Release v3.7.4 (20240308)

.gitattributes

@@ -1 +1,2 @@
-*.pdf filter=lfs diff=lfs merge=lfs -text
+# Reinstate LFS if pdf sizes increase considerably in the future releases
+# *.pdf filter=lfs diff=lfs merge=lfs -text

.github/workflows/build.yml

@@ -43,7 +43,7 @@ jobs:
         env:
           CIBW_SKIP: "cp27-* cp36-* cp37-* pp37-* *-musllinux* pp*-macosx*"
           CIBW_MANYLINUX_X86_64_IMAGE: "manylinux_2_28"
-          CIBW_BEFORE_BUILD_LINUX: "yum update -y && yum install -y libusb-devel"
+          CIBW_BEFORE_BUILD_LINUX: "yum update -y && yum install -y libusbx-devel"
           CIBW_BUILD_VERBOSITY: 3
           CIBW_ARCHS_LINUX: "x86_64"
           CIBW_ARCHS_MACOS: "x86_64 arm64"

CMakeLists.txt

@@ -2,10 +2,10 @@ cmake_minimum_required(VERSION 3.1.0)
 project (cryptoauthlib C)
 
 # Set the current release version
-set(VERSION "3.7.3")
+set(VERSION "3.7.4")
 set(VERSION_MAJOR 3)
 set(VERSION_MINOR 7)
-set(VERSION_PATCH 3)
+set(VERSION_PATCH 4)
 
 # Build Options
 option(BUILD_TESTS "Create Test Application with library" OFF)

README.md

@@ -6,14 +6,14 @@ Introduction
 This library implements the APIs required to communicate with Microchip Security
 device. The family of devices supported currently are:
 
-|CryptoAuth                                      |CryptoAuth2                               ||
-|:----------------------------------------------:|:----------------------------------------:|:-------------------------------------:|
-|[ATECC608B](https://www.microchip.com/ATECC608B)|[ECC204](https://www.microchip.com/ECC204)
+|CryptoAuth                                      |CryptoAuth2                               |
+|-----------------------------------------------:|:-----------------------------------------|
+|[ATECC608B](https://www.microchip.com/ATECC608B)|[ECC204](https://www.microchip.com/ECC204)|
 |[ATECC608A](http://www.microchip.com/ATECC608A) |[ECC206](https://www.microchip.com/ECC206)|
 |[ATECC508A](http://www.microchip.com/ATECC508A) |[SHA104](https://www.microchip.com/SHA104)|
-|[ATECC108A](http://www.microchip.com/ATECC108A) |[SHA105](https://www.microchip.com/SHA105)|                                       |
-|[ATSHA204A](http://www.microchip.com/ATSHA204A) |[SHA106](https://www.microchip.com/SHA106)|                                       |
-|[ATSHA206A](https://www.microchip.com/ATSHA206A)|[RNG90](https://www.microchip.com/RNG90)  |                                       |
+|[ATECC108A](http://www.microchip.com/ATECC108A) |[SHA105](https://www.microchip.com/SHA105)|
+|[ATSHA204A](http://www.microchip.com/ATSHA204A) |[SHA106](https://www.microchip.com/SHA106)|
+|[ATSHA206A](https://www.microchip.com/ATSHA206A)|[RNG90](https://www.microchip.com/RNG90)  |
 
 The best place to start is with the [Microchip Trust Platform](https://www.microchip.com/design-centers/security-ics/trust-platform)
 
@@ -30,9 +30,12 @@ Prerequisite hardware to run CryptoAuthLib examples:
 Alternatively a Microchip MCU and Adapter Board:
   - [ATSAMR21 Xplained Pro]( http://www.microchip.com/atsamr21-xpro )
     or [ATSAMD21 Xplained Pro]( http://www.microchip.com/ATSAMD21-XPRO )
-  - [CryptoAuth Xplained Pro Extension](http://www.microchip.com/developmenttools/productdetails.aspx?partno=atcryptoauth-xpro-b )
-    or [CryptoAuthentication SOIC Socket Board](http://www.microchip.com/developmenttools/productdetails.aspx?partno=at88ckscktsoic-xpro )
+  - [CryptoAuthentication SOIC Socket Board](http://www.microchip.com/developmenttools/productdetails.aspx?partno=at88ckscktsoic-xpro )
     to accept SOIC parts
+  - [ATECC608B mikroBUS evaluation board](https://www.microchip.com/en-us/development-tool/DT100104)
+  - [ECC204 mikroBUS evaluation board](https://www.microchip.com/en-us/development-tool/ev92r58a)
+  - [SHA104/SHA105 mikroBUS evaluation board](https://www.microchip.com/en-us/development-tool/ev97m19a)
+  - [TA010 mikroBUS evaluation board](https://www.microchip.com/en-us/development-tool/EV74C12A)
 
 For most development, using socketed top-boards is preferable until your
 configuration is well tested, then you can commit it to a CryptoAuth Xplained
@@ -45,12 +48,6 @@ Examples
 
   - Install the [Trust Platform Design Suite](https://www.microchip.com/en-us/products/security/trust-platform ) to access Use Case examples 
     for the different Security Solutions (ATECC608, SHA104/105, ECC204, TA010, TA100…)
-  - Node Authentication Example Using Asymmetric PKI is a complete, all-in-one
-    example demonstrating all the stages of crypto authentication starting from
-    provisioning the Crypto Authentication device ATECC608/ATECC508A with keys
-    and certificates to demonstrating an authentication sequence using
-    asymmetric techniques.
-    http://www.microchip.com/SWLibraryWeb/product.aspx?product=CryptoAuthLib
 
 Configuration
 -----------

app/kit_host/ascii_kit_host.c

@@ -686,6 +686,8 @@ void kit_host_task(ascii_kit_host_context_t* ctx)
                 }
                 ctx->phy->send((void*)ctx->phy, ctx->buffer, txlen);
 
+                memset(ctx->buffer, '\0', sizeof(ctx->buffer));
+
                 ptr = ctx->buffer;
             }
         }

harmony/config/cryptoauthlib.py

@@ -38,6 +38,7 @@
 _TA_PATHS = ['atcacert/*', 'talib/*']
 _SHA206_PATHS = ['api_206a/*']
 _EXCL_FILES = ['atca_utils_sizes.c']
+_WOLFCRYPTO_FILES = ['wolfssl/*']
 
 def CALSecFileUpdate(symbol, event):
     symObj = event['symbol']
@@ -246,8 +247,7 @@ def onAttachmentConnected(source, target):
         calEnableWolfCrypto = srcComponent.getSymbolByID('CAL_ENABLE_WOLFCRYPTO')
         calEnableWolfCrypto.setValue(True)
 
-        WolfCrypto = srcComponent.getSymbolByID('CAL_FILE_SRC_WOLFSSL_WRAPPER')
-        WolfCrypto.setEnabled(True)
+        updateFileEnable(srcComponent, _WOLFCRYPTO_FILES, True)
 
         calTaEnableAesAuth = srcComponent.getSymbolByID('CAL_ENABLE_TA10x_AES_AUTH')
         calTaEnableAesAuth.setValue(True)
@@ -296,8 +296,7 @@ def onAttachmentDisconnected(source, target):
         WolfCrypto = srcComponent.getSymbolByID('CAL_ENABLE_WOLFCRYPTO')
         WolfCrypto.setValue(False)
 
-        WolfCrypto = srcComponent.getSymbolByID('CAL_FILE_SRC_WOLFSSL_WRAPPER')
-        WolfCrypto.setEnabled(False)
+        updateFileEnable(srcComponent, _WOLFCRYPTO_FILES, False)
 
         calTaEnableAesAuth = srcComponent.getSymbolByID('CAL_ENABLE_TA10x_AES_AUTH')
         calTaEnableAesAuth.setValue(False)
@@ -344,6 +343,10 @@ def instantiateComponent(calComponent):
         AddFilesDir(calComponent, 'app', search_path, 'library/cryptoauthlib/app',
             'config/{}/library/cryptoauthlib/app'.format(configName), enable=False)
 
+    for search_path in _WOLFCRYPTO_FILES:
+        AddFilesDir(calComponent, 'lib', search_path, 'library/cryptoauthlib',
+            'config/{}/library/cryptoauthlib'.format(configName), enable=False)
+
     # Add individual files
     for hal_file in _HAL_FILES:
         AddFilesDir(calComponent, 'lib/hal', hal_file, 'library/cryptoauthlib/hal',
@@ -844,15 +847,6 @@ def instantiateComponent(calComponent):
     calEnableWolfCrypto.setValue(False)
     calEnableWolfCrypto.setVisible(False)
 
-    calLibWolfSSLSrcFile = calComponent.createFileSymbol("CAL_FILE_SRC_WOLFSSL_WRAPPER", None)
-    calLibWolfSSLSrcFile.setSourcePath("lib/wolfssl/atca_wolfssl_interface.c")
-    calLibWolfSSLSrcFile.setOutputName("atca_wolfssl_interface.c")
-    calLibWolfSSLSrcFile.setDestPath("library/cryptoauthlib/wolfssl")
-    calLibWolfSSLSrcFile.setProjectPath("config/" + configName + "/library/cryptoauthlib/wolfssl/")
-    calLibWolfSSLSrcFile.setType('SOURCE')
-    calLibWolfSSLSrcFile.setEnabled(False)
-    calLibWolfSSLSrcFile.setDependencies(CALSecFileUpdate, ["CAL_NON_SECURE"])
-
     # Add HAL Drivers
     calLibI2cHalSrcFile = calComponent.createFileSymbol("CAL_FILE_SRC_HAL_I2C", None)
     calLibI2cHalSrcFile.setSourcePath("lib/hal/hal_i2c_harmony.c")

lib/atca_compiler.h

@@ -43,8 +43,8 @@
 #define ATCA_UINT32_HOST_TO_LE(x)  (x)
 #define ATCA_UINT16_HOST_TO_BE(x)  ((((x) & 0x00FF) << 8) | (((x) & 0xFF00) >> 8))
 #define ATCA_UINT16_BE_TO_HOST(x)  ((((x) & 0x00FF) << 8) | (((x) & 0xFF00) >> 8))
-#define ATCA_UINT32_HOST_TO_BE(x)  ((((x) & 0x000000FFU) << 24U) | (((x) & 0x0000FF00U) << 8U) | (((x) & 0x00FF0000U) >> 8U) | (((x) & 0xFF000000U) >> 24U))
-#define ATCA_UINT32_BE_TO_HOST(x)  ((((x) & 0x000000FFU) << 24U) | (((x) & 0x0000FF00U) << 8U) | (((x) & 0x00FF0000U) >> 8U) | (((x) & 0xFF000000U) >> 24U))
+#define ATCA_UINT32_HOST_TO_BE(x)  ((((x) & 0x000000FFUL) << 24U) | (((x) & 0x0000FF00UL) << 8U) | (((x) & 0x00FF0000UL) >> 8U) | (((x) & 0xFF000000UL) >> 24U))
+#define ATCA_UINT32_BE_TO_HOST(x)  ((((x) & 0x000000FFUL) << 24U) | (((x) & 0x0000FF00UL) << 8U) | (((x) & 0x00FF0000UL) >> 8U) | (((x) & 0xFF000000UL) >> 24U))
 #define ATCA_UINT64_HOST_TO_BE(x)  ((uint64_t)ATCA_UINT32_HOST_TO_BE((uint32_t)(x)) << 32 + (uint64_t)ATCA_UINT32_HOST_TO_BE((uint32_t)((x) >> 32)))
 #define ATCA_UINT64_BE_TO_HOST(x)  ((uint64_t)ATCA_UINT32_BE_TO_HOST((uint32_t)(x)) << 32 + (uint64_t)ATCA_UINT32_BE_TO_HOST((uint32_t)((x) >> 32)))
 #define SHARED_LIB_EXPORT
@@ -197,7 +197,7 @@
 
 #elif defined __ICCARM__
 /* IAR ARM ------------------------------------------- */
-#pragma diag_suppress=Pe161     //Unknown pragma warning
+#pragma diag_suppress=Pe161 //Unknown pragma warning
 
 #include <intrinsics.h>
 #if __LITTLE_ENDIAN__ == 0
@@ -256,4 +256,13 @@
 #define ATCA_PACKED     __attribute__ ((packed))
 #endif
 
+/** \def UNUSED_VAR
+ * Enables removal of compiler warning due to unused variables
+ */
+#ifdef ATCA_UNUSED_VAR_CHECK
+#define UNUSED_VAR(x)  ((void)(x))
+#else
+#define UNUSED_VAR(x)
+#endif
+
 #endif /* ATCA_COMPILER_H_ */

lib/atca_config_check.h

@@ -128,6 +128,13 @@
 #define ATCA_HEAP
 #endif 
 
+/** \def ATCA_UNUSED_VAR_CHECK
+ * Enables removal of compiler warning due to unused variables
+ */
+#ifndef ATCA_UNUSED_VAR_CHECK
+#define ATCA_UNUSED_VAR_CHECK   (DEFAULT_ENABLED)
+#endif
+
 /**** AES command ****/
 
 /** \def ATCAB_AES

lib/atca_version.h

@@ -30,9 +30,9 @@
 #define ATCA_VERSION_H
 
 // Version format yyyymmdd
-#define ATCA_LIBRARY_VERSION_DATE   "20240131"
+#define ATCA_LIBRARY_VERSION_DATE   "20240308"
 #define ATCA_LIBRARY_VERSION_MAJOR  3
 #define ATCA_LIBRARY_VERSION_MINOR  7
-#define ATCA_LIBRARY_VERSION_BUILD  3
+#define ATCA_LIBRARY_VERSION_BUILD  4
 
 #endif /* ATCA_VERSION_H */

lib/atcacert/atcacert_client.c

@@ -156,6 +156,8 @@ ATCA_STATUS atcacert_read_cert_ext(ATCADevice            device,
     atcacert_build_state_t build_state;
 #endif
 
+    UNUSED_VAR(ca_public_key[0]);
+
     if (cert_def == NULL || cert_size == NULL)
     {
         return ATCACERT_E_BAD_PARAMS;

lib/atcacert/atcacert_date.c

@@ -45,6 +45,7 @@ atcacert_date_format_t atcacert_date_from_asn1_tag(const uint8_t tag)
 
 #ifdef ATCA_MBEDTLS
     fmt = DATEFMT_RFC5280_GEN; //Mbedtls follows always "YYYY-MM-DD HH:MM:SS."
+    UNUSED_VAR(tag);
 #else
     switch (tag)
     {

lib/atcacert/atcacert_def.c

@@ -734,6 +734,7 @@ ATCA_STATUS atcacert_get_subject(const atcacert_def_t* cert_def,
             status = (NULL != cert_def->parsed) ? atcac_get_subject(*cert_def->parsed, cert_subj_buf) : ATCACERT_E_ERROR;
         }
 #else
+        UNUSED_VAR(cert_subj_buf);
         status = ATCA_UNIMPLEMENTED;
 #endif
     }
@@ -747,6 +748,9 @@ ATCA_STATUS atcacert_get_subj_public_key(const atcacert_def_t* cert_def,
 {
     ATCA_STATUS status = ATCACERT_E_BAD_PARAMS;
 
+    UNUSED_VAR(cert);
+    UNUSED_VAR(cert_size);
+
     if (NULL != cert_def && NULL != subj_public_key)
     {
 #if ATCACERT_INTEGRATION_EN
@@ -777,6 +781,9 @@ ATCA_STATUS atcacert_get_subj_key_id(const atcacert_def_t* cert_def,
 {
     ATCA_STATUS status = ATCACERT_E_BAD_PARAMS;
 
+    UNUSED_VAR(cert);
+    UNUSED_VAR(cert_size);
+
     if (NULL != cert_def && NULL != subj_key_id)
     {
 #if ATCACERT_INTEGRATION_EN
@@ -807,6 +814,9 @@ ATCA_STATUS atcacert_get_issuer(const atcacert_def_t*   cert_def,
 {
     ATCA_STATUS status = ATCACERT_E_BAD_PARAMS;
 
+    UNUSED_VAR(cert);
+    UNUSED_VAR(cert_size);
+
     if (NULL != cert_def && NULL != cert_issuer)
     {
     #if ATCACERT_INTEGRATION_EN
@@ -966,6 +976,9 @@ ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def,
     size_t formatted_date_size = 0;
     atcacert_date_format_t date_format = 0;
 
+    UNUSED_VAR(cert);
+    UNUSED_VAR(cert_size);
+
     do
     {
         if (cert_def == NULL || timestamp == NULL)
@@ -1072,6 +1085,9 @@ ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def,
     size_t formatted_date_size = 0;
     atcacert_date_format_t date_format = 0;
 
+    UNUSED_VAR(cert);
+    UNUSED_VAR(cert_size);
+
     do
     {
         if (cert_def == NULL || timestamp == NULL)
@@ -1510,6 +1526,9 @@ ATCA_STATUS atcacert_get_cert_sn(const atcacert_def_t* cert_def,
 {
     ATCA_STATUS status = ATCACERT_E_BAD_PARAMS;
 
+    UNUSED_VAR(cert);
+    UNUSED_VAR(cert_size);
+
     if (NULL != cert_def && NULL != cert_sn && NULL != cert_sn_size)
     {
     #if ATCACERT_INTEGRATION_EN
@@ -1608,6 +1627,9 @@ ATCA_STATUS atcacert_get_auth_key_id(const atcacert_def_t* cert_def,
 {
     ATCA_STATUS status = ATCACERT_E_BAD_PARAMS;
 
+    UNUSED_VAR(cert);
+    UNUSED_VAR(cert_size);
+
     if (NULL != cert_def && NULL != auth_key_id)
     {
     #if ATCACERT_INTEGRATION_EN
@@ -1760,11 +1782,6 @@ ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t* cert_def,
             break;
         }
 
-        if (ATCACERT_E_SUCCESS != (ret = atcacert_date_enc_compcert(&issue_date, cert_def->expire_years, &comp_cert[64])))
-        {
-            break;
-        }
-
         if (ATCACERT_E_SUCCESS != (ret = atcacert_get_signer_id(cert_def, cert, cert_size, &comp_cert[67])))
         {
             if (ret == ATCACERT_E_ELEM_MISSING)

lib/atcacert/atcacert_der.c

@@ -93,10 +93,10 @@ ATCA_STATUS atcacert_der_enc_length(size_t length, uint8_t* der_length, size_t*
         der_length[0] = 0x80u | (uint8_t)(der_length_size_calc - 1u);  // Set number of bytes octet with long-form flag
 
         // Encode length in big-endian format
-        for (l_exp = 1; l_exp <= (int)der_length_size_calc; l_exp++)
+        for (l_exp = 1; l_exp <= der_length_size_calc; l_exp++)
         {
 #ifdef ATCA_PLATFORM_BE
-            der_length[exp] = len_bytes[sizeof(length) - *der_length_size + exp];
+            der_length[l_exp] = len_bytes[sizeof(length) - *der_length_size + l_exp];
 #else
             der_length[l_exp] = len_bytes[der_length_size_calc - 1 - l_exp];
 #endif

lib/cal_buffer.c

@@ -693,6 +693,20 @@ ATCA_STATUS cal_buf_set(cal_buffer * dst, size_t dst_offset, uint8_t value, size
     return status;
 }
 
+/** \brief Initialize a cal buffer with constant pointer
+ * Returns the initialized cal buffer
+ */
+cal_buffer cal_buf_init_const_ptr(size_t len,const uint8_t* message)
+{
+    void **ptr = NULL;
+    /* coverity[cert_str30_c_violation] Implementation treats input attributes as constants */
+    void *lptr = &(message); 
+    (ptr) = lptr; 
+
+    cal_buffer init_buf = CAL_BUF_INIT(len,*ptr);
+    return init_buf;
+}
+
 #ifdef ATCA_PRINTF
 void cal_buf_print(cal_buffer * buf)
 {

lib/cal_buffer.h

@@ -78,7 +78,7 @@ typedef struct cal_buffer_s
         _Pragma("coverity compliance deviate 'MISRA C-2012 Rule 10.8'") \
         _Pragma("coverity compliance deviate 'MISRA C-2012 Rule 11.8'") \
         (size_t)s, (uint8_t*)b }
-    #endif
+    #endif 
 #else
     #if MULTIPART_BUF_EN
     #define CAL_BUF_INIT(s, b)           { (size_t)(s), (uint8_t*)(b), NULL }
@@ -101,6 +101,7 @@ ATCA_STATUS cal_buf_set(cal_buffer * dst, size_t dst_offset, uint8_t value, size
 
 ATCA_STATUS cal_buf_set_used(cal_buffer * buf, size_t used);
 size_t      cal_buf_get_used(cal_buffer * buf);
+cal_buffer cal_buf_init_const_ptr(size_t len,const uint8_t* message);
 
 #ifdef ATCA_PRINTF
 void cal_buf_print(cal_buffer * buf);