANTS_H
#define ATCAECCCONSTANTS_H

/** Datasheet defined constants */
#define ATCA_ECC_508A_I2C_ADDR 0xC0
#define ATCA_ECC_508A_REVISION {0x00, 0x00, 0x50, 0x00}
#define ATCA_ECC_WORD_SZ 4
#define ATCA_ECC_STATUS_RESP_LEN 4
#define ATCA_ECC_RESP_STATUS_IDX 1
#define ATCA_ECC_NUM_PRIV_KEY_SLOTS 8
#define ATCA_ECC_ECC_PK_LEN 64
#define ATCA_ECC_CONFIG_ZONE_SZ 128
#define ATCA_KEY_ID_0 0
#define ATCA_ECC_HASH_256_LEN 32
#define ATCA_ECC_SIG_LEN 64
#define ATCA_ECC_CRC_POLYNOMIAL 0x8005
#define ATCA_ECC_NUM_DEVICE_DATA_BLOCKS 4

/** Device functions */
#define ATCA_ECC_FUNC_RST_IO_ADDR 0x00
#define ATCA_ECC_FUNC_SLEEP 0x01
#define ATCA_ECC_FUNC_IDLE 0x02
#define ATCA_ECC_FUNC_COMMAND 0x03


/** EEPROM Zones */
enum ATCAZone
{
ATCA_ECC_ZONE_CONFIG = 0x0

/* Data and OTP zones are not defined here as this driver does not make
* use of them. */
};

/** Command opcodes */
enum ATCAOpCode
{
ATCA_ECC_CMD_OPCODE_READ = 0x02,
ATCA_ECC_CMD_OPCODE_WRITE = 0x12,
ATCA_ECC_CMD_OPCODE_LOCK = 0x17,
ATCA_ECC_CMD_OPCODE_GENKEY = 0x40,
ATCA_ECC_CMD_OPCODE_NONCE = 0x16,
ATCA_ECC_CMD_OPCODE_SIGN = 0x41,
ATCA_ECC_CMD_OPCODE_VERIFY = 0x45,
};

/** Key ID/Slot no. Type */
typedef uint32_t ATCAKeyID;
#define ATCA_ECC_KEY_ID_0 0
#define ATCA_ECC_KEY_ID_INVALID 0xFFFFFFFF

/** Command and responce length */
#define ATCA_ECC_CMD_OFFSET 2 /* Command offset in Tx buffer */
#define ATCA_ECC_RESP_OFFSET 1 /* Response offset in Rx buffer */
#define ATCA_ECC_CRC_INPUT_OFFSET 1 /* CRC input data offset in Tx buffer */
#define ATCA_ECC_MAX_CMD_LEN 132 /* Bytes device allocates for constructing command */
#define ATCA_ECC_MAX_RESP_LEN 67 /* Bytes device allocates for constructing responce */
#define ATCA_ECC_FUNCTION_LEN 1 /* Device function (Write address) */
#define ATCA_ECC_CMD_IO_WRAPER_LEN 3 /* Count + CRC */
#define ATCA_ECC_CMD_READ_LEN 4
#define ATCA_ECC_RESP_READ_LEN 7
#define ATCA_ECC_CMD_WRITE_LEN 8
#define ATCA_ECC_RESP_WRITE_LEN 4
#define ATCA_ECC_CMD_WRITE_LEN 8
#define ATCA_ECC_RESP_WRITE_LEN 4
#define ATCA_ECC_CMD_LOCK_LEN 4
#define ATCA_ECC_STATUS_LEN 4
#define ATCA_ECC_CMD_GENKEY_LEN 4
#define ATCA_ECC_RESP_GENKEY_LEN 67
#define ATCA_ECC_CMD_NONCE_LEN 36
#define ATCA_ECC_CMD_SIGN_LEN 4
#define ATCA_ECC_RESP_SIGN_LEN 67
#define ATCA_ECC_CMD_VERIFY_LEN 132

/** EEPROM addresses */
#define ATCA_ECC_CFG_ADDR_REVISION 4
#define ATCA_ECC_CFG_ADDR_SLOT_CFG 20
#define ATCA_ECC_CFG_ADDR_KEY_CFG 96
#define ATCA_ECC_CFG_ADDR_LCK_CFG 87

/** Flags */
#define ATCA_ECC_FLG_READ_SZ_32 0x80

/** Devices Delays */
#define ATCA_ECC_DELAY_TPU_US 100
#define ATCA_ECC_DELAY_TWLO_US 60
#define ATCA_ECC_DELAY_TWHI_US 1500
#define ATCA_ECC_DELAY_WAKE_TOKEN_RETRY_US 100

/** Command execution times */
#define ATCA_ECC_EXEC_TIME_READ_TYP_US 100
#define ATCA_ECC_EXEC_TIME_READ_MAX_US 1000
#define ATCA_ECC_EXEC_TIME_WRITE_TYP_US 7000
#define ATCA_ECC_EXEC_TIME_WRITE_MAX_US 26000
#define ATCA_ECC_EXEC_TIME_LOCK_TYP_US 8000
#define ATCA_ECC_EXEC_TIME_LOCK_MAX_US 32000
#define ATCA_ECC_EXEC_TIME_GENKEY_TYP_US 11000
#define ATCA_ECC_EXEC_TIME_GENKEY_MAX_US 115000
#define ATCA_ECC_EXEC_TIME_NONCE_TYP_US 100
#define ATCA_ECC_EXEC_TIME_NONCE_MAX_US 7000
#define ATCA_ECC_EXEC_TIME_SIGN_TYP_US 42000
#define ATCA_ECC_EXEC_TIME_SIGN_MAX_US 50000
#define ATCA_ECC_EXEC_TIME_VERIFY_TYP_US 38000
#define ATCA_ECC_EXEC_TIME_VERIFY_MAX_US 58000

/** Driver defined constants */
#define ATCA_ECC_I2C_FREQUENCY 10000

#endif /* ATCAECCCONSTANTS_H */
Loading