diff --git a/.gitattributes b/.gitattributes index b634d85f0..ea63d13b1 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ -*.pdf filter=lfs diff=lfs merge=lfs -text +# Reinstate LFS if pdf sizes increase considerably in the future releases +# *.pdf filter=lfs diff=lfs merge=lfs -text diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 20b5a05e4..bb8366513 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,7 +43,7 @@ jobs: env: CIBW_SKIP: "cp27-* cp36-* cp37-* pp37-* *-musllinux* pp*-macosx*" CIBW_MANYLINUX_X86_64_IMAGE: "manylinux_2_28" - CIBW_BEFORE_BUILD_LINUX: "yum update -y && yum install -y libusb-devel" + CIBW_BEFORE_BUILD_LINUX: "yum update -y && yum install -y libusbx-devel" CIBW_BUILD_VERBOSITY: 3 CIBW_ARCHS_LINUX: "x86_64" CIBW_ARCHS_MACOS: "x86_64 arm64" diff --git a/CMakeLists.txt b/CMakeLists.txt index 9d66dd175..4ac79f2da 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,10 +2,10 @@ cmake_minimum_required(VERSION 3.1.0) project (cryptoauthlib C) # Set the current release version -set(VERSION "3.7.3") +set(VERSION "3.7.4") set(VERSION_MAJOR 3) set(VERSION_MINOR 7) -set(VERSION_PATCH 3) +set(VERSION_PATCH 4) # Build Options option(BUILD_TESTS "Create Test Application with library" OFF) diff --git a/README.md b/README.md index d1a9a67fa..1a8a51618 100644 --- a/README.md +++ b/README.md @@ -6,14 +6,14 @@ Introduction This library implements the APIs required to communicate with Microchip Security device. The family of devices supported currently are: -|CryptoAuth |CryptoAuth2 || -|:----------------------------------------------:|:----------------------------------------:|:-------------------------------------:| -|[ATECC608B](https://www.microchip.com/ATECC608B)|[ECC204](https://www.microchip.com/ECC204) +|CryptoAuth |CryptoAuth2 | +|-----------------------------------------------:|:-----------------------------------------| +|[ATECC608B](https://www.microchip.com/ATECC608B)|[ECC204](https://www.microchip.com/ECC204)| |[ATECC608A](http://www.microchip.com/ATECC608A) |[ECC206](https://www.microchip.com/ECC206)| |[ATECC508A](http://www.microchip.com/ATECC508A) |[SHA104](https://www.microchip.com/SHA104)| -|[ATECC108A](http://www.microchip.com/ATECC108A) |[SHA105](https://www.microchip.com/SHA105)| | -|[ATSHA204A](http://www.microchip.com/ATSHA204A) |[SHA106](https://www.microchip.com/SHA106)| | -|[ATSHA206A](https://www.microchip.com/ATSHA206A)|[RNG90](https://www.microchip.com/RNG90) | | +|[ATECC108A](http://www.microchip.com/ATECC108A) |[SHA105](https://www.microchip.com/SHA105)| +|[ATSHA204A](http://www.microchip.com/ATSHA204A) |[SHA106](https://www.microchip.com/SHA106)| +|[ATSHA206A](https://www.microchip.com/ATSHA206A)|[RNG90](https://www.microchip.com/RNG90) | The best place to start is with the [Microchip Trust Platform](https://www.microchip.com/design-centers/security-ics/trust-platform) @@ -30,9 +30,12 @@ Prerequisite hardware to run CryptoAuthLib examples: Alternatively a Microchip MCU and Adapter Board: - [ATSAMR21 Xplained Pro]( http://www.microchip.com/atsamr21-xpro ) or [ATSAMD21 Xplained Pro]( http://www.microchip.com/ATSAMD21-XPRO ) - - [CryptoAuth Xplained Pro Extension](http://www.microchip.com/developmenttools/productdetails.aspx?partno=atcryptoauth-xpro-b ) - or [CryptoAuthentication SOIC Socket Board](http://www.microchip.com/developmenttools/productdetails.aspx?partno=at88ckscktsoic-xpro ) + - [CryptoAuthentication SOIC Socket Board](http://www.microchip.com/developmenttools/productdetails.aspx?partno=at88ckscktsoic-xpro ) to accept SOIC parts + - [ATECC608B mikroBUS evaluation board](https://www.microchip.com/en-us/development-tool/DT100104) + - [ECC204 mikroBUS evaluation board](https://www.microchip.com/en-us/development-tool/ev92r58a) + - [SHA104/SHA105 mikroBUS evaluation board](https://www.microchip.com/en-us/development-tool/ev97m19a) + - [TA010 mikroBUS evaluation board](https://www.microchip.com/en-us/development-tool/EV74C12A) For most development, using socketed top-boards is preferable until your configuration is well tested, then you can commit it to a CryptoAuth Xplained @@ -45,12 +48,6 @@ Examples - Install the [Trust Platform Design Suite](https://www.microchip.com/en-us/products/security/trust-platform ) to access Use Case examples for the different Security Solutions (ATECC608, SHA104/105, ECC204, TA010, TA100…) - - Node Authentication Example Using Asymmetric PKI is a complete, all-in-one - example demonstrating all the stages of crypto authentication starting from - provisioning the Crypto Authentication device ATECC608/ATECC508A with keys - and certificates to demonstrating an authentication sequence using - asymmetric techniques. - http://www.microchip.com/SWLibraryWeb/product.aspx?product=CryptoAuthLib Configuration ----------- diff --git a/app/kit_host/ascii_kit_host.c b/app/kit_host/ascii_kit_host.c index 2b13b3679..d4220918a 100644 --- a/app/kit_host/ascii_kit_host.c +++ b/app/kit_host/ascii_kit_host.c @@ -686,6 +686,8 @@ void kit_host_task(ascii_kit_host_context_t* ctx) } ctx->phy->send((void*)ctx->phy, ctx->buffer, txlen); + memset(ctx->buffer, '\0', sizeof(ctx->buffer)); + ptr = ctx->buffer; } } diff --git a/cryptoauthlib-manual.pdf b/cryptoauthlib-manual.pdf index 481c99b29..678e5c77f 100644 Binary files a/cryptoauthlib-manual.pdf and b/cryptoauthlib-manual.pdf differ diff --git a/harmony/config/cryptoauthlib.py b/harmony/config/cryptoauthlib.py index f8e036629..c2afa2fe7 100644 --- a/harmony/config/cryptoauthlib.py +++ b/harmony/config/cryptoauthlib.py @@ -38,6 +38,7 @@ _TA_PATHS = ['atcacert/*', 'talib/*'] _SHA206_PATHS = ['api_206a/*'] _EXCL_FILES = ['atca_utils_sizes.c'] +_WOLFCRYPTO_FILES = ['wolfssl/*'] def CALSecFileUpdate(symbol, event): symObj = event['symbol'] @@ -246,8 +247,7 @@ def onAttachmentConnected(source, target): calEnableWolfCrypto = srcComponent.getSymbolByID('CAL_ENABLE_WOLFCRYPTO') calEnableWolfCrypto.setValue(True) - WolfCrypto = srcComponent.getSymbolByID('CAL_FILE_SRC_WOLFSSL_WRAPPER') - WolfCrypto.setEnabled(True) + updateFileEnable(srcComponent, _WOLFCRYPTO_FILES, True) calTaEnableAesAuth = srcComponent.getSymbolByID('CAL_ENABLE_TA10x_AES_AUTH') calTaEnableAesAuth.setValue(True) @@ -296,8 +296,7 @@ def onAttachmentDisconnected(source, target): WolfCrypto = srcComponent.getSymbolByID('CAL_ENABLE_WOLFCRYPTO') WolfCrypto.setValue(False) - WolfCrypto = srcComponent.getSymbolByID('CAL_FILE_SRC_WOLFSSL_WRAPPER') - WolfCrypto.setEnabled(False) + updateFileEnable(srcComponent, _WOLFCRYPTO_FILES, False) calTaEnableAesAuth = srcComponent.getSymbolByID('CAL_ENABLE_TA10x_AES_AUTH') calTaEnableAesAuth.setValue(False) @@ -344,6 +343,10 @@ def instantiateComponent(calComponent): AddFilesDir(calComponent, 'app', search_path, 'library/cryptoauthlib/app', 'config/{}/library/cryptoauthlib/app'.format(configName), enable=False) + for search_path in _WOLFCRYPTO_FILES: + AddFilesDir(calComponent, 'lib', search_path, 'library/cryptoauthlib', + 'config/{}/library/cryptoauthlib'.format(configName), enable=False) + # Add individual files for hal_file in _HAL_FILES: AddFilesDir(calComponent, 'lib/hal', hal_file, 'library/cryptoauthlib/hal', @@ -844,15 +847,6 @@ def instantiateComponent(calComponent): calEnableWolfCrypto.setValue(False) calEnableWolfCrypto.setVisible(False) - calLibWolfSSLSrcFile = calComponent.createFileSymbol("CAL_FILE_SRC_WOLFSSL_WRAPPER", None) - calLibWolfSSLSrcFile.setSourcePath("lib/wolfssl/atca_wolfssl_interface.c") - calLibWolfSSLSrcFile.setOutputName("atca_wolfssl_interface.c") - calLibWolfSSLSrcFile.setDestPath("library/cryptoauthlib/wolfssl") - calLibWolfSSLSrcFile.setProjectPath("config/" + configName + "/library/cryptoauthlib/wolfssl/") - calLibWolfSSLSrcFile.setType('SOURCE') - calLibWolfSSLSrcFile.setEnabled(False) - calLibWolfSSLSrcFile.setDependencies(CALSecFileUpdate, ["CAL_NON_SECURE"]) - # Add HAL Drivers calLibI2cHalSrcFile = calComponent.createFileSymbol("CAL_FILE_SRC_HAL_I2C", None) calLibI2cHalSrcFile.setSourcePath("lib/hal/hal_i2c_harmony.c") diff --git a/lib/atca_compiler.h b/lib/atca_compiler.h index 95ff9fddc..bb545ef22 100644 --- a/lib/atca_compiler.h +++ b/lib/atca_compiler.h @@ -43,8 +43,8 @@ #define ATCA_UINT32_HOST_TO_LE(x) (x) #define ATCA_UINT16_HOST_TO_BE(x) ((((x) & 0x00FF) << 8) | (((x) & 0xFF00) >> 8)) #define ATCA_UINT16_BE_TO_HOST(x) ((((x) & 0x00FF) << 8) | (((x) & 0xFF00) >> 8)) -#define ATCA_UINT32_HOST_TO_BE(x) ((((x) & 0x000000FFU) << 24U) | (((x) & 0x0000FF00U) << 8U) | (((x) & 0x00FF0000U) >> 8U) | (((x) & 0xFF000000U) >> 24U)) -#define ATCA_UINT32_BE_TO_HOST(x) ((((x) & 0x000000FFU) << 24U) | (((x) & 0x0000FF00U) << 8U) | (((x) & 0x00FF0000U) >> 8U) | (((x) & 0xFF000000U) >> 24U)) +#define ATCA_UINT32_HOST_TO_BE(x) ((((x) & 0x000000FFUL) << 24U) | (((x) & 0x0000FF00UL) << 8U) | (((x) & 0x00FF0000UL) >> 8U) | (((x) & 0xFF000000UL) >> 24U)) +#define ATCA_UINT32_BE_TO_HOST(x) ((((x) & 0x000000FFUL) << 24U) | (((x) & 0x0000FF00UL) << 8U) | (((x) & 0x00FF0000UL) >> 8U) | (((x) & 0xFF000000UL) >> 24U)) #define ATCA_UINT64_HOST_TO_BE(x) ((uint64_t)ATCA_UINT32_HOST_TO_BE((uint32_t)(x)) << 32 + (uint64_t)ATCA_UINT32_HOST_TO_BE((uint32_t)((x) >> 32))) #define ATCA_UINT64_BE_TO_HOST(x) ((uint64_t)ATCA_UINT32_BE_TO_HOST((uint32_t)(x)) << 32 + (uint64_t)ATCA_UINT32_BE_TO_HOST((uint32_t)((x) >> 32))) #define SHARED_LIB_EXPORT @@ -197,7 +197,7 @@ #elif defined __ICCARM__ /* IAR ARM ------------------------------------------- */ -#pragma diag_suppress=Pe161 //Unknown pragma warning +#pragma diag_suppress=Pe161 //Unknown pragma warning #include #if __LITTLE_ENDIAN__ == 0 @@ -256,4 +256,13 @@ #define ATCA_PACKED __attribute__ ((packed)) #endif +/** \def UNUSED_VAR + * Enables removal of compiler warning due to unused variables + */ +#ifdef ATCA_UNUSED_VAR_CHECK +#define UNUSED_VAR(x) ((void)(x)) +#else +#define UNUSED_VAR(x) +#endif + #endif /* ATCA_COMPILER_H_ */ diff --git a/lib/atca_config_check.h b/lib/atca_config_check.h index c9319f2ee..443bdd644 100644 --- a/lib/atca_config_check.h +++ b/lib/atca_config_check.h @@ -128,6 +128,13 @@ #define ATCA_HEAP #endif +/** \def ATCA_UNUSED_VAR_CHECK + * Enables removal of compiler warning due to unused variables + */ +#ifndef ATCA_UNUSED_VAR_CHECK +#define ATCA_UNUSED_VAR_CHECK (DEFAULT_ENABLED) +#endif + /**** AES command ****/ /** \def ATCAB_AES diff --git a/lib/atca_version.h b/lib/atca_version.h index 0a2e83017..f6a2fb186 100644 --- a/lib/atca_version.h +++ b/lib/atca_version.h @@ -30,9 +30,9 @@ #define ATCA_VERSION_H // Version format yyyymmdd -#define ATCA_LIBRARY_VERSION_DATE "20240131" +#define ATCA_LIBRARY_VERSION_DATE "20240308" #define ATCA_LIBRARY_VERSION_MAJOR 3 #define ATCA_LIBRARY_VERSION_MINOR 7 -#define ATCA_LIBRARY_VERSION_BUILD 3 +#define ATCA_LIBRARY_VERSION_BUILD 4 #endif /* ATCA_VERSION_H */ diff --git a/lib/atcacert/atcacert_client.c b/lib/atcacert/atcacert_client.c index 7a780acce..7b2945195 100644 --- a/lib/atcacert/atcacert_client.c +++ b/lib/atcacert/atcacert_client.c @@ -156,6 +156,8 @@ ATCA_STATUS atcacert_read_cert_ext(ATCADevice device, atcacert_build_state_t build_state; #endif + UNUSED_VAR(ca_public_key[0]); + if (cert_def == NULL || cert_size == NULL) { return ATCACERT_E_BAD_PARAMS; diff --git a/lib/atcacert/atcacert_date.c b/lib/atcacert/atcacert_date.c index ba55c30a6..c8a5d0b46 100644 --- a/lib/atcacert/atcacert_date.c +++ b/lib/atcacert/atcacert_date.c @@ -45,6 +45,7 @@ atcacert_date_format_t atcacert_date_from_asn1_tag(const uint8_t tag) #ifdef ATCA_MBEDTLS fmt = DATEFMT_RFC5280_GEN; //Mbedtls follows always "YYYY-MM-DD HH:MM:SS." + UNUSED_VAR(tag); #else switch (tag) { diff --git a/lib/atcacert/atcacert_def.c b/lib/atcacert/atcacert_def.c index c54cf3dbd..bdcff23fd 100644 --- a/lib/atcacert/atcacert_def.c +++ b/lib/atcacert/atcacert_def.c @@ -734,6 +734,7 @@ ATCA_STATUS atcacert_get_subject(const atcacert_def_t* cert_def, status = (NULL != cert_def->parsed) ? atcac_get_subject(*cert_def->parsed, cert_subj_buf) : ATCACERT_E_ERROR; } #else + UNUSED_VAR(cert_subj_buf); status = ATCA_UNIMPLEMENTED; #endif } @@ -747,6 +748,9 @@ ATCA_STATUS atcacert_get_subj_public_key(const atcacert_def_t* cert_def, { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; + UNUSED_VAR(cert); + UNUSED_VAR(cert_size); + if (NULL != cert_def && NULL != subj_public_key) { #if ATCACERT_INTEGRATION_EN @@ -777,6 +781,9 @@ ATCA_STATUS atcacert_get_subj_key_id(const atcacert_def_t* cert_def, { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; + UNUSED_VAR(cert); + UNUSED_VAR(cert_size); + if (NULL != cert_def && NULL != subj_key_id) { #if ATCACERT_INTEGRATION_EN @@ -807,6 +814,9 @@ ATCA_STATUS atcacert_get_issuer(const atcacert_def_t* cert_def, { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; + UNUSED_VAR(cert); + UNUSED_VAR(cert_size); + if (NULL != cert_def && NULL != cert_issuer) { #if ATCACERT_INTEGRATION_EN @@ -966,6 +976,9 @@ ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def, size_t formatted_date_size = 0; atcacert_date_format_t date_format = 0; + UNUSED_VAR(cert); + UNUSED_VAR(cert_size); + do { if (cert_def == NULL || timestamp == NULL) @@ -1072,6 +1085,9 @@ ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def, size_t formatted_date_size = 0; atcacert_date_format_t date_format = 0; + UNUSED_VAR(cert); + UNUSED_VAR(cert_size); + do { if (cert_def == NULL || timestamp == NULL) @@ -1510,6 +1526,9 @@ ATCA_STATUS atcacert_get_cert_sn(const atcacert_def_t* cert_def, { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; + UNUSED_VAR(cert); + UNUSED_VAR(cert_size); + if (NULL != cert_def && NULL != cert_sn && NULL != cert_sn_size) { #if ATCACERT_INTEGRATION_EN @@ -1608,6 +1627,9 @@ ATCA_STATUS atcacert_get_auth_key_id(const atcacert_def_t* cert_def, { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; + UNUSED_VAR(cert); + UNUSED_VAR(cert_size); + if (NULL != cert_def && NULL != auth_key_id) { #if ATCACERT_INTEGRATION_EN @@ -1760,11 +1782,6 @@ ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t* cert_def, break; } - if (ATCACERT_E_SUCCESS != (ret = atcacert_date_enc_compcert(&issue_date, cert_def->expire_years, &comp_cert[64]))) - { - break; - } - if (ATCACERT_E_SUCCESS != (ret = atcacert_get_signer_id(cert_def, cert, cert_size, &comp_cert[67]))) { if (ret == ATCACERT_E_ELEM_MISSING) diff --git a/lib/atcacert/atcacert_der.c b/lib/atcacert/atcacert_der.c index e9817dd43..504d34a21 100644 --- a/lib/atcacert/atcacert_der.c +++ b/lib/atcacert/atcacert_der.c @@ -93,10 +93,10 @@ ATCA_STATUS atcacert_der_enc_length(size_t length, uint8_t* der_length, size_t* der_length[0] = 0x80u | (uint8_t)(der_length_size_calc - 1u); // Set number of bytes octet with long-form flag // Encode length in big-endian format - for (l_exp = 1; l_exp <= (int)der_length_size_calc; l_exp++) + for (l_exp = 1; l_exp <= der_length_size_calc; l_exp++) { #ifdef ATCA_PLATFORM_BE - der_length[exp] = len_bytes[sizeof(length) - *der_length_size + exp]; + der_length[l_exp] = len_bytes[sizeof(length) - *der_length_size + l_exp]; #else der_length[l_exp] = len_bytes[der_length_size_calc - 1 - l_exp]; #endif diff --git a/lib/cal_buffer.c b/lib/cal_buffer.c index 12f1cecf8..d3c911cac 100644 --- a/lib/cal_buffer.c +++ b/lib/cal_buffer.c @@ -693,6 +693,20 @@ ATCA_STATUS cal_buf_set(cal_buffer * dst, size_t dst_offset, uint8_t value, size return status; } +/** \brief Initialize a cal buffer with constant pointer + * Returns the initialized cal buffer + */ +cal_buffer cal_buf_init_const_ptr(size_t len,const uint8_t* message) +{ + void **ptr = NULL; + /* coverity[cert_str30_c_violation] Implementation treats input attributes as constants */ + void *lptr = &(message); + (ptr) = lptr; + + cal_buffer init_buf = CAL_BUF_INIT(len,*ptr); + return init_buf; +} + #ifdef ATCA_PRINTF void cal_buf_print(cal_buffer * buf) { diff --git a/lib/cal_buffer.h b/lib/cal_buffer.h index e5750dba1..b84d94ad9 100644 --- a/lib/cal_buffer.h +++ b/lib/cal_buffer.h @@ -78,7 +78,7 @@ typedef struct cal_buffer_s _Pragma("coverity compliance deviate 'MISRA C-2012 Rule 10.8'") \ _Pragma("coverity compliance deviate 'MISRA C-2012 Rule 11.8'") \ (size_t)s, (uint8_t*)b } - #endif + #endif #else #if MULTIPART_BUF_EN #define CAL_BUF_INIT(s, b) { (size_t)(s), (uint8_t*)(b), NULL } @@ -101,6 +101,7 @@ ATCA_STATUS cal_buf_set(cal_buffer * dst, size_t dst_offset, uint8_t value, size ATCA_STATUS cal_buf_set_used(cal_buffer * buf, size_t used); size_t cal_buf_get_used(cal_buffer * buf); +cal_buffer cal_buf_init_const_ptr(size_t len,const uint8_t* message); #ifdef ATCA_PRINTF void cal_buf_print(cal_buffer * buf); diff --git a/lib/calib/calib_basic.c b/lib/calib/calib_basic.c index a56d6bbcd..fb8570de6 100644 --- a/lib/calib/calib_basic.c +++ b/lib/calib/calib_basic.c @@ -37,13 +37,14 @@ ATCA_STATUS calib_wakeup_i2c(ATCADevice device) { ATCA_STATUS status = ATCA_BAD_PARAM; - uint8_t second_byte = 0x01; // I2C general call should not interpreted as an addr write + uint8_t second_byte = 0U; ATCAIface iface = atGetIFace(device); if (NULL != iface) { int retries = atca_iface_get_retries(iface); uint8_t address = atcab_get_device_address(device); + ATCAKitType kit_type = ATCA_KIT_UNKNOWN_IFACE; uint32_t temp; uint32_t wake; uint16_t rxlen; @@ -65,21 +66,21 @@ ATCA_STATUS calib_wakeup_i2c(ATCADevice device) status = ATCA_SUCCESS; } - #if ATCA_CA2_SUPPORT - ATCADeviceType device_type = atcab_get_device_type_ext(device); - - if (atcab_is_ca2_device(device_type)) - { - (void)atsend(iface, 0U, NULL, 0); - } - else + if(atcab_is_ca_device(atcab_get_device_type_ext(device))) { + //! Drive the SDA pin low for wake up + //! Set i2c device addr as 0U to drive SDA low + (void)ifacecfg_set_address(iface->mIfaceCFG, 0U, kit_type); - (void)atsend(iface, second_byte, NULL, 0); + //! I2C general call should not interpreted as an addr write + second_byte = 1U; } - #else + (void)atsend(iface, second_byte, NULL, 0); - #endif + + //! Set the i2c device address + (void)ifacecfg_set_address(iface->mIfaceCFG, address, kit_type); + atca_delay_us(atca_iface_get_wake_delay(iface)); rxlen = (uint16_t)sizeof(wake); diff --git a/lib/cmake/wolfssl.cmake b/lib/cmake/wolfssl.cmake index 2c3be3ea8..f52140bd0 100644 --- a/lib/cmake/wolfssl.cmake +++ b/lib/cmake/wolfssl.cmake @@ -19,12 +19,14 @@ set(WOLFSSL_LIB_SRC ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/aes.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/hash.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/hmac.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/integer.c + ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/kdf.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/memory.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/pwdbased.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/random.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/rsa.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/sha.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/sha256.c + ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/sp_int.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/tfm.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/wc_encrypt.c ${CMAKE_BINARY_DIR}/downloaded/wolfssl/wolfcrypt/src/wc_port.c diff --git a/lib/crypto/atca_crypto_sw.h b/lib/crypto/atca_crypto_sw.h index 68aae97ed..800a866c9 100644 --- a/lib/crypto/atca_crypto_sw.h +++ b/lib/crypto/atca_crypto_sw.h @@ -143,7 +143,6 @@ ATCA_STATUS atcac_aes_gcm_decrypt(struct atcac_aes_gcm_ctx* ctx, const uint8_t* uint8_t* plaintext, const uint8_t* tag, size_t tag_len, const uint8_t* aad, const size_t aad_len, bool* is_verified); -#if ATCAC_AES_GCM_UPDATE_EN ATCA_STATUS atcac_aes_gcm_aad_update(struct atcac_aes_gcm_ctx* ctx, const uint8_t* aad, const size_t aad_len); ATCA_STATUS atcac_aes_gcm_encrypt_update(struct atcac_aes_gcm_ctx* ctx, const uint8_t* plaintext, const size_t pt_len, uint8_t* ciphertext, size_t* ct_len); @@ -152,7 +151,6 @@ ATCA_STATUS atcac_aes_gcm_decrypt_update(struct atcac_aes_gcm_ctx* ctx, const ui uint8_t* plaintext, size_t* pt_len); ATCA_STATUS atcac_aes_gcm_decrypt_finish(struct atcac_aes_gcm_ctx* ctx, const uint8_t* tag, size_t tag_len, bool* is_verified); -#endif /* ATCAC_AES_GCM_UPDATE_EN */ #endif /* ATCAC_AES_GCM_EN */ diff --git a/lib/crypto/atca_crypto_sw_aes_gcm.c b/lib/crypto/atca_crypto_sw_aes_gcm.c index 64f3b1bdb..a298c8605 100644 --- a/lib/crypto/atca_crypto_sw_aes_gcm.c +++ b/lib/crypto/atca_crypto_sw_aes_gcm.c @@ -28,7 +28,7 @@ #include "atca_crypto_sw.h" -#if ATCAC_AES_GCM_EN && ATCAC_AES_GCM_UPDATE_EN +#if ATCAC_AES_GCM_EN ATCA_STATUS atcac_aes_gcm_encrypt( struct atcac_aes_gcm_ctx* ctx, diff --git a/lib/crypto/crypto_sw_config_check.h b/lib/crypto/crypto_sw_config_check.h index b0f649b34..b2851fbcd 100644 --- a/lib/crypto/crypto_sw_config_check.h +++ b/lib/crypto/crypto_sw_config_check.h @@ -198,4 +198,11 @@ #define ATCAB_PBKDF2_SHA256_EN (CALIB_SHA_HMAC_EN || TALIB_SHA_HMAC_EN) #endif +/** \def ATCAC_AES_GCM_EN + * Indicates if this module is a provider of an AES-GCM implementation + */ +#ifndef ATCAC_AES_GCM_EN +#define ATCAC_AES_GCM_EN (ATCA_HOSTLIB_EN) +#endif /* ATCAC_AES_GCM_EN */ + #endif /* CRYPTO_CONFIG_CHECK_H */ diff --git a/lib/crypto/hashes/sha2_routines.c b/lib/crypto/hashes/sha2_routines.c index 586b6a563..d6051af9c 100644 --- a/lib/crypto/hashes/sha2_routines.c +++ b/lib/crypto/hashes/sha2_routines.c @@ -171,7 +171,12 @@ void sw_sha256_update(sw_sha256_ctx* ctx, const uint8_t* msg, uint32_t msg_size) { uint32_t block_count; uint32_t rem_size = SHA256_BLOCK_SIZE - ctx->block_size; - size_t copy_size = msg_size > rem_size ? (size_t)rem_size : (size_t)msg_size; + uint32_t copy_size = msg_size > rem_size ? rem_size : msg_size; + + if (0u == msg_size || NULL == msg) + { + return; + } // Copy data into current block (void)memcpy(&ctx->block[ctx->block_size], msg, copy_size); diff --git a/lib/hal/README.md b/lib/hal/README.md index 1a3715bb5..002ffb9c3 100644 --- a/lib/hal/README.md +++ b/lib/hal/README.md @@ -66,7 +66,7 @@ Obtain library and configure using [Harmony 3](https://github.com/Microchip-MPLA |------------|------------------------------|-------------|-------------------------------------------------| | I2C | hal_i2c_harmony.c | plib.h | For all Harmony 3 based projects | | SPI | hal_spi_harmony.c | plib.h | | -| UART | hal_uart_harmony.c | plib.h | } +| UART | hal_uart_harmony.c | plib.h | | Microchip 8 & 16 bit products - AVR, PIC16/18, PIC24/DSPIC -------------------------------------------- diff --git a/lib/hal/kit_protocol.c b/lib/hal/kit_protocol.c index 98c6b3ef6..458a9f424 100644 --- a/lib/hal/kit_protocol.c +++ b/lib/hal/kit_protocol.c @@ -611,12 +611,11 @@ ATCA_STATUS kit_send(ATCAIface iface, uint8_t word_address, uint8_t* txdata, int ATCA_STATUS status = ATCA_SUCCESS; int nkitbuf; char* pkitbuf = NULL; - const char *target; do { // Wrap in kit protocol - if(atcab_is_ta_device(iface->mIfaceCFG->devtype)) + if(true == atcab_is_ta_device(iface->mIfaceCFG->devtype)) { /* coverity[cert_int32_c_violation:FALSE] txlength maximum value is controled by maximum supported packet size of the device */ nkitbuf = (txlength + sizeof(word_address)) * 2 + KIT_TX_WRAP_SIZE; @@ -634,9 +633,7 @@ ATCA_STATUS kit_send(ATCAIface iface, uint8_t word_address, uint8_t* txdata, int (void)memset(pkitbuf, 0, (size_t)nkitbuf); } - target = kit_id_from_devtype(iface->mIfaceCFG->devtype); - - if (ATCA_SUCCESS != (status = kit_wrap_cmd(word_address, txdata, txlength, pkitbuf, &nkitbuf, target))) + if (ATCA_SUCCESS != (status = kit_wrap_cmd(iface, word_address, txdata, txlength, pkitbuf, &nkitbuf))) { status = ATCA_GEN_FAIL; break; @@ -654,7 +651,7 @@ ATCA_STATUS kit_send(ATCAIface iface, uint8_t word_address, uint8_t* txdata, int } // Receive the reply to send "00()\n" - if (strncmp(target, "TA10x", 3) == 0) + if (true == atcab_is_ta_device(iface->mIfaceCFG->devtype)) { status = kit_ta_receive_send_rsp(iface); } @@ -683,7 +680,6 @@ ATCA_STATUS kit_receive(ATCAIface iface, uint8_t word_address, uint8_t* rxdata, int nkitbuf = 0; int dataSize; char *pkitbuf = NULL; - const char* target; do { @@ -694,8 +690,7 @@ ATCA_STATUS kit_receive(ATCAIface iface, uint8_t word_address, uint8_t* rxdata, break; } - target = kit_id_from_devtype(iface->mIfaceCFG->devtype); - if (strncmp(target, "TA10x", 3) == 0) + if (true == atcab_is_ta_device(iface->mIfaceCFG->devtype)) { // Send word address byte to kit protocol to receive a response from device if (ATCA_SUCCESS != (status = kit_ta_send_to_receive(iface, word_address, rxsize))) @@ -728,13 +723,8 @@ ATCA_STATUS kit_receive(ATCAIface iface, uint8_t word_address, uint8_t* rxdata, printf("Kit Read: %s\r", pkitbuf); #endif - // Unwrap from kit protocol - - /* coverity[misra_c_2012_rule_14_3_violation] */ - if ((*rxsize >= 0U) &&(*rxsize <= UINT16_MAX)) - { - dataSize = (int)*rxsize; - } + // Unwrap from kit protocol + dataSize = (int)*rxsize; *rxsize = 0; if (ATCA_SUCCESS != (status = kit_parse_rsp(pkitbuf, nkitbuf, kitstatus, rxdata, &dataSize))) { @@ -892,6 +882,7 @@ ATCA_STATUS kit_sleep(ATCAIface iface) } /** \brief Wrap binary bytes in ascii kit protocol + * \param[in] iface instance * \param[in] word_address Binary word address to wrap. * \param[in] txdata Binary data to wrap. * \param[in] txlen Length of binary data in bytes. @@ -899,16 +890,16 @@ ATCA_STATUS kit_sleep(ATCAIface iface) * \param[in,out] nkitcmd As input, the size of the pkitcmd buffer. * As output, the number of bytes returned in the * pkitcmd buffer. - * \param[in] target Device type * \return ATCA_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS kit_wrap_cmd(uint8_t word_address, const uint8_t* txdata, int txlen, char* pkitcmd, int* nkitcmd, const char* target) +ATCA_STATUS kit_wrap_cmd(ATCAIface iface, uint8_t word_address, const uint8_t* txdata, int txlen, char* pkitcmd, int* nkitcmd) { ATCA_STATUS status = ATCA_SUCCESS; const char* ta_cmdpre = "t:send("; const char* ca_cmdpre = "d:t("; - bool is_ta_device = (strncmp(target, "TA10x", 3) != 0) ? false : true; - const char* cmdpre = (strncmp(target, "TA10x", 3) != 0) ? ca_cmdpre : ta_cmdpre; + const char* target = kit_id_from_devtype(iface->mIfaceCFG->devtype); + bool is_ta_device = (atcab_is_ta_device(iface->mIfaceCFG->devtype)) ? true : false; + const char* cmdpre = (atcab_is_ta_device(iface->mIfaceCFG->devtype)) ? ta_cmdpre : ca_cmdpre; char cmdpost[] = ")\n"; size_t cpylen = 0U; size_t cpyindex = 0U; @@ -960,7 +951,7 @@ ATCA_STATUS kit_wrap_cmd(uint8_t word_address, const uint8_t* txdata, int txlen, cpyindex += wordaddr_cmdAsciiLen; } - if(NULL != txdata && 0u < txlen) + if(NULL != txdata && 0 < txlen) { // Copy the ascii binary bytes if (ATCA_SUCCESS != (status = atcab_bin2hex_(txdata, (size_t)(txlen), &pkitcmd[cpyindex], &txdata_cmdAsciiLen, false, false, true))) @@ -976,8 +967,7 @@ ATCA_STATUS kit_wrap_cmd(uint8_t word_address, const uint8_t* txdata, int txlen, /* coverity[cert_int30_c_violation:FALSE] cpyindex can never wrap because the input strings sizes are controlled to a narrow range by the caller */ cpyindex += cpylen; - /* coverity[misra_c_2012_rule_14_3_violation] Max slot can be greater than 1*/ - if (cpyindex >= INT_MIN && cpyindex <= INT_MAX) + if (cpyindex <= INT_MAX) { *nkitcmd = (int)cpyindex; } diff --git a/lib/hal/kit_protocol.h b/lib/hal/kit_protocol.h index 40bef108b..39a417479 100644 --- a/lib/hal/kit_protocol.h +++ b/lib/hal/kit_protocol.h @@ -59,7 +59,7 @@ ATCA_STATUS kit_receive(ATCAIface iface, uint8_t word_address, uint8_t* rxdata, ATCA_STATUS kit_control(ATCAIface iface, uint8_t option, void* param, size_t paramlen); ATCA_STATUS kit_release(void* hal_data); -ATCA_STATUS kit_wrap_cmd(uint8_t word_address, const uint8_t* txdata, int txlen, char* pkitcmd, int* nkitcmd, const char* target); +ATCA_STATUS kit_wrap_cmd(ATCAIface iface, uint8_t word_address, const uint8_t* txdata, int txlen, char* pkitcmd, int* nkitcmd); ATCA_STATUS kit_parse_rsp(const char* pkitbuf, int nkitbuf, uint8_t* kitstatus, uint8_t* rxdata, int* datasize); ATCA_STATUS kit_wake(ATCAIface iface); diff --git a/lib/mbedtls/atca_mbedtls_interface.h b/lib/mbedtls/atca_mbedtls_interface.h index 729821ed9..cd94a1600 100644 --- a/lib/mbedtls/atca_mbedtls_interface.h +++ b/lib/mbedtls/atca_mbedtls_interface.h @@ -80,13 +80,6 @@ #endif #endif /* ATCAC_AES_GCM_EN */ -/** \def ATCAC_AES_GCM_UPDATE_EN - * Indicates if this module is a provider of an AES-GCM Update implementation - */ -#ifndef ATCAC_AES_GCM_UPDATE_EN -#define ATCAC_AES_GCM_UPDATE_EN (ATCAC_AES_GCM_EN) -#endif - /** \def ATCAC_PKEY_EN * Indicates if this module is a provider of a generic asymmetric cryptography * implementation */ diff --git a/lib/mbedtls/atca_mbedtls_wrap.c b/lib/mbedtls/atca_mbedtls_wrap.c index 181642869..ad2fbd1e0 100644 --- a/lib/mbedtls/atca_mbedtls_wrap.c +++ b/lib/mbedtls/atca_mbedtls_wrap.c @@ -1366,7 +1366,7 @@ ATCA_STATUS atcac_parse_der(struct atcac_x509_ctx** cert, cal_buffer* der) /* coverity[misra_c_2012_rule_11_3_violation:FALSE] The mbetls x509 struct pointer is made to point the atcac_x509_ctx void ptr*/ /*The memory allocated will be traversed using the void ptr in atcac_x509_ctx and is the only member*/ /* Our library uses structure of type atcac_x509_ctx to be mapped to third party specific certificate structre and this cannot be changed*/ - *cert = xcert; + *cert = (struct atcac_x509_ctx*)xcert; status = ATCA_SUCCESS; #endif } @@ -1555,6 +1555,8 @@ ATCA_STATUS atcac_get_issue_date(const struct atcac_x509_ctx* cert, cal_buffer* { ATCA_STATUS status = ATCA_BAD_PARAM; + UNUSED_VAR(fmt); + if (NULL != cert && NULL != not_before) { /* coverity[cert_exp40_c_violation:FALSE] mbedtls ssl api requires non const qualifier in lower apis*/ @@ -1574,6 +1576,8 @@ ATCA_STATUS atcac_get_expire_date(const struct atcac_x509_ctx* cert, cal_buffer* { ATCA_STATUS status = ATCA_BAD_PARAM; + UNUSED_VAR(fmt); + if (NULL != cert && NULL != not_after) { /* coverity[cert_exp40_c_violation:FALSE] mbedtls ssl api requires non const qualifier in lower apis*/ diff --git a/lib/openssl/atca_openssl_interface.h b/lib/openssl/atca_openssl_interface.h index 144d01b78..006dfa98a 100644 --- a/lib/openssl/atca_openssl_interface.h +++ b/lib/openssl/atca_openssl_interface.h @@ -64,13 +64,6 @@ extern "C" { #define ATCAC_AES_GCM_EN (DEFAULT_ENABLED) #endif /* ATCAC_AES_GCM_EN */ -/** \def ATCAC_AES_GCM_UPDATE_EN - * Indicates if this module is a provider of an AES-GCM Update implementation - */ -#ifndef ATCAC_AES_GCM_UPDATE_EN -#define ATCAC_AES_GCM_UPDATE_EN (ATCAC_AES_GCM_EN) -#endif - /** \def ATCAC_PKEY_EN * Indicates if this module is a provider of a generic asymmetric cryptography * implementation */ @@ -85,7 +78,7 @@ extern "C" { #define HOSTLIB_CERT_EN (DEFAULT_ENABLED) #endif -#if ATCAC_AES_GCM_EN || ATCAC_AES_GCM_UPDATE_EN +#if ATCAC_AES_GCM_EN typedef struct atcac_aes_gcm_ctx { void* ptr; diff --git a/lib/pkcs11/pkcs11_cert.c b/lib/pkcs11/pkcs11_cert.c index 085591afb..e82e9ac1f 100644 --- a/lib/pkcs11/pkcs11_cert.c +++ b/lib/pkcs11/pkcs11_cert.c @@ -93,6 +93,8 @@ static CK_RV pkcs11_cert_load_cache(const pkcs11_session_ctx_ptr pSession, const { CK_RV rv = CKR_GENERAL_ERROR; + UNUSED_VAR(pSession); + if ((pObject->class_id == CKO_CERTIFICATE) && (pObject->class_type == CK_CERTIFICATE_CATEGORY_TOKEN_USER)) { @@ -119,7 +121,7 @@ static CK_RV pkcs11_cert_load_cache(const pkcs11_session_ctx_ptr pSession, const cert_def->type = CERTTYPE_X509_FULL_STORED; cert_def->comp_cert_dev_loc.zone = (atcacert_device_zone_t)ATCA_ZONE_DATA; cert_def->comp_cert_dev_loc.slot = pObject->slot; - cert_def->parsed = &pkcs11_cert_cache_list[i].pCert_parsed; + cert_def->parsed = (struct atcac_x509_ctx**)(&pkcs11_cert_cache_list[i].pCert_parsed); pObject->data = cert_def; pObject->flags |= PKCS11_OBJECT_FLAG_CERT_CACHE; @@ -1090,6 +1092,7 @@ CK_RV pkcs11_cert_x509_write(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, p CK_RV pkcs11_cert_clear_session_cache(pkcs11_session_ctx_ptr session_ctx) { CK_RV rv = CKR_GENERAL_ERROR; + UNUSED_VAR(session_ctx); #if !defined(ATCA_NO_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) CK_ULONG i; @@ -1136,6 +1139,7 @@ CK_RV pkcs11_cert_clear_session_cache(pkcs11_session_ctx_ptr session_ctx) CK_RV pkcs11_cert_clear_object_cache(pkcs11_object_ptr pObject) { CK_RV rv = CKR_GENERAL_ERROR; + UNUSED_VAR(pObject); #if !defined(ATCA_NO_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) CK_ULONG i; diff --git a/lib/pkcs11/pkcs11_digest.c b/lib/pkcs11/pkcs11_digest.c index 9ea6e4639..a59fd9ff9 100644 --- a/lib/pkcs11/pkcs11_digest.c +++ b/lib/pkcs11/pkcs11_digest.c @@ -119,7 +119,11 @@ CK_RV pkcs11_digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDa if (CKR_OK == (rv = pkcs11_lock_context(pLibCtx))) { - rv = pkcs11_util_convert_rv(atcac_sw_sha2_256(pData, ulDataLen, pDigest)); + rv = pkcs11_util_convert_rv(atcac_sw_sha2_256_update(&pSession->active_mech_data.sha256, pData, ulDataLen)); + if (CKR_OK == rv) + { + rv = pkcs11_util_convert_rv(atcac_sw_sha2_256_finish(&pSession->active_mech_data.sha256, pDigest)); + } pSession->active_mech = CKM_VENDOR_DEFINED; (void)pkcs11_unlock_context(pLibCtx); } diff --git a/lib/pkcs11/pkcs11_find.c b/lib/pkcs11/pkcs11_find.c index c8991cf90..bf9dfb5c3 100644 --- a/lib/pkcs11/pkcs11_find.c +++ b/lib/pkcs11/pkcs11_find.c @@ -360,18 +360,14 @@ CK_RV pkcs11_find_continue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phOb *pulObjectCount = (pSession->object_count < ulMaxObjectCount) ? pSession->object_count : ulMaxObjectCount; - if (CKR_OK == (rv = (pkcs11_lock_context(pLibCtx)))) + if (CKR_OK == (rv = (pkcs11_lock_both(pLibCtx)))) { i = 0; while (i < *pulObjectCount) { - if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) - { - phObject[i] = pkcs11_find_handle(pSession->slot->slot_id, pSession->attrib_list, - pSession->attrib_count, &pSession->object_index, pSession); - (void)pkcs11_unlock_device(pLibCtx); - } + phObject[i] = pkcs11_find_handle(pSession->slot->slot_id, pSession->attrib_list, + pSession->attrib_count, &pSession->object_index, pSession); if (phObject[i] == 0u) { @@ -389,7 +385,7 @@ CK_RV pkcs11_find_continue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phOb i++; } - (void)pkcs11_unlock_context(pLibCtx); + (void)pkcs11_unlock_both(pLibCtx); } return rv; diff --git a/lib/pkcs11/pkcs11_init.c b/lib/pkcs11/pkcs11_init.c index e74930ee7..8d4e84651 100644 --- a/lib/pkcs11/pkcs11_init.c +++ b/lib/pkcs11/pkcs11_init.c @@ -462,7 +462,7 @@ static CK_RV pkcs11_deinit_interface_check(ATCADevice device, ATCAIfaceType list while (ATCA_UNKNOWN_IFACE != list[i]) { /* coverity[misra_c_2012_rule_14_3_violation] Based on User input max slot varies */ - if (i >= (PKCS11_MAX_SLOTS_ALLOWED - 1u)) + if (i >= (CK_CHAR)(PKCS11_MAX_SLOTS_ALLOWED - 1u)) { /* list max reached*/ rv = CKR_FUNCTION_FAILED; diff --git a/lib/pkcs11/pkcs11_mech.c b/lib/pkcs11/pkcs11_mech.c index b3b6165ca..b56590eef 100644 --- a/lib/pkcs11/pkcs11_mech.c +++ b/lib/pkcs11/pkcs11_mech.c @@ -226,7 +226,7 @@ static pcks11_mech_table_e pkcs11_mech_list_ecc608[] = { #if ATCA_TA_SUPPORT /* CK_MECHANISM_TYPE, MinKeySize, MaxKeySize, Flags */ -static pcks11_mech_table_e pkcs11_mech_list_ta100[] = { +static pcks11_mech_table_e pkcs11_mech_list_ta[] = { //CKM_DH_PKCS_KEY_PAIR_GEN, //CKM_DH_PKCS_DERIVE, { CKM_SHA256, { 256, 256, CKF_HW | CKF_DIGEST } }, @@ -373,30 +373,31 @@ CK_RV pkcs11_mech_get_list(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismLi return CKR_SLOT_ID_INVALID; } - switch (slot_ctx->interface_config.devtype) + if (ATECC508A == slot_ctx->interface_config.devtype) { #ifdef ATCA_ATECC508A_SUPPORT - case ATECC508A: mech_cnt = (CK_ULONG)(TABLE_SIZE(pkcs11_mech_list_ecc508)); mech_list_ptr = pkcs11_mech_list_ecc508; - break; #endif + } + else if (ATECC608 == slot_ctx->interface_config.devtype) + { #ifdef ATCA_ATECC608_SUPPORT - case ATECC608: mech_cnt = (CK_ULONG)(TABLE_SIZE(pkcs11_mech_list_ecc608)); mech_list_ptr = pkcs11_mech_list_ecc608; - break; #endif + } + else if (atcab_is_ta_device(slot_ctx->interface_config.devtype)) + { #if ATCA_TA_SUPPORT - case TA100: - mech_cnt = (CK_ULONG)(TABLE_SIZE(pkcs11_mech_list_ta100)); - mech_list_ptr = pkcs11_mech_list_ta100; - break; + mech_cnt = (CK_ULONG)(TABLE_SIZE(pkcs11_mech_list_ta)); + mech_list_ptr = pkcs11_mech_list_ta; #endif - default: + } + else + { mech_cnt = 0; mech_list_ptr = NULL; - break; } /* Ref PKCS11 Sec 5.5 - C_GetMechanismList Requirement #2 */ @@ -443,26 +444,27 @@ CK_RV pkcs_mech_get_info(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM return CKR_SLOT_ID_INVALID; } - switch (slot_ctx->interface_config.devtype) + if (ATECC508A == slot_ctx->interface_config.devtype) { #ifdef ATCA_ATECC508A_SUPPORT - case ATECC508A: mech_info_ptr = pkcs11_mech_find_info(pkcs11_mech_list_ecc508, (CK_ULONG)(TABLE_SIZE(pkcs11_mech_list_ecc508)), type); - break; #endif + } + else if (ATECC608 == slot_ctx->interface_config.devtype) + { #ifdef ATCA_ATECC608_SUPPORT - case ATECC608: mech_info_ptr = pkcs11_mech_find_info(pkcs11_mech_list_ecc608, (CK_ULONG)(TABLE_SIZE(pkcs11_mech_list_ecc608)), type); - break; #endif + } + else if (atcab_is_ta_device(slot_ctx->interface_config.devtype)) + { #if ATCA_TA_SUPPORT - case TA100: - mech_info_ptr = pkcs11_mech_find_info(pkcs11_mech_list_ta100, (CK_ULONG)(TABLE_SIZE(pkcs11_mech_list_ta100)), type); - break; + mech_info_ptr = pkcs11_mech_find_info(pkcs11_mech_list_ta, (CK_ULONG)(TABLE_SIZE(pkcs11_mech_list_ta)), type); #endif - default: + } + else + { mech_info_ptr = NULL; - break; } if (NULL == mech_info_ptr) diff --git a/lib/pkcs11/pkcs11_token.c b/lib/pkcs11/pkcs11_token.c index 11c7786de..0206589f8 100644 --- a/lib/pkcs11/pkcs11_token.c +++ b/lib/pkcs11/pkcs11_token.c @@ -694,7 +694,7 @@ CK_RV pkcs11_token_convert_pin_to_key( #ifndef PKCS11_PIN_KDF_ALWAYS bool is_ca_device = atcab_is_ca_device(atcab_get_device_type_ext(slot_ctx->device_ctx)); - uint16_t key_len = (uint16_t)(is_ca_device ? 32 : 16); + uint16_t key_len = (uint16_t)(is_ca_device ? ATCA_SHA256_DIGEST_SIZE : (ATCA_SHA256_DIGEST_SIZE/2u)); if ((uint16_t)(2u * key_len) == ulPinLen) { size_t out_len = ulKeyLen; @@ -735,10 +735,10 @@ CK_RV pkcs11_token_set_pin(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, pkcs11_session_ctx_ptr pSession; pkcs11_lib_ctx_ptr pLibCtx; uint16_t pin_slot; - uint8_t buf[32] = { 0 }; + uint8_t buf[ATCA_SHA256_DIGEST_SIZE] = { 0 }; CK_RV rv; bool is_ca_device = false; - uint16_t key_len = 0; + CK_ULONG key_len = 0; ((void)pOldPin); ((void)ulOldLen); @@ -761,7 +761,10 @@ CK_RV pkcs11_token_set_pin(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, } is_ca_device = atcab_is_ca_device(atcab_get_device_type_ext(pSession->slot->device_ctx)); - key_len = (uint16_t)(is_ca_device ? 32 : 16); + + //For TA100/TA101, with AES 128 GCM generated key, 16 byte data of key is written to auth handle + //For ECC, 32 bytes write possible + key_len = (is_ca_device ? ATCA_SHA256_DIGEST_SIZE : (ATCA_SHA256_DIGEST_SIZE/2u)); if (CKR_OK == (rv = pkcs11_lock_context(pLibCtx))) { @@ -797,7 +800,7 @@ CK_RV pkcs11_token_set_pin(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, { if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) { - rv = pkcs11_util_convert_rv(atcab_write_zone_ext(pSession->slot->device_ctx, ATCA_ZONE_DATA, pin_slot, 0, 0, buf, (uint8_t)sizeof(buf))); + rv = pkcs11_util_convert_rv(atcab_write_zone_ext(pSession->slot->device_ctx, ATCA_ZONE_DATA, pin_slot, 0, 0, buf, (uint8_t)key_len)); (void)pkcs11_unlock_device(pLibCtx); } } diff --git a/lib/wolfssl/atca_wolfssl_interface.c b/lib/wolfssl/atca_wolfssl_interface.c index 5a7d0b203..824e86bb2 100644 --- a/lib/wolfssl/atca_wolfssl_interface.c +++ b/lib/wolfssl/atca_wolfssl_interface.c @@ -72,7 +72,37 @@ ATCA_STATUS atcac_sw_random(uint8_t* data, size_t data_size) return status; } +/** \brief Update the GCM context with additional authentication data (AAD) + * + * \param[in] ctx AES-GCM Context + * \param[in] aad Additional Authentication Data + * \param[in] aad_len Length of AAD + * + * \return ATCA_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcac_aes_gcm_aad_update( + struct atcac_aes_gcm_ctx* ctx, /**< [in] AES-GCM Context */ + const uint8_t* aad, /**< [in] Additional Authentication Data */ + const size_t aad_len /**< [in] Length of AAD */ + ) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if (NULL != ctx) + { + status = (0 == wc_AesGcmEncryptUpdate(&ctx->aes, NULL, NULL, 0U, aad, (word32)(aad_len & UINT32_MAX))) ? ATCA_SUCCESS : ATCA_GEN_FAIL; + } + + return status; +} + /** \brief Initialize an AES-GCM context + * + * \param[in] ctx AES-GCM Context + * \param[in] key AES Key + * \param[in] key_len Length of the AES key - should be 16 or 32 + * \param[in] iv Initialization vector input + * \param[in] iv_len Length of the initialization vector * * \return ATCA_SUCCESS on success, otherwise an error code. */ @@ -89,43 +119,85 @@ ATCA_STATUS atcac_aes_gcm_encrypt_start( if (NULL != ctx) { (void)memset(ctx, 0, sizeof(atcac_aes_gcm_ctx_t)); - ctx->iv_len = iv_len; - if (NULL != iv) + if (0 == wc_AesInit(&ctx->aes, NULL, INVALID_DEVID)) { - (void)memcpy(ctx->iv, iv, ctx->iv_len); + status = (0 == wc_AesGcmEncryptInit(&ctx->aes, key, key_len, iv, iv_len)) ? ATCA_SUCCESS : ATCA_GEN_FAIL; } - status = (0 == wc_AesGcmSetKey(&ctx->aes, key, key_len)) ? ATCA_SUCCESS : ATCA_GEN_FAIL; + } return status; } -ATCA_STATUS atcac_aes_gcm_encrypt( +/** \brief Encrypt a data using the initialized context + * + * \param[in] ctx AES-GCM Context + * \param[in] plaintext Data to be encrypted + * \param[in] pt_len Plain text Length + * \param[out] ciphertext Encrypted data + * \param[out] ct_len Cipher text length + * + * \return ATCA_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcac_aes_gcm_encrypt_update( struct atcac_aes_gcm_ctx* ctx, const uint8_t* plaintext, const size_t pt_len, uint8_t* ciphertext, + size_t* ct_len + ) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if (NULL != ctx && NULL != ciphertext && NULL != ct_len) + { + if ((pt_len <= UINT32_MAX)) + { + status = (0 == wc_AesGcmEncryptUpdate(&ctx->aes, ciphertext, plaintext, (word32)pt_len, NULL, 0U)) ? ATCA_SUCCESS : ATCA_GEN_FAIL; + + if (ATCA_SUCCESS == status) + { + *ct_len = pt_len; + } + } + } + return status; +} + +/** \brief Get the AES-GCM tag and free the context + * + * \param[in] ctx AES-GCM Context + * \param[out] tag AES-GCM tag + * \param[in] tag_len tag length + * + * \return ATCA_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcac_aes_gcm_encrypt_finish( + struct atcac_aes_gcm_ctx* ctx, uint8_t* tag, - size_t tag_len, - const uint8_t* aad, - const size_t aad_len + size_t tag_len ) { ATCA_STATUS status = ATCA_BAD_PARAM; if (NULL != ctx) { - if ((pt_len <= UINT32_MAX) && (tag_len <= UINT32_MAX) && (aad_len <= UINT32_MAX)) + if (tag_len <= UINT32_MAX) { - status = (0 == wc_AesGcmEncrypt(&ctx->aes, ciphertext, plaintext, (word32)pt_len, ctx->iv, ctx->iv_len, - tag, (word32)tag_len, aad, (word32)aad_len)) ? ATCA_SUCCESS : ATCA_GEN_FAIL; + status = (0 == wc_AesGcmEncryptFinal(&ctx->aes, tag, (word32)tag_len)) ? ATCA_SUCCESS : ATCA_GEN_FAIL; } } return status; } -/** \brief Initialize an AES-GCM context +/** \brief Initialize an AES-GCM context for decryption + * + * \param[in] ctx AES-GCM Context + * \param[in] key AES Key + * \param[in] key_len Length of the AES key - should be 16 or 32 + * \param[in] iv Initialization vector input + * \param[in] iv_len Length of the initialization vector * * \return ATCA_SUCCESS on success, otherwise an error code. */ @@ -142,43 +214,76 @@ ATCA_STATUS atcac_aes_gcm_decrypt_start( if (NULL != ctx) { (void)memset(ctx, 0, sizeof(atcac_aes_gcm_ctx_t)); - ctx->iv_len = iv_len; - if (NULL != iv) + if (0 == wc_AesInit(&ctx->aes, NULL, INVALID_DEVID)) { - (void)memcpy(ctx->iv, iv, ctx->iv_len); + status = (0 == wc_AesGcmDecryptInit(&ctx->aes, key, key_len, iv, iv_len)) ? ATCA_SUCCESS : ATCA_GEN_FAIL; } - - status = (0 == wc_AesGcmSetKey(&ctx->aes, key, key_len)) ? ATCA_SUCCESS : ATCA_GEN_FAIL; } return status; } -ATCA_STATUS atcac_aes_gcm_decrypt( +/** \brief Decrypt ciphertext using the initialized context + * + * \param[in] ctx AES-GCM Context + * \param[in] ciphertext Encrypted data + * \param[in] ct_len Ciphertext length + * \param[out] plaintext Data to be encrypted + * \param[out] pt_len Plaintext Length + * + * \return ATCA_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcac_aes_gcm_decrypt_update( struct atcac_aes_gcm_ctx* ctx, const uint8_t* ciphertext, const size_t ct_len, uint8_t* plaintext, - const uint8_t* tag, - size_t tag_len, - const uint8_t* aad, - const size_t aad_len, - bool* is_verified + size_t* pt_len ) { ATCA_STATUS status = ATCA_BAD_PARAM; - if (NULL != ctx && NULL != is_verified) + if (NULL != ctx && NULL != pt_len) { - if ((tag_len <= UINT32_MAX) && (aad_len <= UINT32_MAX) && (ct_len <= UINT32_MAX)) + if (ct_len <= UINT32_MAX) { - status = (0 == wc_AesGcmDecrypt(&ctx->aes, plaintext, ciphertext, (word32)ct_len, ctx->iv, ctx->iv_len, - tag, (word32)tag_len, aad, (word32)aad_len)) ? ATCA_SUCCESS : ATCA_FUNC_FAIL; + status = (0 == wc_AesGcmDecryptUpdate(&ctx->aes, plaintext, ciphertext, (word32)ct_len, NULL, 0U)) ? ATCA_SUCCESS : ATCA_FUNC_FAIL; + + if (ATCA_SUCCESS == status) + { + *pt_len = ct_len; + } } + } + return status; +} + +/** \brief Compare the AES-GCM tag and free the context + * + * \param[in] ctx AES-GCM Context + * \param[out] tag AES-GCM tag + * \param[in] tag_len tag length + * \param[out] is_verified verification status + * + * \return ATCA_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcac_aes_gcm_decrypt_finish( + struct atcac_aes_gcm_ctx* ctx, /**< [in] AES-GCM Context */ + const uint8_t* tag, /**< [in] GCM Tag to Verify */ + size_t tag_len, /**< [in] Length of the GCM tag */ + bool* is_verified /**< [out] Tag verified as matching */ + ) +{ + ATCA_STATUS status = ATCA_BAD_PARAM; + + if ((NULL != ctx) && (NULL != is_verified) && (UINT32_MAX >= tag_len)) + { + status = (0 == wc_AesGcmDecryptFinal(&ctx->aes, tag, (word32)tag_len)) ? ATCA_SUCCESS : ATCA_FUNC_FAIL; if (ATCA_SUCCESS == status) { + *is_verified = true; } else @@ -506,23 +611,28 @@ ATCA_STATUS atcac_pk_init_pem( if (NULL != ctx && NULL != buf) { - int ecckey = 0; - /* coverity[misra_c_2012_rule_10_3_violation:FALSE] */ - int type = ECC_PRIVATEKEY_TYPE; word32 inOutIdx = 0; - DerBuffer* der = NULL; status = ATCA_FUNC_FAIL; - - if (pubkey) - { - type = ECC_PUBLICKEY_TYPE; - } + uint8_t derbuf[121] = { 0u }; //! ECC_SECP256R1 MAX DER size + size_t derbuflen = sizeof(derbuf); + int ret; if (buflen <= UINT32_MAX) { - int ret = PemToDer((const unsigned char*)buf, (long)buflen, type, &der, NULL, NULL, &ecckey); - if ((ret >= 0) && (der != NULL)) + if (TRUE == pubkey) + { + ret = wc_PubKeyPemToDer(buf, (int)buflen, derbuf, (int)derbuflen); + } + else { + ret = wc_KeyPemToDer(buf, (int)buflen, derbuf, (int)derbuflen, NULL); + } + + if ((ret >= 0)) + { + //! Update Der len + derbuflen = (size_t)ret; + ctx->ptr = wc_ecc_key_new(NULL); if (NULL != ctx->ptr) @@ -533,11 +643,11 @@ ATCA_STATUS atcac_pk_init_pem( { if (pubkey) { - ret = wc_EccPublicKeyDecode(der->buffer, &inOutIdx, (ecc_key*)ctx->ptr, der->length); + ret = wc_EccPublicKeyDecode(derbuf, &inOutIdx, (ecc_key*)ctx->ptr, (word32)derbuflen); } else { - ret = wc_EccPrivateKeyDecode(der->buffer, &inOutIdx, (ecc_key*)ctx->ptr, der->length); + ret = wc_EccPrivateKeyDecode(derbuf, &inOutIdx, (ecc_key*)ctx->ptr, (word32)derbuflen); } status = (0 == ret) ? ATCA_SUCCESS : ATCA_FUNC_FAIL; } @@ -731,7 +841,7 @@ ATCA_STATUS atcac_pk_derive( if ((*buflen <= UINT32_MAX) && (0u == private_ctx->key_type)) { - word32 temp_len = (word32)*buflen; + word32 temp_len = (word32) * buflen; ret = wc_ecc_shared_secret((ecc_key*)private_ctx->ptr, (ecc_key*)public_ctx->ptr, (byte*)buf, &temp_len); *buflen = temp_len; } @@ -779,7 +889,7 @@ ATCA_STATUS atcac_parse_der(struct atcac_x509_ctx** cert, cal_buffer* der) const unsigned char* in = der->buf; if (der->len <= UINT32_MAX) { - void** tmp = cert; + void** tmp = (void**)cert; WOLFSSL_X509** x509 = (WOLFSSL_X509**)tmp; /* coverity[misra_c_2012_rule_11_3_violation:FALSE] */ if (NULL != wolfSSL_d2i_X509((WOLFSSL_X509**)x509, &in, (int)der->len)) @@ -795,7 +905,7 @@ static WOLFSSL_X509* get_wssl_cert_from_atcac_ctx(const struct atcac_x509_ctx* c { /* coverity[cert_exp40_c_violation] wolf ssl api removes const qualifier which is out of scope */ /* coverity[misra_c_2012_rule_11_8_violation:FALSE] */ - WOLFSSL_X509* wssl_cert = (NULL != cert) ? &cert->ptr : NULL; + WOLFSSL_X509* wssl_cert = (NULL != cert) ? (WOLFSSL_X509*)(&cert->ptr) : NULL; return wssl_cert; } @@ -853,7 +963,7 @@ ATCA_STATUS atcac_get_subj_public_key(const struct atcac_x509_ctx* cert, cal_buf { word32 xlen = (word32)pubKeyEcc.dp->size; word32 ylen = (word32)pubKeyEcc.dp->size; - if (0 == wc_ecc_export_public_raw(&pubKeyEcc, (byte*)subj_public_key->buf, &xlen, + if (0 == wc_ecc_export_public_raw(&pubKeyEcc, (byte*)subj_public_key->buf, &xlen, (byte*)&subj_public_key->buf[pubKeyEcc.dp->size], &ylen)) { status = ATCA_SUCCESS; diff --git a/lib/wolfssl/atca_wolfssl_interface.h b/lib/wolfssl/atca_wolfssl_interface.h index 6403c2ad9..ce520abf0 100644 --- a/lib/wolfssl/atca_wolfssl_interface.h +++ b/lib/wolfssl/atca_wolfssl_interface.h @@ -80,13 +80,6 @@ #endif #endif /* ATCAC_AES_GCM_EN */ -/** \def ATCAC_AES_GCM_UPDATE_EN - * Indicates if this module is a provider of an AES-GCM Update implementation - */ -#ifndef ATCAC_AES_GCM_UPDATE_EN -#define ATCAC_AES_GCM_UPDATE_EN (DEFAULT_DISABLED) -#endif - /** \def ATCAC_PKEY_EN * Indicates if this module is a provider of a generic asymmetric cryptography * implementation */ diff --git a/license.txt b/license.txt index 3c4c6ad83..762419578 100644 --- a/license.txt +++ b/license.txt @@ -1,4 +1,4 @@ -(c) 2015-2023 Microchip Technology Inc. and its subsidiaries. +(c) 2015-2024 Microchip Technology Inc. and its subsidiaries. Subject to your compliance with these terms, you may use the Microchip Software and any derivatives exclusively with Microchip products. It is your diff --git a/package.xml b/package.xml index ebab0496a..6158c1a75 100644 --- a/package.xml +++ b/package.xml @@ -3,4 +3,4 @@ - + \ No newline at end of file diff --git a/package.yml b/package.yml new file mode 100644 index 000000000..15651d4c8 --- /dev/null +++ b/package.yml @@ -0,0 +1,12 @@ +package: + format-version: "1.0.0" + name: "cryptoauthlib" + type: "application" + status: "production" + required: true + version: "v3.7.4" + + dependencies: + - name: "csp" + type: "package" + version: "v3.14.0" \ No newline at end of file diff --git a/python/setup.py b/python/setup.py index 48a129a1a..457474830 100644 --- a/python/setup.py +++ b/python/setup.py @@ -139,7 +139,7 @@ def build_extension(self, ext): '-DATCA_USE_ATCAB_FUNCTIONS=ON'] if os.path.exists('../lib/talib' if not _sdist_build else 'lib/talib'): - cmake_args += ['-DATCA_TA100_SUPPORT=ON'] + cmake_args += ['-DATCA_TA100_SUPPORT=ON', '-DATCA_TA101_SUPPORT=ON'] if sys.platform.startswith('linux'): cmake_args += ['-DATCA_OPENSSL=ON'] else: diff --git a/release_notes.md b/release_notes.md index bb8ede3e5..3451df5dc 100644 --- a/release_notes.md +++ b/release_notes.md @@ -1,6 +1,24 @@ # Microchip Cryptoauthlib Release Notes +## Release v3.7.4 (03/08/2024) + +### New Features + - Updated wolfSSL interface `atcac` wrapper APIs usage for AES GCM encrypt/decrypt + similar to MbedTLS and openSSL library wrapper APIs + - Added package.yml file to support MPLAB Harmony metadata package format + +### Fixes + - Fixed calib_wakeup_i2c API to follow specified i2c wakeup sequence for ECC608 devices + - PKCS11 layer fixes/updates + - Lock usage optimization in pkcs11_find_continue API + - pkcs11_digest API updates for SHA context memory allocation + - pkcs11_token_set_pin API updates to write data based on generated GCM key size + - Fixed atcacert_get_comp_cert API to remove a redundant atcacert_date_enc_compcert call + - Resolved build warnings/issues in Windows, Linux and 8-bit (XC8) platforms + - wolfSSL's atcac_pk_init_pem wrapper API updates to use wc_ PEM to DER functions + - Fixed broken links in README.md files + ## Release v3.7.3 (01/31/2024) ### New Features diff --git a/test/api_atcab/atca_tests_aes.c b/test/api_atcab/atca_tests_aes.c index 3de09dead..83fcf13dc 100644 --- a/test/api_atcab/atca_tests_aes.c +++ b/test/api_atcab/atca_tests_aes.c @@ -386,8 +386,8 @@ t_test_case_info aes_basic_test_info[] = { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_decrypt_key_slot), atca_test_cond_ecc608 }, #endif #if TEST_ATCAB_AES_EN - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_encrypt_key_slot_simple), atca_test_cond_ta100 }, - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_decrypt_key_slot_simple), atca_test_cond_ta100 }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_encrypt_key_slot_simple), atca_test_cond_ta }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_decrypt_key_slot_simple), atca_test_cond_ta }, #endif /* Array Termination element*/ { (fp_test_case)NULL, NULL }, diff --git a/test/api_atcab/atca_tests_aes_cbc.c b/test/api_atcab/atca_tests_aes_cbc.c index 155f5cbe6..1a9f3b47b 100644 --- a/test/api_atcab/atca_tests_aes_cbc.c +++ b/test/api_atcab/atca_tests_aes_cbc.c @@ -472,14 +472,14 @@ t_test_case_info aes_cbc_basic_test_info[] = { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_encrypt_block), atca_test_cond_ecc608 }, { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_block), atca_test_cond_ecc608 }, #endif - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_encrypt_block_simple), atca_test_cond_ta100 }, - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_block_simple), atca_test_cond_ta100 }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_encrypt_block_simple), atca_test_cond_ta }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_block_simple), atca_test_cond_ta }, #ifdef TEST_ATCAB_AES_CBC_UPDATE_EN - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_encrypt_update_simple), atca_test_cond_ta100 }, - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_encrypt_update_chunks), atca_test_cond_ta100 }, - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_update_simple), atca_test_cond_ta100 }, - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_update_chunks), atca_test_cond_ta100 }, - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_padding_simple), atca_test_cond_ta100 }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_encrypt_update_simple), atca_test_cond_ta }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_encrypt_update_chunks), atca_test_cond_ta }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_update_simple), atca_test_cond_ta }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_update_chunks), atca_test_cond_ta }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_padding_simple), atca_test_cond_ta }, #endif /* TEST_ATCAB_AES_CBC_UPDATE_EN */ #endif /* TEST_ATCAB_AES_CBC_EN */ { (fp_test_case)NULL, NULL }, /* Array Termination element*/ diff --git a/test/api_atcab/atca_tests_aes_cmac.c b/test/api_atcab/atca_tests_aes_cmac.c index bb468e509..7a9df2894 100644 --- a/test/api_atcab/atca_tests_aes_cmac.c +++ b/test/api_atcab/atca_tests_aes_cmac.c @@ -119,7 +119,7 @@ t_test_case_info aes_cmac_basic_test_info[] = #ifdef ATCA_ATECC608_SUPPORT { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cmac), atca_test_cond_ecc608 }, #endif - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cmac_simple), atca_test_cond_ta100 }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cmac_simple), atca_test_cond_ta }, #endif /* TEST_ATCAB_AES_CMAC_EN */ { (fp_test_case)NULL, NULL }, /* Array Termination element*/ }; diff --git a/test/api_atcab/atca_tests_aes_ctr.c b/test/api_atcab/atca_tests_aes_ctr.c index e3c48ec8f..604a5afc7 100644 --- a/test/api_atcab/atca_tests_aes_ctr.c +++ b/test/api_atcab/atca_tests_aes_ctr.c @@ -319,9 +319,9 @@ t_test_case_info aes_ctr_basic_test_info[] = { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_ctr_decrypt_block), atca_test_cond_ecc608 }, { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_ctr_increment), atca_test_cond_ecc608 }, #endif - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_ctr_encrypt_block_simple), atca_test_cond_ta100 }, - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_ctr_decrypt_block_simple), atca_test_cond_ta100 }, - { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_ctr_increment_simple), atca_test_cond_ta100 }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_ctr_encrypt_block_simple), atca_test_cond_ta }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_ctr_decrypt_block_simple), atca_test_cond_ta }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_ctr_increment_simple), atca_test_cond_ta }, #endif /* TEST_ATCAB_AES_CTR_EN */ { (fp_test_case)NULL, NULL }, /* Array Termination element*/ }; diff --git a/test/api_atcab/atca_tests_aes_gcm.c b/test/api_atcab/atca_tests_aes_gcm.c index 2e05b5667..129f6163a 100644 --- a/test/api_atcab/atca_tests_aes_gcm.c +++ b/test/api_atcab/atca_tests_aes_gcm.c @@ -435,13 +435,17 @@ TEST(atca_cmd_basic_test, aes_gcm_encrypt_cavp_vectors) uint8_t line[255]; char *str, *name_value; uint8_t key[128], iv[128], pt[128], ct[128], aad[128]; - size_t key_size, iv_size; - uint32_t text_size, aad_size; + size_t key_size = 0; + size_t iv_size = 0; + uint32_t text_size =0; + uint32_t aad_size=0; uint16_t key_id = ATCA_TEMPKEY_KEYID; uint8_t aes_key_block = 0; uint8_t cal_tag[AES_DATA_SIZE]; size_t i; +#ifdef ATCA_PRINTF uint16_t test_count = 0; +#endif atca_aes_gcm_ctx_t ctx; check_config_aes_enable(); @@ -458,13 +462,13 @@ TEST(atca_cmd_basic_test, aes_gcm_encrypt_cavp_vectors) do { - if (NULL == (str = fgets(line, sizeof(line), req_file))) + if (NULL == (str = fgets((char *)line, sizeof(line), req_file))) { continue; } else { - size_t ln = strlen(line); + size_t ln = strlen((const char *)line); if (ln > 0 && line[ln - 2] == '\r') { line[ln - 1] = 0; @@ -474,25 +478,25 @@ TEST(atca_cmd_basic_test, aes_gcm_encrypt_cavp_vectors) fputs(str, rsp_file); if (!memcmp(str, "Key = ", strlen("Key = "))) { - name_value = &line[strlen("Key = ")]; + name_value = (char *)&line[strlen("Key = ")]; key_size = strlen(name_value) / 2; hex_to_data(name_value, key, key_size); } else if (!memcmp(str, "IV = ", strlen("IV = "))) { - name_value = &line[strlen("IV = ")]; + name_value = (char *)&line[strlen("IV = ")]; iv_size = strlen(name_value) / 2; hex_to_data(name_value, iv, iv_size); } else if (!memcmp(str, "PT = ", strlen("PT = "))) { - name_value = &line[strlen("PT = ")]; + name_value = (char *)&line[strlen("PT = ")]; text_size = (uint32_t)strlen(name_value) / 2; hex_to_data(name_value, pt, text_size); } else if (!memcmp(str, "AAD = ", strlen("AAD = "))) { - name_value = &line[strlen("AAD = ")]; + name_value = (char *)&line[strlen("AAD = ")]; aad_size = (uint32_t)strlen(name_value) / 2; hex_to_data(name_value, aad, aad_size); @@ -560,7 +564,9 @@ TEST(atca_cmd_basic_test, aes_gcm_decrypt_cavp_vectors) uint8_t aes_key_block = 0; size_t i; bool is_verified; +#ifdef ATCA_PRINTF uint16_t test_count = 0; +#endif atca_aes_gcm_ctx_t ctx; check_config_aes_enable(); @@ -577,13 +583,13 @@ TEST(atca_cmd_basic_test, aes_gcm_decrypt_cavp_vectors) do { - if (NULL == (str = fgets(line, sizeof(line), req_file))) + if (NULL == (str = fgets((char *)line, sizeof(line), req_file))) { continue; } else { - size_t ln = strlen(line); + size_t ln = strlen((char *)line); if (ln > 0 && line[ln - 2] == '\r') { line[ln - 1] = 0; @@ -593,31 +599,31 @@ TEST(atca_cmd_basic_test, aes_gcm_decrypt_cavp_vectors) fputs(str, rsp_file); if (!memcmp(str, "Key = ", strlen("Key = "))) { - name_value = &line[strlen("Key = ")]; + name_value = (char *)&line[strlen("Key = ")]; key_size = strlen(name_value) / 2; hex_to_data(name_value, key, key_size); } else if (!memcmp(str, "IV = ", strlen("IV = "))) { - name_value = &line[strlen("IV = ")]; + name_value = (char *)&line[strlen("IV = ")]; iv_size = strlen(name_value) / 2; hex_to_data(name_value, iv, iv_size); } else if (!memcmp(str, "CT = ", strlen("CT = "))) { - name_value = &line[strlen("CT = ")]; + name_value = (char *)&line[strlen("CT = ")]; text_size = (uint32_t)strlen(name_value) / 2; hex_to_data(name_value, ct, text_size); } else if (!memcmp(str, "AAD = ", strlen("AAD = "))) { - name_value = &line[strlen("AAD = ")]; + name_value = (char *)&line[strlen("AAD = ")]; aad_size = (uint32_t)strlen(name_value) / 2; hex_to_data(name_value, aad, aad_size); } else if (!memcmp(str, "Tag = ", strlen("Tag = "))) { - name_value = &line[strlen("Tag = ")]; + name_value = (char *)&line[strlen("Tag = ")]; tag_size = strlen(name_value) / 2; hex_to_data(name_value, tag, tag_size); diff --git a/test/api_atcab/atca_tests_buffer.c b/test/api_atcab/atca_tests_buffer.c index 876985b8b..d0e1566cf 100644 --- a/test/api_atcab/atca_tests_buffer.c +++ b/test/api_atcab/atca_tests_buffer.c @@ -39,13 +39,13 @@ void init_ref_array(uint8_t * buf, size_t len) for (i = 0U; i < len; i++) { - buf[i] = i; + buf[i] = (uint8_t)i; } } static unsigned int check_ref_array(uint8_t * buf, size_t len, size_t offset) { - unsigned int i; + size_t i; for (i = offset; i < len; i++) { @@ -54,7 +54,7 @@ static unsigned int check_ref_array(uint8_t * buf, size_t len, size_t offset) break; } } - return i - offset; + return (unsigned int)(i - offset); } static unsigned int check_array(uint8_t* buf, size_t len, uint8_t val) diff --git a/test/api_atcab/atca_tests_ecdh.c b/test/api_atcab/atca_tests_ecdh.c index 6e4634d46..d49f60985 100644 --- a/test/api_atcab/atca_tests_ecdh.c +++ b/test/api_atcab/atca_tests_ecdh.c @@ -284,7 +284,7 @@ t_test_case_info ecdh_basic_test_info[] = #if CALIB_ECDH_EN { REGISTER_TEST_CASE(atca_cmd_basic_test, ecdh), REGISTER_TEST_CONDITION(atca_cmd_basic_test, ecdh) }, #endif - { REGISTER_TEST_CASE(atca_cmd_basic_test, ecdh_simple), atca_test_cond_ta100 }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, ecdh_simple), atca_test_cond_ta }, #ifdef ATCA_ATECC608_SUPPORT { REGISTER_TEST_CASE(atca_cmd_basic_test, ecdh_protection_key), atca_test_cond_ecc608 }, #endif diff --git a/test/api_atcab/atca_tests_sha.c b/test/api_atcab/atca_tests_sha.c index 23b014a77..0a070e987 100644 --- a/test/api_atcab/atca_tests_sha.c +++ b/test/api_atcab/atca_tests_sha.c @@ -695,7 +695,7 @@ t_test_case_info sha_basic_test_info[] = { REGISTER_TEST_CASE(atca_cmd_basic_test, sha_context), atca_test_cond_ecc608 }, #endif #if TALIB_SHA_CONTEXT_EN - { REGISTER_TEST_CASE(atca_cmd_basic_test, sha_context_simple), atca_test_cond_ta100 }, + { REGISTER_TEST_CASE(atca_cmd_basic_test, sha_context_simple), atca_test_cond_ta }, #endif #endif /* TEST_ATCAB_SHA_EN */ diff --git a/test/api_atcab/atca_tests_verify.c b/test/api_atcab/atca_tests_verify.c index f5dafd462..76da8de65 100644 --- a/test/api_atcab/atca_tests_verify.c +++ b/test/api_atcab/atca_tests_verify.c @@ -267,7 +267,14 @@ TEST(atca_cmd_basic_test, verify_stored_on_reqrandom_set) TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); #if defined(ATCA_MBEDTLS) || defined(ATCA_OPENSSL) || defined(ATCA_WOLFSSL) - atcac_pk_ctx_t sign_ctx; + struct atcac_pk_ctx * sign_ctx; +#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) + sign_ctx = atcac_pk_ctx_new(); + TEST_ASSERT_NOT_NULL(sign_ctx); +#else + atcac_pk_ctx_t sign_ctx_inst; + sign_ctx = &sign_ctx_inst; +#endif uint8_t private_key_pem[] = "-----BEGIN EC PRIVATE KEY-----\n" "MHcCAQEEICFZhAyzqkUgyheo51bhg3mcp+qwfl+koE+Mhs/sRyzBoAoGCCqGSM49\n" @@ -278,11 +285,11 @@ TEST(atca_cmd_basic_test, verify_stored_on_reqrandom_set) size_t pubkey_len = sizeof(public_key); /* Initialization of a private key with a pem encoded key (without password) */ - status = atcac_pk_init_pem(&sign_ctx, private_key_pem, sizeof(private_key_pem), false); + status = atcac_pk_init_pem(sign_ctx, private_key_pem, sizeof(private_key_pem), false); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); /* Retrieve the public key */ - status = atcac_pk_public(&sign_ctx, public_key, &pubkey_len); + status = atcac_pk_public(sign_ctx, public_key, &pubkey_len); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); #else uint16_t private_key_id; @@ -320,7 +327,7 @@ TEST(atca_cmd_basic_test, verify_stored_on_reqrandom_set) // Sign the message #if defined(ATCA_MBEDTLS) || defined(ATCA_OPENSSL) || defined(ATCA_WOLFSSL) - status = atcac_pk_sign(&sign_ctx, nonce_params.temp_key->value, ATCA_SHA256_DIGEST_SIZE, signature, &sig_size); + status = atcac_pk_sign(sign_ctx, nonce_params.temp_key->value, ATCA_SHA256_DIGEST_SIZE, signature, &sig_size); #else // Only the 608 has the message digest buffer - other devices will invalidate tempkey status = atcab_sign(private_key_id, nonce_params.temp_key->value, signature); @@ -332,6 +339,15 @@ TEST(atca_cmd_basic_test, verify_stored_on_reqrandom_set) status = atcab_verify_stored_with_tempkey(signature, public_key_id, &is_verified); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); TEST_ASSERT(is_verified); + +#if defined(ATCA_MBEDTLS) || defined(ATCA_OPENSSL) || defined(ATCA_WOLFSSL) + status = atcac_pk_free(sign_ctx); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + #if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) + atcac_pk_ctx_free(sign_ctx); + #endif +#endif } #endif /* TEST_ATCAB_VERIFY_REQRANDOM_EN */ diff --git a/test/api_atcab/atca_tests_write.c b/test/api_atcab/atca_tests_write.c index a3f294f17..07c16d403 100644 --- a/test/api_atcab/atca_tests_write.c +++ b/test/api_atcab/atca_tests_write.c @@ -298,8 +298,8 @@ TEST(atca_cmd_basic_test, write_otp_zone) uint8_t config_chunk[4]; uint8_t new_otp[ATCA_OTP_SIZE]; uint8_t read_otp[ATCA_OTP_SIZE]; - int i; - int j; + size_t i; + size_t j; test_assert_config_is_locked(); test_assert_data_is_locked(); @@ -310,7 +310,7 @@ TEST(atca_cmd_basic_test, write_otp_zone) //initialize some data to try to write into OTP for (i = 0; i < ATCA_OTP_SIZE; i++) { - new_otp[i] = i; + new_otp[i] = (uint8_t)i; } //try to write - this shouldn't succeed @@ -333,21 +333,21 @@ TEST(atca_cmd_basic_test, write_otp_zone) TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); // Make sure we still have some bits we can change to 0 - for (i = 4; i < (int)sizeof(read_otp); i++) + for (i = 4; i < sizeof(read_otp); i++) { if (read_otp[i] != 0) { break; } } - if (i >= (int)sizeof(read_otp)) + if (i >= sizeof(read_otp)) { TEST_IGNORE_MESSAGE("OTP is already set to all zeros past byte 4, can't test."); } memcpy(new_otp, read_otp, sizeof(new_otp)); // Flip the first 1 bit to a zero - for (i = 4; i < (int)sizeof(new_otp); i++) + for (i = 4; i < sizeof(new_otp); i++) { if (new_otp[i] != 0) { @@ -671,53 +671,58 @@ TEST(atca_cmd_basic_test, write_config_zone) test_assert_config_is_unlocked(); - switch (gCfg->devtype) + if (atcab_is_ca_device(gCfg->devtype)) { + if (ATSHA204A == gCfg->devtype) + { #ifdef ATCA_ATSHA204A_SUPPORT - case ATSHA204A: - status = atcab_write_config_zone(sha204_default_config); - break; + status = atcab_write_config_zone(sha204_default_config); #endif - + } + else if ((ATECC108A == gCfg->devtype) || (ATECC508A == gCfg->devtype)) + { #if defined(ATCA_ATECC108A_SUPPORT) || defined(ATCA_ATECC508A_SUPPORT) - case ATECC108A: - case ATECC508A: - status = atcab_write_config_zone(test_ecc_configdata); - break; + status = atcab_write_config_zone(test_ecc_configdata); #endif + } + else + { #ifdef ATCA_ATECC608_SUPPORT - case ATECC608: - status = atcab_write_config_zone(test_ecc608_configdata); - break; + status = atcab_write_config_zone(test_ecc608_configdata); #endif + } + } + else if (atcab_is_ca2_device(gCfg->devtype)) + { + if ((ECC204 == gCfg->devtype) || (TA010 == gCfg->devtype)) + { #if defined(ATCA_ECC204_SUPPORT) || defined(ATCA_TA010_SUPPORT) - case ECC204: - case TA010: - status = atcab_write_config_zone(test_ecc204_configdata); - break; + status = atcab_write_config_zone(test_ecc204_configdata); #endif + } + else if (SHA104 == gCfg->devtype) + { #ifdef ATCA_SHA104_SUPPORT - case SHA104: - status = atcab_write_config_zone(test_sha104_configdata); - break; + status = atcab_write_config_zone(test_sha104_configdata); #endif + } + else + { #ifdef ATCA_SHA105_SUPPORT - case SHA105: - status = atcab_write_config_zone(test_sha105_configdata); - break; + status = atcab_write_config_zone(test_sha105_configdata); #endif + } + } + else if (atcab_is_ta_device(gCfg->devtype)) + { #if ATCA_TA_SUPPORT - case TA100: - /* fallthrough */ - case TA101: status = atcab_write_config_zone(test_ta10x_configdata); - break; #endif - - default: - break; } - + else + { + status = ATCA_NO_DEVICES; + } TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); } diff --git a/test/api_crypto/test_crypto_aes.c b/test/api_crypto/test_crypto_aes.c index a0cbf7f6c..a3bc4929f 100644 --- a/test/api_crypto/test_crypto_aes.c +++ b/test/api_crypto/test_crypto_aes.c @@ -51,13 +51,13 @@ TEST(atcac_aes, aes128_gcm_nist) uint8_t ciphertext[GCM_TEST_VECTORS_DATA_SIZE_MAX]; uint8_t plaintext[GCM_TEST_VECTORS_DATA_SIZE_MAX]; -#ifndef ATCA_WOLFSSL size_t ct_size; size_t pt_size; -#endif + uint8_t tag[AES_DATA_SIZE]; bool is_verified; struct atcac_aes_gcm_ctx * ctx; + #if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) ctx = atcac_aes_gcm_ctx_new(); #else @@ -73,14 +73,10 @@ TEST(atcac_aes, aes128_gcm_nist) } ////////////////////////////////////// Encryption ///////////////////////////////////////// - status = atcac_aes_gcm_encrypt_start(ctx, gcm_test_cases[test_index].key, 16, gcm_test_cases[test_index].iv, (uint8_t)gcm_test_cases[test_index].iv_size); + status = + atcac_aes_gcm_encrypt_start(ctx, gcm_test_cases[test_index].key, 16, gcm_test_cases[test_index].iv, (uint8_t)gcm_test_cases[test_index].iv_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#ifdef ATCA_WOLFSSL - status = atcac_aes_gcm_encrypt(ctx, gcm_test_cases[test_index].plaintext, gcm_test_cases[test_index].text_size, ciphertext, - tag, sizeof(tag), gcm_test_cases[test_index].aad, gcm_test_cases[test_index].aad_size); - TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#else //Add aad to gcm status = atcac_aes_gcm_aad_update(ctx, gcm_test_cases[test_index].aad, gcm_test_cases[test_index].aad_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -89,28 +85,27 @@ TEST(atcac_aes, aes128_gcm_nist) ct_size = GCM_TEST_VECTORS_DATA_SIZE_MAX; status = atcac_aes_gcm_encrypt_update(ctx, gcm_test_cases[test_index].plaintext, gcm_test_cases[test_index].text_size, ciphertext, &ct_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#endif + //Verify ciphertext with expected data if (gcm_test_cases[test_index].text_size > 0) { TEST_ASSERT_EQUAL_MEMORY(gcm_test_cases[test_index].ciphertext, ciphertext, gcm_test_cases[test_index].text_size); } -#ifndef ATCA_WOLFSSL //Calculate authentication tag status = atcac_aes_gcm_encrypt_finish(ctx, tag, sizeof(tag)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#endif + //Verify calculated tag TEST_ASSERT_EQUAL_MEMORY(gcm_test_cases[test_index].tag, tag, sizeof(tag)); -#ifndef ATCA_WOLFSSL // Repeat, but skip unused calls if (gcm_test_cases[test_index].aad_size == 0 || gcm_test_cases[test_index].text_size == 0) { //Initialize gcm ctx with IV - status = atcac_aes_gcm_encrypt_start(ctx, gcm_test_cases[test_index].key, 16, gcm_test_cases[test_index].iv, (uint8_t)gcm_test_cases[test_index].iv_size); + status = atcac_aes_gcm_encrypt_start(ctx, gcm_test_cases[test_index].key, 16, gcm_test_cases[test_index].iv, + (uint8_t)gcm_test_cases[test_index].iv_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); //Add aad to gcm @@ -133,20 +128,13 @@ TEST(atcac_aes, aes128_gcm_nist) //Verify calculated tag TEST_ASSERT_EQUAL_MEMORY(gcm_test_cases[test_index].tag, tag, sizeof(tag)); } -#endif - ////////////////////////////////////// Decryption ///////////////////////////////////////// //Initialize gcm ctx with IV - status = atcac_aes_gcm_decrypt_start(ctx, gcm_test_cases[test_index].key, 16, gcm_test_cases[test_index].iv, (uint8_t)gcm_test_cases[test_index].iv_size); + status = + atcac_aes_gcm_decrypt_start(ctx, gcm_test_cases[test_index].key, 16, gcm_test_cases[test_index].iv, (uint8_t)gcm_test_cases[test_index].iv_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#ifdef ATCA_WOLFSSL - status = atcac_aes_gcm_decrypt(ctx, gcm_test_cases[test_index].ciphertext, gcm_test_cases[test_index].text_size, plaintext, tag, sizeof(tag), - gcm_test_cases[test_index].aad, gcm_test_cases[test_index].aad_size, &is_verified); - TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#else - //Add aad to gcm status = atcac_aes_gcm_aad_update(ctx, gcm_test_cases[test_index].aad, gcm_test_cases[test_index].aad_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -155,25 +143,24 @@ TEST(atcac_aes, aes128_gcm_nist) pt_size = GCM_TEST_VECTORS_DATA_SIZE_MAX; status = atcac_aes_gcm_decrypt_update(ctx, gcm_test_cases[test_index].ciphertext, gcm_test_cases[test_index].text_size, plaintext, &pt_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#endif + //Verify plaintext with expected data if (gcm_test_cases[test_index].text_size > 0) { TEST_ASSERT_EQUAL_MEMORY(plaintext, gcm_test_cases[test_index].plaintext, gcm_test_cases[test_index].text_size); } -#ifndef ATCA_WOLFSSL status = atcac_aes_gcm_decrypt_finish(ctx, gcm_test_cases[test_index].tag, sizeof(tag), &is_verified); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#endif + TEST_ASSERT(is_verified); -#ifndef ATCA_WOLFSSL // Repeat, but skip unused calls if (gcm_test_cases[test_index].aad_size == 0 || gcm_test_cases[test_index].text_size == 0) { //Initialize gcm ctx with IV - status = atcac_aes_gcm_decrypt_start(ctx, gcm_test_cases[test_index].key, 16, gcm_test_cases[test_index].iv, (uint8_t)gcm_test_cases[test_index].iv_size); + status = atcac_aes_gcm_decrypt_start(ctx, gcm_test_cases[test_index].key, 16, gcm_test_cases[test_index].iv, + (uint8_t)gcm_test_cases[test_index].iv_size); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); //Add aad to gcm @@ -195,7 +182,6 @@ TEST(atcac_aes, aes128_gcm_nist) TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); TEST_ASSERT(is_verified); } -#endif } #if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) diff --git a/test/atca_test.c b/test/atca_test.c index df5b82973..62c8526cb 100644 --- a/test/atca_test.c +++ b/test/atca_test.c @@ -418,43 +418,36 @@ ATCA_STATUS atca_test_config_get_id(uint8_t test_type, uint16_t* handle) if (test_type && handle) { - switch (gCfg->devtype) + if (atcab_is_ca_device(gCfg->devtype)) { -#if ATCA_CA_SUPPORT - case ATSHA204A: - /* fallthrough */ - case ATECC108A: - /* fallthrough */ - case ATECC508A: - /* fallthrough */ - case ATECC608: + #if ATCA_CA_SUPPORT status = calib_config_get_slot_by_test(test_type, handle); - break; -#endif -#if defined(ATCA_TA010_SUPPORT) || defined(ATCA_ECC204_SUPPORT) - case TA010: - /* fallthrough */ - case ECC204: - status = calib_config_get_ecc204_slot_by_test(test_type, handle); - break; -#endif -#if defined(ATCA_SHA104_SUPPORT) || defined(ATCA_SHA105_SUPPORT) - case SHA104: - /* fallthrough */ - case SHA105: - status = calib_config_get_sha10x_slot_by_test(test_type, handle); - break; -#endif -#if ATCA_TA_SUPPORT - case TA100: - /* fallthrough */ - case TA101: - status = talib_config_get_handle_by_test(test_type, handle); - break; -#endif - default: + #endif + } + else if (atcab_is_ca2_device(gCfg->devtype)) + { + if (ECC204 == gCfg->devtype || TA010 == gCfg->devtype) + { + #if defined(ATCA_TA010_SUPPORT) || defined(ATCA_ECC204_SUPPORT) + status = calib_config_get_ecc204_slot_by_test(test_type, handle); + #endif + } + else + { + #if defined(ATCA_SHA104_SUPPORT) || defined(ATCA_SHA105_SUPPORT) + status = calib_config_get_sha10x_slot_by_test(test_type, handle); + #endif + } + } + else if (atcab_is_ta_device(gCfg->devtype)) + { + #if ATCA_TA_SUPPORT + status = talib_config_get_handle_by_test(test_type, handle); + #endif + } + else + { status = ATCA_UNIMPLEMENTED; - break; } } diff --git a/test/atca_test.h b/test/atca_test.h index 57714bdf4..2a19fa6f8 100644 --- a/test/atca_test.h +++ b/test/atca_test.h @@ -219,7 +219,7 @@ bool atca_test_cond_p256_sign(void); bool atca_test_cond_p256_sign_verify(void); bool atca_test_cond_aes128_ecb(void); bool atca_test_cond_ecc608(void); -bool atca_test_cond_ta100(void); +bool atca_test_cond_ta(void); bool atca_test_cond_ca2(void); /* Commands */ diff --git a/test/atca_test_config.c b/test/atca_test_config.c index 6121c87ab..fa294fb95 100644 --- a/test/atca_test_config.c +++ b/test/atca_test_config.c @@ -121,7 +121,7 @@ bool atca_test_cond_ecc608(void) } /** \brief Configured device is TA100 */ -bool atca_test_cond_ta100(void) +bool atca_test_cond_ta(void) { return atcab_is_ta_device(atca_test_get_device_type()); } diff --git a/test/atcacert/test_atcacert_client.c b/test/atcacert/test_atcacert_client.c index 636ce3913..01bf81159 100644 --- a/test/atcacert/test_atcacert_client.c +++ b/test/atcacert/test_atcacert_client.c @@ -667,7 +667,6 @@ TEST(atcacert_client, atcacert_get_subj) #if ATCA_TA_SUPPORT ta_element_attributes_t data_attr; uint16_t signer_cert_handle = 0x8800; - cal_buffer signer_cert_buf = CAL_BUF_INIT(sizeof(g_test_ecc256_ca_cert), g_test_ecc256_ca_cert); status = talib_handle_init_data(&data_attr, sizeof(g_test_ecc256_ca_cert)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -743,7 +742,6 @@ TEST(atcacert_client, atcacert_get_subj_pbkey) cert_sz = sizeof(g_test_ecc256_ca_cert); ta_element_attributes_t data_attr; uint16_t signer_cert_handle = 0x8800; - cal_buffer signer_cert_buf = CAL_BUF_INIT(sizeof(g_test_ecc256_ca_cert), g_test_ecc256_ca_cert); status = talib_handle_init_data(&data_attr, sizeof(g_test_ecc256_ca_cert)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -820,7 +818,6 @@ TEST(atcacert_client, atcacert_get_subj_pbkey_id) cert_sz = sizeof(g_test_ecc256_ca_cert); ta_element_attributes_t data_attr; uint16_t signer_cert_handle = 0x8800; - cal_buffer signer_cert_buf = CAL_BUF_INIT(sizeof(g_test_ecc256_ca_cert), g_test_ecc256_ca_cert); status = talib_handle_init_data(&data_attr, sizeof(g_test_ecc256_ca_cert)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -928,7 +925,6 @@ TEST(atcacert_client, atcacert_get_issue_date_test) memcpy(&issue_date_ref, &issue_date_ref_ta, sizeof(issue_date_ref_ta)); ta_element_attributes_t data_attr; uint16_t signer_cert_handle = 0x8800; - cal_buffer signer_cert_buf = CAL_BUF_INIT(sizeof(g_test_ecc256_ca_cert), g_test_ecc256_ca_cert); status = talib_handle_init_data(&data_attr, sizeof(g_test_ecc256_ca_cert)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); cert_sz = sizeof(g_test_ecc256_ca_cert); @@ -1035,7 +1031,6 @@ TEST(atcacert_client, atcacert_get_expiry_date) memcpy(&expiry_date_ref, &expiry_date_ref_ta, sizeof(expiry_date_ref_ta)); ta_element_attributes_t data_attr; uint16_t signer_cert_handle = 0x8800; - cal_buffer signer_cert_buf = CAL_BUF_INIT(sizeof(g_test_ecc256_ca_cert), g_test_ecc256_ca_cert); status = talib_handle_init_data(&data_attr, sizeof(g_test_ecc256_ca_cert)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -1116,7 +1111,6 @@ TEST(atcacert_client, atcacert_get_serial_num) cert_sz = sizeof(g_test_ecc256_ca_cert); ta_element_attributes_t data_attr; uint16_t signer_cert_handle = 0x8800; - cal_buffer signer_cert_buf = CAL_BUF_INIT(sizeof(g_test_ecc256_ca_cert), g_test_ecc256_ca_cert); status = talib_handle_init_data(&data_attr, sizeof(g_test_ecc256_ca_cert)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -1195,7 +1189,6 @@ TEST(atcacert_client, atcacert_get_auth_key_id_test) cert_sz = sizeof(g_test_ecc256_ca_cert); ta_element_attributes_t data_attr; uint16_t signer_cert_handle = 0x8800; - cal_buffer signer_cert_buf = CAL_BUF_INIT(sizeof(g_test_ecc256_ca_cert), g_test_ecc256_ca_cert); status = talib_handle_init_data(&data_attr, sizeof(g_test_ecc256_ca_cert)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); @@ -1269,7 +1262,6 @@ TEST(atcacert_client, atcacert_get_issuer_test) cert_sz = sizeof(g_test_ecc256_ca_cert); ta_element_attributes_t data_attr; uint16_t signer_cert_handle = 0x8800; - cal_buffer signer_cert_buf = CAL_BUF_INIT(sizeof(g_test_ecc256_ca_cert), g_test_ecc256_ca_cert); status = talib_handle_init_data(&data_attr, sizeof(g_test_ecc256_ca_cert)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); diff --git a/test/atcacert/test_atcacert_date.c b/test/atcacert/test_atcacert_date.c index b8f2349b0..3787c2807 100644 --- a/test/atcacert/test_atcacert_date.c +++ b/test/atcacert/test_atcacert_date.c @@ -409,7 +409,7 @@ TEST(atcacert_date_enc_posix_uint32_be, good) { int ret = 0; uint8_t ts_str[DATEFMT_POSIX_UINT32_BE_SIZE]; - const char ts_str_ref[sizeof(ts_str) + 1] = { 0x52, 0x7F, 0x4C, 0xF7 }; + const uint8_t ts_str_ref[sizeof(ts_str) + 1] = { 0x52, 0x7F, 0x4C, 0xF7 }; atcacert_tm_utc_t ts; set_tm(&ts, 2013, 11, 10, 9, 8, 7); @@ -437,7 +437,7 @@ TEST(atcacert_date_enc_posix_uint32_be, large) { int ret = 0; uint8_t ts_str[DATEFMT_POSIX_UINT32_BE_SIZE]; - const char ts_str_ref[sizeof(ts_str) + 1] = { 0xFE, 0xFD, 0xFC, 0xFB }; + const uint8_t ts_str_ref[sizeof(ts_str) + 1] = { 0xFE, 0xFD, 0xFC, 0xFB }; atcacert_tm_utc_t ts; set_tm(&ts, 2105, 7, 26, 13, 30, 35); @@ -452,7 +452,7 @@ TEST(atcacert_date_enc_posix_uint32_be, max) int ret = 0; uint8_t ts_str[DATEFMT_POSIX_UINT32_BE_SIZE]; atcacert_tm_utc_t ts; - const char ts_str_ref[sizeof(ts_str) + 1] = { 0xFF, 0xFF, 0xFF, 0xFE }; + const uint8_t ts_str_ref[sizeof(ts_str) + 1] = { 0xFF, 0xFF, 0xFF, 0xFE }; set_tm(&ts, 2106, 2, 7, 6, 28, 14); @@ -518,7 +518,7 @@ TEST(atcacert_date_enc_posix_uint32_le, good) { int ret = 0; uint8_t ts_str[DATEFMT_POSIX_UINT32_LE_SIZE]; - const char ts_str_ref[sizeof(ts_str) + 1] = { 0xF7, 0x4C, 0x7F, 0x52 }; + const uint8_t ts_str_ref[sizeof(ts_str) + 1] = { 0xF7, 0x4C, 0x7F, 0x52 }; atcacert_tm_utc_t ts; set_tm(&ts, 2013, 11, 10, 9, 8, 7); @@ -546,7 +546,7 @@ TEST(atcacert_date_enc_posix_uint32_le, large) { int ret = 0; uint8_t ts_str[DATEFMT_POSIX_UINT32_LE_SIZE]; - const char ts_str_ref[sizeof(ts_str) + 1] = { 0xFB, 0xFC, 0xFD, 0xFE }; + const uint8_t ts_str_ref[sizeof(ts_str) + 1] = { 0xFB, 0xFC, 0xFD, 0xFE }; atcacert_tm_utc_t ts; set_tm(&ts, 2105, 7, 26, 13, 30, 35); @@ -561,7 +561,7 @@ TEST(atcacert_date_enc_posix_uint32_le, max) int ret = 0; uint8_t ts_str[DATEFMT_POSIX_UINT32_LE_SIZE]; atcacert_tm_utc_t ts; - const char ts_str_ref[sizeof(ts_str) + 1] = { 0xFE, 0xFF, 0xFF, 0xFF }; + const uint8_t ts_str_ref[sizeof(ts_str) + 1] = { 0xFE, 0xFF, 0xFF, 0xFF }; set_tm(&ts, 2106, 2, 7, 6, 28, 14); @@ -1005,7 +1005,7 @@ TEST(atcacert_date_enc, posix_uint32_be) int ret = 0; uint8_t ts_str[DATEFMT_POSIX_UINT32_BE_SIZE + 1]; size_t ts_str_size = sizeof(ts_str); - const char ts_str_ref[sizeof(ts_str) - 1] = { 0x52, 0x7F, 0x4C, 0xF7 }; + const uint8_t ts_str_ref[sizeof(ts_str) - 1] = { 0x52, 0x7F, 0x4C, 0xF7 }; atcacert_tm_utc_t ts; set_tm(&ts, 2013, 11, 10, 9, 8, 7); @@ -1027,7 +1027,7 @@ TEST(atcacert_date_enc, posix_uint32_le) int ret = 0; uint8_t ts_str[DATEFMT_POSIX_UINT32_LE_SIZE + 1]; size_t ts_str_size = sizeof(ts_str); - const char ts_str_ref[sizeof(ts_str) - 1] = { 0xF7, 0x4C, 0x7F, 0x52 }; + const uint8_t ts_str_ref[sizeof(ts_str) - 1] = { 0xF7, 0x4C, 0x7F, 0x52 }; atcacert_tm_utc_t ts; set_tm(&ts, 2013, 11, 10, 9, 8, 7); @@ -2005,7 +2005,7 @@ TEST(atcacert_date_dec, small_buf) TEST(atcacert_date_dec, bad_format) { int ret = 0; - const uint8_t ts_str[DATEFMT_RFC5280_GEN_SIZE + 1]; + const uint8_t ts_str[DATEFMT_RFC5280_GEN_SIZE + 1] = {0}; size_t ts_str_size = sizeof(ts_str); atcacert_tm_utc_t ts; diff --git a/test/atcacert/test_atcacert_def.c b/test/atcacert/test_atcacert_def.c index 3e2642d6f..90b423c70 100644 --- a/test/atcacert/test_atcacert_def.c +++ b/test/atcacert/test_atcacert_def.c @@ -6833,7 +6833,7 @@ TEST(atcacert_get_device_data, flow) 0x19, 0x2a, 0x10, 0x51, 0x99, 0xae, 0x63, 0xfc, 0xeb, 0xd9, 0x33, 0xeb, 0x90, 0x25, 0x7d, 0x2e, 0xa9, 0x12, 0x89, 0xb5, 0xae, 0x90, 0x02, 0x7c, 0xbc, 0xb1, 0xc7, 0x44, 0x3a, 0x8a, 0x00, 0xbd, 0x15, 0xf2, 0xf5, 0x6f, 0x55, 0x01, 0xd1, 0x7a, 0xdf, 0xef, 0x48, 0x6b, 0x89, 0xf0, 0xc6, 0xaf, - 0xA9, 0x9D, 0x54, 0xC4, 0x8B, 0x10, 0x90, 0x00 + 0xA9, 0x9D, 0x5C, 0xC4, 0x8B, 0x10, 0x90, 0x00 }; atcacert_device_loc_t device_locs[4]; size_t device_locs_count = 0; diff --git a/test/atcacert/test_cert_def_1_signer.c b/test/atcacert/test_cert_def_1_signer.c index ce18d0ad0..4e374df23 100644 --- a/test/atcacert/test_cert_def_1_signer.c +++ b/test/atcacert/test_cert_def_1_signer.c @@ -60,7 +60,7 @@ const atcacert_def_t g_test_cert_def_1_signer = { .offset = 4, .count = 347 }, - .expire_years = 20, + .expire_years = 28, .public_key_dev_loc = { .zone = DEVZONE_DATA, .slot = 11, diff --git a/test/vectors/ecdsa_nist_vectors.c b/test/vectors/ecdsa_nist_vectors.c index 59191b4f0..51abd4cca 100644 --- a/test/vectors/ecdsa_nist_vectors.c +++ b/test/vectors/ecdsa_nist_vectors.c @@ -487,7 +487,7 @@ const ecdsa_p384_test_vector ecdsa_p384_s256_test_vectors[] = { const size_t ecdsa_p384_s256_test_vectors_count = sizeof(ecdsa_p384_s256_test_vectors) / sizeof(ecdsa_p384_test_vector); #endif -#ifdef ATCA_TA101_SUPPORT +#if TEST_VECTOR_SHA2_384_EN const ecdsa_p384_test_vector ecdsa_p384_test_vectors[] = { { { 0x41, 0x32, 0x83, 0x3a, 0x52, 0x5a, 0xec, 0xc8, 0xa1, 0xa6, 0xde, 0xa9, 0xf4, 0x7, 0x5f, 0x44, 0xfe, 0xef, 0xce, 0x81, 0xc, 0x46, 0x68, 0x42, 0x3b, 0x38, 0x58, 0x4, 0x17, 0xf7, 0xbd, 0xca, 0x5b, 0x21, 0x6, 0x1a, 0x45, 0xea, 0xa3, 0xcb, 0xe2, 0xa7, 0x3, 0x5e, 0xd1, 0x89, 0x52, 0x3a, 0xf8, 0x0, 0x2d, 0x65, 0xc2, 0x89, 0x9e, 0x65, 0x73, 0x5e, 0x4d, 0x93, 0xa1, 0x65, 0x3, 0xc1, 0x45, 0x5, 0x9f, 0x36, 0x5c, 0x32, 0xb3, 0xac, 0xc6, 0x27, 0xe, 0x29, 0xa0, 0x91, 0x31, 0x29, 0x91, 0x81, 0xc9, 0x8b, 0x3c, 0x76, 0x76, 0x9a, 0x18, 0xfa, 0xf2, 0x1f, 0x6b, 0x4a, 0x8f, 0x27, 0x1e, 0x6b, 0xf9, 0x8, 0xe2, 0x38, 0xaf, 0xe8, 0x0, 0x2e, 0x27, 0xc6, 0x34, 0x17, 0xbd, 0xa7, 0x58, 0xf8, 0x46, 0xe1, 0xe3, 0xb8, 0xe6, 0x2d, 0x7f, 0x5, 0xeb, 0xd9, 0x8f, 0x1f, 0x91, 0x54}, diff --git a/test/vectors/ecdsa_nist_vectors.h b/test/vectors/ecdsa_nist_vectors.h index 82fc6092a..e46707cf1 100644 --- a/test/vectors/ecdsa_nist_vectors.h +++ b/test/vectors/ecdsa_nist_vectors.h @@ -86,7 +86,7 @@ extern const ecdsa_p384_test_vector ecdsa_p384_s256_test_vectors[]; extern const size_t ecdsa_p384_s256_test_vectors_count; #endif -#ifdef ATCA_TA101_SUPPORT +#if TEST_VECTOR_SHA2_384_EN extern const ecdsa_p384_test_vector ecdsa_p384_test_vectors[]; extern const size_t ecdsa_p384_test_vectors_count; #endif diff --git a/test/vectors/vector_utils.c b/test/vectors/vector_utils.c index 46d5bd34d..dff5230d5 100644 --- a/test/vectors/vector_utils.c +++ b/test/vectors/vector_utils.c @@ -490,30 +490,6 @@ ATCA_STATUS load_sha_vector(sha_vector ** vector, size_t digest_size) return status; } -ATCA_STATUS load_aes_gcm_vector(aes_gcm_vector ** vector) -{ - ATCA_STATUS status = ATCA_BAD_PARAM; - aes_gcm_vector * v = NULL; - - do - { - int len_bits = 0; - size_t len = 0; - - - - } - while (false); - - -// [Keylen = 128] -// [IVlen = 96] -// [PTlen = 0] -// [AADlen = 128] -// [Taglen = 128] - return status; -} - typedef struct { /* Expected to be 0x03 or 0x10001*/ @@ -530,7 +506,6 @@ ATCA_STATUS load_rsa_vector(rsa_vector ** vector, size_t mod, char * hash_alg) do { - int len_bits = 0; size_t len = mod / 8; if (NULL == g_rsp_file || NULL == vector) diff --git a/test/vectors/vector_utils.h b/test/vectors/vector_utils.h index 4b062b8d0..1fdd5c4c5 100644 --- a/test/vectors/vector_utils.h +++ b/test/vectors/vector_utils.h @@ -137,8 +137,6 @@ typedef struct uint8_t data[]; } aes_gcm_vector; -ATCA_STATUS load_aes_gcm_vector(aes_gcm_vector ** vector); - /* ------------- RSA Vector Support ------------- */ diff --git a/third_party/CMakeLists-wolfssl.txt.in b/third_party/CMakeLists-wolfssl.txt.in index 339e55825..f731a91d5 100644 --- a/third_party/CMakeLists-wolfssl.txt.in +++ b/third_party/CMakeLists-wolfssl.txt.in @@ -4,8 +4,8 @@ project(wolfssl-download NONE) include(ExternalProject) ExternalProject_Add(wolfssl - URL "https://github.com/wolfSSL/wolfssl/archive/refs/tags/v4.8.1-stable.tar.gz" - URL_HASH "SHA256=50db45f348f47e00c93dd244c24108220120cb3cc9d01434789229c32937c444" + URL "https://github.com/wolfSSL/wolfssl/archive/refs/tags/v5.4.0-stable.tar.gz" + URL_HASH "SHA256=dc36cc19dad197253e5c2ecaa490c7eef579ad448706e55d73d79396e814098b" SOURCE_DIR "${CMAKE_BINARY_DIR}/downloaded/wolfssl" BINARY_DIR "" CONFIGURE_COMMAND "" diff --git a/third_party/wolfssl_settings.h.in b/third_party/wolfssl_settings.h.in index 173bb16f9..d3b38b6e1 100644 --- a/third_party/wolfssl_settings.h.in +++ b/third_party/wolfssl_settings.h.in @@ -18,12 +18,16 @@ #define WOLFSSL_PEM_TO_DER +#define WOLFSSL_PUB_PEM_TO_DER + #define WOLFSSL_VALIDATE_ECC_IMPORT #define WOLFSSL_AES_DIRECT #define HAVE_AESGCM +#define WOLFSSL_AESGCM_STREAM + #define WOLFSSL_CMAC #define NO_OLD_TLS