Release v3.5.1 (20230326)

CMakeLists.txt

@@ -2,10 +2,10 @@ cmake_minimum_required(VERSION 3.1.0)
 project (cryptoauthlib C)
 
 # Set the current release version
-set(VERSION "3.5.0")
+set(VERSION "3.5.1")
 set(VERSION_MAJOR 3)
 set(VERSION_MINOR 5)
-set(VERSION_PATCH 0)
+set(VERSION_PATCH 1)
 
 # Build Options
 option(BUILD_TESTS "Create Test Application with library" OFF)

harmony/config/device_instance.py

@@ -22,9 +22,9 @@
 * THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THIS SOFTWARE.
 *****************************************************************************"""
 
-_DEFAULT_I2C_ADDRESS = {'ecc': 0xC0, 'sha': 0xC8, 'ecc204': 0x66, 'ta100': 0x2e}
-_SWI_DEVICES = ['ATSHA204A', 'ATSHA206A', 'ATECC108A', 'ATECC508A', 'ATECC608', 'ECC204', 'TA010']
-_I2C_DEVICES = ['ATSHA204A', 'ATECC108A', 'ATECC508A', 'ATECC608', 'TA100', 'ECC204', 'TA010']
+_DEFAULT_I2C_ADDRESS = {'ecc': 0xC0, 'sha': 0xC8, 'ecc204': 0x66, 'ta100': 0x2e, 'sha104': 0x62, 'sha105': 0x64}
+_SWI_DEVICES = ['ATSHA204A', 'ATSHA206A', 'ATECC108A', 'ATECC508A', 'ATECC608', 'ECC204', 'TA010', 'SHA104']
+_I2C_DEVICES = ['ATSHA204A', 'ATECC108A', 'ATECC508A', 'ATECC608', 'TA100', 'ECC204', 'TA010', 'SHA104', 'SHA105']
 _SPI_DEVICES = ['TA100']
 
 caldevcfglist = []
@@ -187,6 +187,10 @@ def instantiateComponent(deviceComponent, index):
         deviceAddress.setDefaultValue(_DEFAULT_I2C_ADDRESS['ecc204'])
     elif 'ECC' in deviceID:
         deviceAddress.setDefaultValue(_DEFAULT_I2C_ADDRESS['ecc'])
+    elif 'SHA104' in deviceID:
+        deviceAddress.setDefaultValue(_DEFAULT_I2C_ADDRESS['sha104'])
+    elif 'SHA105' in deviceID:
+        deviceAddress.setDefaultValue(_DEFAULT_I2C_ADDRESS['sha105'])
     elif 'SHA' in deviceID:
         deviceAddress.setDefaultValue(_DEFAULT_I2C_ADDRESS['sha'])
     elif 'TA' in deviceID:

harmony/module.py

@@ -23,7 +23,7 @@
 
 import os
 
-_CALIB_SUPPORTED_DEVICES = ['ATECC108A', 'ATECC508A', 'ATECC608', 'ATSHA204A', 'ATSHA206A', 'ECC204', 'TA010']
+_CALIB_SUPPORTED_DEVICES = ['ATECC108A', 'ATECC508A', 'ATECC608', 'ATSHA204A', 'ATSHA206A', 'ECC204', 'TA010', 'SHA104', 'SHA105']
 _TALIB_SUPPORTED_DEVICES = ['TA100']
 
 def loadModule():
@@ -64,6 +64,7 @@ def loadModule():
         comp.addDependency("cryptoauthlib", "CA_LIB", True, False)
         if 'ATSHA206A' not in dev:
             comp.addMultiDependency('{}_DEP_PLIB_I2C'.format(dev.upper()), 'I2C', 'I2C', False)
+        if 'SHA105' not in dev:
         comp.addMultiDependency('{}_DEP_PLIB_SWI'.format(dev.upper()), 'UART', 'SWI', False)
 
     if os.path.exists(Module.getPath() + 'lib/talib/talib_basic.h'):

lib/CMakeLists.txt

@@ -45,6 +45,8 @@ option(ATCA_ATECC608_SUPPORT "Include support for ATECC608 device" ON)
 option(ATCA_TA100_SUPPORT "Include support for TA100 device" OFF)
 option(ATCA_ECC204_SUPPORT "Include support for ECC204 device" ON)
 option(ATCA_TA010_SUPPORT "Include support for TA010 device" ON)
+option(ATCA_SHA104_SUPPORT "Include support for SHA104 device" ON)
+option(ATCA_SHA105_SUPPORT "Include support for SHA105 device" ON)
 
 # RTOS Selection
 if (TARGET zephyr_interface)
@@ -110,7 +112,9 @@ source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${CRYPTO_SRC})
 source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${HOST_SRC})
 source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${JWT_SRC})
 source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${PKCS11_SRC})
+if(ATCA_TNGTLS_SUPPORT OR ATCA_TNGLORA_SUPPORT OR ATCA_TFLEX_SUPPORT)
 source_group("App/Tng" FILES ${TNG_SRC})
+endif()
 source_group("App/Wpc" FILES ${WPC_SRC})
 endif()
 
@@ -211,7 +215,7 @@ endif(ATCA_OPENSSL)
 
 if (ATCA_ATSHA204A_SUPPORT OR ATCA_ATSHA206A_SUPPORT OR
     ATCA_ATECC108A_SUPPORT OR ATCA_ATECC508A_SUPPORT OR
-    ATCA_ATECC608_SUPPORT OR ATCA_ECC204_SUPPORT OR ATCA_TA010_SUPPORT)
+    ATCA_ATECC608_SUPPORT OR ATCA_ECC204_SUPPORT OR ATCA_TA010_SUPPORT OR ATCA_SHA104_SUPPORT OR ATCA_SHA105_SUPPORT)
 set(LIB_SRC ${LIB_SRC} ${CALIB_SRC} ${HOST_SRC})
 endif()
 
@@ -223,12 +227,15 @@ if (ATCA_TA100_SUPPORT)
 set(LIB_SRC ${LIB_SRC} ${TALIB_SRC})
 endif()
 
+if (ATCA_TNGTLS_SUPPORT OR ATCA_TNGLORA_SUPPORT OR ATCA_TFLEX_SUPPORT)
+set(LIB_SRC ${LIB_SRC} ${TNG_SRC})
+endif()
+
 # Add the basic sources to the library
 set(CRYPTOAUTH_SRC ${LIB_SRC}
                    ${ATCACERT_SRC}
                    ${CRYPTO_SRC}
                    ${JWT_SRC}
-                   ${TNG_SRC}
                    ${MBEDTLS_SRC}
                    ${WOLFSSL_SRC}
                    ${OPENSSL_SRC}

lib/atca_basic.c

@@ -837,6 +837,38 @@ ATCA_STATUS atcab_checkmac(uint8_t mode, uint16_t key_id, const uint8_t* challen
     }
     return status;
 }
+
+/** \brief Compares a MAC response with input values.SHA105 device can generate optional mac
+ *         Output response mac mode only supports in SHA105 device
+ *	\param[in] mode        Controls which fields within the device are used in
+ *                         the message
+ *	\param[in] challenge   Challenge data (32 bytes)
+ *	\param[in] response    MAC response data (32 bytes)
+ *	\param[in] other_data  OtherData parameter (13 bytes)
+ *	\param[out] mac        MAC response (32 bytes)
+ *  \return ATCA_SUCCESS on success, otherwise an error code.
+ */
+ATCA_STATUS atcab_checkmac_with_response_mac(uint8_t mode, const uint8_t* challenge, const uint8_t* response, const uint8_t* other_data, uint8_t *mac)
+{
+    ATCA_STATUS status = ATCA_UNIMPLEMENTED;
+    ATCADeviceType dev_type = atcab_get_device_type();
+
+    if (SHA105 == dev_type)
+    {
+#ifdef ATCA_SHA105_SUPPORT
+        status = calib_checkmac_with_response_mac(_gDevice, mode, challenge, response, other_data, mac);
+#endif
+    }
+    else if (atcab_is_ta_device(dev_type))
+    {
+        status = ATCA_UNIMPLEMENTED;
+    }
+    else
+    {
+        status = ATCA_NOT_INITIALIZED;
+    }
+    return status;
+}
 #endif /* ATCAB_CHECKMAC */
 
 /* Counter command */
@@ -1231,6 +1263,34 @@ ATCA_STATUS atcab_gendig(uint8_t zone, uint16_t key_id, const uint8_t* other_dat
     }
     return status;
 }
+
+/** \brief Issues a GenDivKey command to generate the equivalent diversified key as that programmed into the
+ *         client side device
+ *  \param[in] device           Device context pointer
+ *  \param[in] other_data       Must match data used when generating the diversified key in the client device
+ *  \return ATCA_SUCCESS on success, otherwise an error code.
+ */
+ATCA_STATUS atcab_gendivkey(const uint8_t* other_data)
+{
+    ATCA_STATUS status = ATCA_UNIMPLEMENTED;
+    ATCADeviceType dev_type = atcab_get_device_type();
+
+    if (SHA105 == dev_type)
+    {
+#ifdef ATCA_SHA105_SUPPORT
+        status = calib_sha105_gendivkey(_gDevice, other_data);
+#endif
+    }
+    else if (atcab_is_ta_device(dev_type))
+    {
+        status = ATCA_UNIMPLEMENTED;
+    }
+    else
+    {
+        status = ATCA_NOT_INITIALIZED;
+    }
+    return status;
+}
 #endif /* ATCAB_GENDIG */
 
 /* GenKey command */
@@ -1493,7 +1553,7 @@ ATCA_STATUS atcab_info_lock_status(uint16_t param2, uint8_t *is_locked)
 }
 
 /** \brief Use the Info command to get the chip status
- *  \param[out]  chip status  returns chip status here
+ *  \param[out]  chip_status  returns chip status here
  *
  *  \return ATCA_SUCCESS on success, otherwise an error code.
  */

lib/atca_basic.h

@@ -104,6 +104,7 @@ ATCA_STATUS atcab_aes_gcm_decrypt_finish(atca_aes_gcm_ctx_t* ctx, const uint8_t*
 
 /* CheckMAC command */
 ATCA_STATUS atcab_checkmac(uint8_t mode, uint16_t key_id, const uint8_t* challenge, const uint8_t* response, const uint8_t* other_data);
+ATCA_STATUS atcab_checkmac_with_response_mac(uint8_t mode, const uint8_t* challenge, const uint8_t* response, const uint8_t* other_data, uint8_t *mac);
 
 /* Counter command */
 ATCA_STATUS atcab_counter(uint8_t mode, uint16_t counter_id, uint32_t* counter_value);
@@ -130,6 +131,9 @@ ATCA_STATUS atcab_ecdh_tempkey_ioenc(const uint8_t* public_key, uint8_t* pms, co
 // GenDig command functions
 ATCA_STATUS atcab_gendig(uint8_t zone, uint16_t key_id, const uint8_t* other_data, uint8_t other_data_size);
 
+// GenDivKey command functions
+ATCA_STATUS atcab_gendivkey(const uint8_t* other_data);
+
 // GenKey command functions
 ATCA_STATUS atcab_genkey_base(uint8_t mode, uint16_t key_id, const uint8_t* other_data, uint8_t* public_key);
 ATCA_STATUS atcab_genkey(uint16_t key_id, uint8_t* public_key);
@@ -168,7 +172,6 @@ ATCA_STATUS atcab_nonce_load(uint8_t target, const uint8_t* num_in, uint16_t num
 ATCA_STATUS atcab_nonce_rand(const uint8_t* num_in, uint8_t* rand_out);
 ATCA_STATUS atcab_challenge(const uint8_t* num_in);
 ATCA_STATUS atcab_challenge_seed_update(const uint8_t* num_in, uint8_t* rand_out);
-ATCA_STATUS atcab_nonce_gen_session_key(uint16_t param2, const uint8_t* num_in, uint8_t* rand_out);
 
 // PrivWrite command functions
 #if defined(ATCA_USE_CONSTANT_HOST_NONCE)

lib/atca_cfgs.c

@@ -277,4 +277,7 @@ ATCAIfaceCfg cfg_ta010_kithid_default = {
     }
 };
 #endif
+
+
+
 /** @} */

lib/atca_config.h.in

@@ -21,6 +21,8 @@
 #cmakedefine ATCA_TA100_SUPPORT
 #cmakedefine ATCA_ECC204_SUPPORT
 #cmakedefine ATCA_TA010_SUPPORT
+#cmakedefine ATCA_SHA104_SUPPORT
+#cmakedefine ATCA_SHA105_SUPPORT
 
 /** Device Override - Library Assumes ATECC608B support in checks */
 #cmakedefine ATCA_ATECC608A_SUPPORT

lib/atca_config_check.h

@@ -39,7 +39,7 @@
 #include "atca_config.h"
 
 /* Configuration Macros to detect device classes */
-#if defined(ATCA_ATSHA204A_SUPPORT) || defined(ATCA_ATSHA206A_SUPPORT)
+#if defined(ATCA_ATSHA204A_SUPPORT) || defined(ATCA_ATSHA206A_SUPPORT) || defined(ATCA_SHA104_SUPPORT) || defined(ATCA_SHA105_SUPPORT)
 #define ATCA_SHA_SUPPORT    1
 #endif
 
@@ -55,7 +55,7 @@
 #endif
 
 /* Support for a second generation of cryptoauth parts */
-#if defined(ATCA_ECC204_SUPPORT) || defined(ATCA_TA010_SUPPORT)
+#if defined(ATCA_ECC204_SUPPORT) || defined(ATCA_TA010_SUPPORT) || defined(ATCA_SHA104_SUPPORT) || defined(ATCA_SHA105_SUPPORT)
 #define ATCA_CA2_SUPPORT    DEFAULT_ENABLED
 #else
 #define ATCA_CA2_SUPPORT    DEFAULT_DISABLED

lib/atca_iface.c

@@ -603,6 +603,12 @@ static const devtype_names_t devtype_names[] = {
 #ifdef ATCA_TA010_SUPPORT
     { TA010,            "ta010" },
 #endif
+#ifdef ATCA_SHA104_SUPPORT
+    { SHA104,           "sha104" },
+#endif
+#ifdef ATCA_SHA105_SUPPORT
+    { SHA105,           "sha105" },
+#endif
 #ifdef ATCA_TA100_SUPPORT
     { TA100,            "ta100"  },
 #endif

lib/atca_utils_sizes.c

@@ -26,11 +26,12 @@
  */
 
 #include "cryptoauthlib.h"
+#include "atcacert/atcacert_check_config.h"
 
 #define SIZE_OF_API_T(x)  size_t x ## _size(void); size_t x ## _size(void) { return sizeof( x ); }
 #define SIZE_OF_API_S(x)  size_t x ## _size(void); size_t x ## _size(void) { return sizeof(struct x ); }
 
-#if ATCA_CA_SUPPORT
+#if ATCACERT_COMPCERT_EN
 #include "atcacert/atcacert_date.h"
 #include "atcacert/atcacert_def.h"
 /* atcacert_date.h */

lib/atca_version.h

@@ -30,9 +30,9 @@
 #define _ATCA_VERSION_H
 
 // Version format yyyymmdd
-#define ATCA_LIBRARY_VERSION_DATE   "20230314"
+#define ATCA_LIBRARY_VERSION_DATE   "20230326"
 #define ATCA_LIBRARY_VERSION_MAJOR  3
 #define ATCA_LIBRARY_VERSION_MINOR  5
-#define ATCA_LIBRARY_VERSION_BUILD  0
+#define ATCA_LIBRARY_VERSION_BUILD  1
 
 #endif /* _ATCA_VERSION_H */

lib/atcacert/atcacert_check_config.h

@@ -30,6 +30,9 @@
 /* The atcacert_ module is only set up to work with classic cryptoauth devices */
 #include "calib/calib_config_check.h"
 
+#ifndef ATCACERT_COMPCERT_EN
+#define ATCACERT_COMPCERT_EN                CALIB_ECC_SUPPORT
+#endif
 
 #ifndef ATCACERT_HW_CHALLENGE_EN
 #define ATCACERT_HW_CHALLENGE_EN            CALIB_RANDOM_EN

lib/atcacert/atcacert_client.c

@@ -35,6 +35,8 @@
 #include "cryptoauthlib.h"
 #include "calib/calib_basic.h"
 
+#if ATCACERT_COMPCERT_EN
+
 #if ATCAB_WRITE_EN
 // Perform floor integer division (-1 / 2 == -1) instead of truncate towards zero (-1 / 2 == 0)
 static int floor_div(int a, int b)
@@ -446,3 +448,5 @@ int atcacert_read_cert_size(const atcacert_def_t* cert_def,
 
     return ret;
 }
+
+#endif

lib/atcacert/atcacert_date.c

@@ -28,6 +28,7 @@
 #include <string.h>
 #include "atcacert_date.h"
 
+#if ATCACERT_COMPCERT_EN
 
 const size_t ATCACERT_DATE_FORMAT_SIZES[ATCACERT_DATE_FORMAT_SIZES_COUNT] = {
     DATEFMT_ISO8601_SEP_SIZE,
@@ -1128,3 +1129,5 @@ int atcacert_date_dec_compcert(const uint8_t          enc_dates[3],
 
     return ATCACERT_E_SUCCESS;
 }
+
+#endif

lib/atcacert/atcacert_def.c

@@ -33,6 +33,8 @@
 #include <string.h>
 #include "atca_helpers.h"
 
+#if ATCACERT_COMPCERT_EN
+
 #define ATCACERT_MIN(x, y) ((x) < (y) ? (x) : (y))
 #define ATCACERT_MAX(x, y) ((x) >= (y) ? (x) : (y))
 
@@ -1776,3 +1778,5 @@ int atcacert_max_cert_size(const atcacert_def_t* cert_def,
 
     return ATCACERT_E_SUCCESS;
 }
+
+#endif

lib/atcacert/atcacert_der.c

@@ -29,6 +29,8 @@
 #include "atcacert_der.h"
 #include <string.h>
 
+#if ATCACERT_COMPCERT_EN
+
 int atcacert_der_enc_length(uint32_t length, uint8_t* der_length, size_t* der_length_size)
 {
     size_t der_length_size_calc = 0;
@@ -554,3 +556,5 @@ int atcacert_der_dec_ecdsa_sig_value(const uint8_t* der_sig,
 
     return ATCACERT_E_SUCCESS;
 }
+
+#endif

lib/atcacert/atcacert_host_hw.c

@@ -30,7 +30,7 @@
 #include "crypto/atca_crypto_sw_sha2.h"
 
 
-#if ATCACERT_HW_VERIFY_EN
+#if ATCACERT_HW_VERIFY_EN && ATCACERT_COMPCERT_EN
 int atcacert_verify_cert_hw(const atcacert_def_t* cert_def,
                             const uint8_t*        cert,
                             size_t                cert_size,

lib/atcacert/atcacert_host_sw.c

@@ -28,7 +28,7 @@
 #include "atcacert_host_sw.h"
 #include "crypto/atca_crypto_sw.h"
 
-#if ATCAC_VERIFY_EN
+#if ATCAC_VERIFY_EN && ATCACERT_COMPCERT_EN
 int atcacert_verify_cert_sw(const atcacert_def_t* cert_def,
                             const uint8_t*        cert,
                             size_t                cert_size,

lib/atcacert/atcacert_pem.c

@@ -32,6 +32,8 @@
 #include "atcacert_pem.h"
 #include "atca_helpers.h"
 
+#if ATCACERT_COMPCERT_EN
+
 int atcacert_encode_pem(const uint8_t* der,
                         size_t         der_size,
                         char*          pem,
@@ -195,3 +197,5 @@ int atcacert_decode_pem_csr(const char* pem_csr, size_t pem_csr_size, uint8_t* d
         PEM_CSR_BEGIN,
         PEM_CSR_END);
 }
+
+#endif