From 4c6689a2f849b98b7ca31f34c0fd1668c1a15803 Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Fri, 23 Feb 2018 14:03:12 +0100 Subject: [PATCH] cryptoauthlib: add new cryptochip-cmd-processor test app https://jira.digi.com/browse/DEL-5763 Signed-off-by: Gabriel Valcazar --- ...-cmd-processor-application-along-wit.patch | 50 ++ ...ry-code-from-cryptochip-cmd-processo.patch | 454 ++++++++++++++++++ .../cryptoauthlib/cryptoauthlib_git.bb | 2 + 3 files changed, 506 insertions(+) create mode 100644 meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0003-Build-cryptochip-cmd-processor-application-along-wit.patch create mode 100644 meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0004-Remove-unnecessary-code-from-cryptochip-cmd-processo.patch diff --git a/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0003-Build-cryptochip-cmd-processor-application-along-wit.patch b/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0003-Build-cryptochip-cmd-processor-application-along-wit.patch new file mode 100644 index 000000000..e25c35d85 --- /dev/null +++ b/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0003-Build-cryptochip-cmd-processor-application-along-wit.patch @@ -0,0 +1,50 @@ +From: Gabriel Valcazar +Date: Mon, 26 Feb 2018 11:42:50 +0100 +Subject: [PATCH 1/2] Build cryptochip-cmd-processor application along with the + library + +This new test application is more complete than ecc-test-main. It includes a +command line with different test runs for the chip's basic functionality, +helper functions, certificate functions and allows the configuration to be +read, among other things. + +Hardcode the app to use the ATECC508A and remove all code that is specific for +other chips. + +https://jira.digi.com/browse/DEL-5763 + +Signed-off-by: Gabriel Valcazar +--- + Makefile | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index a471428..c57b1bf 100644 +--- a/Makefile ++++ b/Makefile +@@ -7,7 +7,7 @@ SUBDIRS= lib test + + .PHONY: tgt_lib tgt_test clean + +-all: tgt_lib tgt_test ecc-test ++all: tgt_lib tgt_test ecc-test cmd-processor + + %.o: %.c + $(CC) $(CFLAGS) -o $@ -c $< +@@ -22,11 +22,15 @@ ecc-test: tgt_lib tgt_test + $(CC) -c ecc-test-main.c $(CFLAGS) $(LDFLAGS) -I ./lib/ -I ./test/ + $(CC) -o ecc-test-main ecc-test-main.o $(LDFLAGS) test/tls/atcatls_tests.o -L lib -L test -lm -lc -lrt -lcryptoauth -lunity + ++cmd-processor: tgt_lib tgt_test ++ $(CC) -o cryptochip-cmd-processor test/*.o $(LDFLAGS) test/*/*.o -L lib -L test -lcryptoauth ++ + install: + for a in $(SUBDIRS); do $(MAKE) -C $$a $@; done + install -d $(DESTDIR)/usr/bin + install -m 0755 ecc-test-main $(DESTDIR)/usr/bin/ ++ install -m 0755 cryptochip-cmd-processor $(DESTDIR)/usr/bin + + clean: +- rm -f *.o *.a ecc-test-main ++ rm -f *.o *.a ecc-test-main cryptochip-cmd-processor + $(foreach subdir,$(basename $(SUBDIRS)),$(MAKE) -w -C $(subdir) clean;) diff --git a/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0004-Remove-unnecessary-code-from-cryptochip-cmd-processo.patch b/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0004-Remove-unnecessary-code-from-cryptochip-cmd-processo.patch new file mode 100644 index 000000000..cd9f30cf1 --- /dev/null +++ b/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib/0004-Remove-unnecessary-code-from-cryptochip-cmd-processo.patch @@ -0,0 +1,454 @@ +From: Gabriel Valcazar +Date: Fri, 23 Feb 2018 13:50:29 +0100 +Subject: [PATCH 2/2] Remove unnecessary code from cryptochip-cmd-processor + +Some test commands apply to chips other than the ATECC508A, and can cause +errors when used incorrectly. Remove all code that doesn't apply to our +platforms. + +https://jira.digi.com/browse/DEL-5763 + +Signed-off-by: Gabriel Valcazar +--- + test/cmd-processor.c | 348 ++------------------------------------------------- + 1 file changed, 13 insertions(+), 335 deletions(-) + +diff --git a/test/cmd-processor.c b/test/cmd-processor.c +index c8c60e0..592157e 100644 +--- a/test/cmd-processor.c ++++ b/test/cmd-processor.c +@@ -92,10 +92,6 @@ static void sernum(void); + static void discover(void); + static void select_device(ATCADeviceType device_type); + static int run_test(void* fptest); +-static void select_204(void); +-static void select_108(void); +-static void select_508(void); +-static void select_608(void); + static void run_basic_tests(void); + static void run_unit_tests(void); + static void run_otpzero_tests(void); +@@ -103,20 +99,11 @@ static void run_helper_tests(void); + static void help(void); + static int parse_cmd(const char *command); + static void run_all_tests(void); +-static ATCA_STATUS set_chip_mode(uint8_t i2c_user_extra_add, uint8_t ttl_enable, uint8_t watchdog, uint8_t clock_divider); +-static void set_clock_divider_m0(void); +-static void set_clock_divider_m1(void); +-static void set_clock_divider_m2(void); + + static const char* argv[] = { "manual", "-v" }; + static t_menu_info mas_menu_info[] = + { + { "help", "Display Menu", help }, +- { "discover", "Discover Buses and Devices", discover }, +- { "204", "Set Target Device to ATECC204A", select_204 }, +- { "108", "Set Target Device to ATECC108A", select_108 }, +- { "508", "Set Target Device to ATECC508A", select_508 }, +- { "608", "Set Target Device to ATECC608A", select_608 }, + { "info", "Get the Chip Revision", info }, + { "sernum", "Get the Chip Serial Number", sernum }, + { "basic", "Run Basic Test on Selected Device", run_basic_tests }, +@@ -135,12 +122,9 @@ static t_menu_info mas_menu_info[] = + { "cio", "Run Unit Test on Cert I/O", (fp_menu_handler)certio_unit_tests }, + #endif + #ifdef TEST_SW_CRYPTO +- { "crypto", "Run Unit Tests for Software Crypto Functions", atca_crypto_sw_tests }, ++ { "crypto", "Run Unit Tests for Software Crypto Functions", (fp_menu_handler)atca_crypto_sw_tests }, + #endif + { "all", "Run all unit tests, locking as needed.", run_all_tests }, +- { "clkdivm0", "Set ATECC608A to ClockDivider M0(0x00)", set_clock_divider_m0}, +- { "clkdivm1", "Set ATECC608A to ClockDivider M1(0x05)", set_clock_divider_m1}, +- { "clkdivm2", "Set ATECC608A to ClockDivider M2(0x0D)", set_clock_divider_m2}, + { NULL, NULL, NULL }, + }; + +@@ -160,6 +144,8 @@ int main(int argc, char* argv[]) + return 1; + } + ++ select_device(ATECC508A); ++ + while (true) + { + printf("$ "); +@@ -230,96 +216,13 @@ static void help(void) + } + } + +-static void select_204(void) +-{ +- select_device(ATSHA204A); +-} +-static void select_108(void) +-{ +- select_device(ATECC108A); +-} +-static void select_508(void) +-{ +- select_device(ATECC508A); +-} +-static void select_608(void) +-{ +- select_device(ATECC608A); +-} +- +-static void update_chip_mode(uint8_t* chip_mode, uint8_t i2c_user_extra_add, uint8_t ttl_enable, uint8_t watchdog, uint8_t clock_divider) +-{ +- if (i2c_user_extra_add != 0xFF) +- { +- *chip_mode &= ~ATCA_CHIPMODE_I2C_ADDRESS_FLAG; +- *chip_mode |= i2c_user_extra_add & ATCA_CHIPMODE_I2C_ADDRESS_FLAG; +- } +- if (ttl_enable != 0xFF) +- { +- *chip_mode &= ~ATCA_CHIPMODE_TTL_ENABLE_FLAG; +- *chip_mode |= ttl_enable & ATCA_CHIPMODE_TTL_ENABLE_FLAG; +- } +- if (watchdog != 0xFF) +- { +- *chip_mode &= ~ATCA_CHIPMODE_WATCHDOG_MASK; +- *chip_mode |= watchdog & ATCA_CHIPMODE_WATCHDOG_MASK; +- } +- if (clock_divider != 0xFF) +- { +- *chip_mode &= ~ATCA_CHIPMODE_CLOCK_DIV_MASK; +- *chip_mode |= clock_divider & ATCA_CHIPMODE_CLOCK_DIV_MASK; +- } +-} +- +-static ATCA_STATUS check_clock_divider(void) +-{ +- ATCA_STATUS status; +- uint8_t chip_mode = 0; +- +- if (gCfg->devtype != ATECC608A) +- { +- printf("Current device doesn't support clock divider settings (only ATECC608A)\r\n"); +- return ATCA_GEN_FAIL; +- } +- +- // Update the actual ATECC608A chip mode so it takes effect immediately +- status = atcab_init(gCfg); +- if (status != ATCA_SUCCESS) +- { +- printf("atcab_init() failed with ret=0x%08X\r\n", status); +- return status; +- } +- +- do +- { +- // Read current config values +- status = atcab_read_bytes_zone(ATCA_ZONE_CONFIG, 0, ATCA_CHIPMODE_OFFSET, &chip_mode, 1); +- if (status != ATCA_SUCCESS) +- { +- printf("atcab_read_bytes_zone() failed with ret=0x%08X\r\n", status); +- break; +- } +- +- // Update the ATECC608A test config data so all the unit tests will run with the new chip mode +- update_chip_mode(&test_ecc608_configdata[ATCA_CHIPMODE_OFFSET], 0xFF, 0xFF, chip_mode & ATCA_CHIPMODE_WATCHDOG_MASK, chip_mode & ATCA_CHIPMODE_CLOCK_DIV_MASK); +- +- } while (0); +- +- atcab_release(); +- return status; +-} +- + static void run_basic_tests(void) + { +- if (gCfg->devtype == ATECC608A) +- check_clock_divider(); + run_test(RunAllBasicTests); + } + + static void run_unit_tests(void) + { +- if (gCfg->devtype == ATECC608A) +- check_clock_divider(); + run_test(RunAllFeatureTests); + } + static void run_otpzero_tests(void) +@@ -453,37 +356,6 @@ static ATCA_STATUS do_randoms(void) + + return status; + } +-static void discover(void) +-{ +- ATCAIfaceCfg ifaceCfgs[10]; +- int i; +- const char *devname[] = { "ATSHA204A", "ATECC108A", "ATECC508A", "ATECC608A" }; // indexed by ATCADeviceType +- +- for (i = 0; i < (int)(sizeof(ifaceCfgs) / sizeof(ATCAIfaceCfg)); i++) +- { +- ifaceCfgs[i].devtype = ATCA_DEV_UNKNOWN; +- ifaceCfgs[i].iface_type = ATCA_UNKNOWN_IFACE; +- } +- +- printf("Searching..."); +- atcab_cfg_discover(ifaceCfgs, sizeof(ifaceCfgs) / sizeof(ATCAIfaceCfg)); +- for (i = 0; i < (int)(sizeof(ifaceCfgs) / sizeof(ATCAIfaceCfg)); i++) +- { +- if (ifaceCfgs[i].devtype != ATCA_DEV_UNKNOWN) +- { +- printf("Found %s ", devname[ifaceCfgs[i].devtype]); +- if (ifaceCfgs[i].iface_type == ATCA_I2C_IFACE) +- { +- printf("@ bus %d addr %02x", ifaceCfgs[i].atcai2c.bus, ifaceCfgs[i].atcai2c.slave_address); +- } +- if (ifaceCfgs[i].iface_type == ATCA_SWI_IFACE) +- { +- printf("@ bus %d", ifaceCfgs[i].atcaswi.bus); +- } +- printf("\r\n"); +- } +- } +-} + static void info(void) + { + ATCA_STATUS status; +@@ -636,18 +508,7 @@ static ATCA_STATUS get_serial_no(uint8_t *sernum) + + static void select_device(ATCADeviceType device_type) + { +- ATCA_STATUS status; +- +- status = set_test_config(device_type); +- +- if (status == ATCA_SUCCESS) +- { +- printf("Device Selected.\r\n"); +- } +- else +- { +- printf("IFace Cfg are NOT available\r\n"); +- } ++ set_test_config(device_type); + } + + static int run_test(void* fptest) +@@ -670,9 +531,6 @@ static void run_all_tests(void) + bool is_data_locked = false; + int fails = 0; + +- if (gCfg->devtype == ATECC608A) +- check_clock_divider(); +- + status = is_device_locked(LOCK_ZONE_CONFIG, &is_config_locked); + if (status != ATCA_SUCCESS) + { +@@ -814,204 +672,24 @@ static ATCA_STATUS set_test_config(ATCADeviceType deviceType) + gCfg->devtype = ATCA_DEV_UNKNOWN; + gCfg->iface_type = ATCA_UNKNOWN_IFACE; + +- switch (deviceType) +- { +- case ATSHA204A: +-#if defined(ATCA_HAL_I2C) +- *gCfg = cfg_atsha204a_i2c_default; +-#elif defined(ATCA_HAL_SWI) +- *gCfg = cfg_atsha204a_swi_default; +-#elif defined(ATCA_HAL_KIT_HID) +- *gCfg = cfg_atsha204a_kithid_default; +-#elif defined(ATCA_HAL_KIT_CDC) +- *gCfg = cfg_atsha204a_kitcdc_default; +-#elif defined(ATCA_HAL_CUSTOM) +- *gCfg = g_cfg_atsha204a_custom; +-#else +-#error "HAL interface is not selected"; +-#endif +- break; +- +- case ATECC108A: +-#if defined(ATCA_HAL_I2C) +- *gCfg = cfg_ateccx08a_i2c_default; +- gCfg->devtype = deviceType; +-#elif defined(ATCA_HAL_SWI) +- *gCfg = cfg_ateccx08a_swi_default; +- gCfg->devtype = deviceType; +-#elif defined(ATCA_HAL_KIT_HID) +- *gCfg = cfg_ateccx08a_kithid_default; +- gCfg->devtype = deviceType; +-#elif defined(ATCA_HAL_KIT_CDC) +- *gCfg = cfg_ateccx08a_kitcdc_default; +- gCfg->devtype = deviceType; +-#elif defined(ATCA_HAL_CUSTOM) +- *gCfg = g_cfg_atecc108a_custom; +-#else +-#error "HAL interface is not selected"; +-#endif +- break; +- +- case ATECC508A: +-#if defined(ATCA_HAL_I2C) +- *gCfg = cfg_ateccx08a_i2c_default; +- gCfg->devtype = deviceType; +-#elif defined(ATCA_HAL_SWI) +- *gCfg = cfg_ateccx08a_swi_default; +- gCfg->devtype = deviceType; +-#elif defined(ATCA_HAL_KIT_HID) +- *gCfg = cfg_ateccx08a_kithid_default; +- gCfg->devtype = deviceType; +-#elif defined(ATCA_HAL_KIT_CDC) +- *gCfg = cfg_ateccx08a_kitcdc_default; +- gCfg->devtype = deviceType; +-#elif defined(ATCA_HAL_CUSTOM) +- *gCfg = g_cfg_atecc508a_custom; +-#else +-#error "HAL interface is not selected"; +-#endif +- break; +- +- case ATECC608A: + #if defined(ATCA_HAL_I2C) +- *gCfg = cfg_ateccx08a_i2c_default; +- gCfg->devtype = deviceType; ++ *gCfg = cfg_ateccx08a_i2c_default; ++ gCfg->devtype = deviceType; + #elif defined(ATCA_HAL_SWI) +- *gCfg = cfg_ateccx08a_swi_default; +- gCfg->devtype = deviceType; ++ *gCfg = cfg_ateccx08a_swi_default; ++ gCfg->devtype = deviceType; + #elif defined(ATCA_HAL_KIT_HID) +- *gCfg = cfg_ateccx08a_kithid_default; +- gCfg->devtype = deviceType; ++ *gCfg = cfg_ateccx08a_kithid_default; ++ gCfg->devtype = deviceType; + #elif defined(ATCA_HAL_KIT_CDC) +- *gCfg = cfg_ateccx08a_kitcdc_default; +- gCfg->devtype = deviceType; ++ *gCfg = cfg_ateccx08a_kitcdc_default; ++ gCfg->devtype = deviceType; + #elif defined(ATCA_HAL_CUSTOM) +- *gCfg = g_cfg_atecc608a_custom; ++ *gCfg = g_cfg_atecc508a_custom; + #else + #error "HAL interface is not selected"; + #endif +- break; +- +- default: +- //device type wasn't found, return with error +- return ATCA_GEN_FAIL; +- } +- +- #ifdef ATCA_RASPBERRY_PI_3 +- gCfg->atcai2c.bus = 1; +- #endif + + return ATCA_SUCCESS; + } + +-static ATCA_STATUS set_chip_mode(uint8_t i2c_user_extra_add, uint8_t ttl_enable, uint8_t watchdog, uint8_t clock_divider) +-{ +- ATCA_STATUS status; +- uint8_t config_word[ATCA_WORD_SIZE]; +- bool is_config_locked = false; +- +- if (gCfg->devtype != ATECC608A) +- { +- printf("Current device doesn't support clock divider settings (only ATECC608A)\r\n"); +- return ATCA_GEN_FAIL; +- } +- +- status = is_device_locked(LOCK_ZONE_CONFIG, &is_config_locked); +- if (status != ATCA_SUCCESS) +- { +- printf("is_device_locked() failed with ret=0x%08X\r\n", status); +- return status; +- } +- +- if (is_config_locked) +- { +- printf("Current device is config locked. Can't change clock divider. "); +- } +- +- // Update the actual ATECC608A chip mode so it takes effect immediately +- status = atcab_init(gCfg); +- if (status != ATCA_SUCCESS) +- { +- printf("atcab_init() failed with ret=0x%08X\r\n", status); +- return status; +- } +- +- do +- { +- // Read current config values +- status = atcab_read_bytes_zone(ATCA_ZONE_CONFIG, 0, 16, config_word, 4); +- if (status != ATCA_SUCCESS) +- { +- printf("atcab_read_bytes_zone() failed with ret=0x%08X\r\n", status); +- break; +- } +- +- if (is_config_locked) +- { +- printf("Currently set to 0x%02X.\r\n", (int)(config_word[3] >> 3)); +- status = ATCA_GEN_FAIL; +- break; +- } +- +- // Update ChipMode +- update_chip_mode(&config_word[3], i2c_user_extra_add, ttl_enable, watchdog, clock_divider); +- +- // Write config values back to chip +- status = atcab_write_bytes_zone(ATCA_ZONE_CONFIG, 0, 16, config_word, 4); +- if (status != ATCA_SUCCESS) +- { +- printf("atcab_write_bytes_zone() failed with ret=0x%08X\r\n", status); +- break; +- } +- +- // Put to sleep so new values take effect +- status = atcab_wakeup(); +- if (status != ATCA_SUCCESS) +- { +- printf("atcab_wakeup() failed with ret=0x%08X\r\n", status); +- break; +- } +- status = atcab_sleep(); +- if (status != ATCA_SUCCESS) +- { +- printf("atcab_sleep() failed with ret=0x%08X\r\n", status); +- break; +- } +- +- // Update the ATECC608A test config data so all the unit tests will run with the new chip mode +- update_chip_mode(&test_ecc608_configdata[ATCA_CHIPMODE_OFFSET], i2c_user_extra_add, ttl_enable, watchdog, clock_divider); +- +- } while (0); +- +- atcab_release(); +- return status; +-} +- +-static void set_clock_divider_m0(void) +-{ +- ATCA_STATUS status = set_chip_mode(0xFF, 0xFF, ATCA_CHIPMODE_WATCHDOG_SHORT, ATCA_CHIPMODE_CLOCK_DIV_M0); +- if (status == ATCA_SUCCESS) +- { +- printf("Set device to clock divider M0 (0x%02X) and watchdog to 1.3s nominal.\r\n", ATCA_CHIPMODE_CLOCK_DIV_M0 >> 3); +- } +-} +- +-static void set_clock_divider_m1(void) +-{ +- ATCA_STATUS status = set_chip_mode(0xFF, 0xFF, ATCA_CHIPMODE_WATCHDOG_SHORT, ATCA_CHIPMODE_CLOCK_DIV_M1); +- if (status == ATCA_SUCCESS) +- { +- printf("Set device to clock divider M1 (0x%02X) and watchdog to 1.3s nominal.\r\n", ATCA_CHIPMODE_CLOCK_DIV_M1 >> 3); +- } +-} +- +-static void set_clock_divider_m2(void) +-{ +- // Additionally set watchdog to long settings (~13s) as some commands +- // can't complete in time on the faster watchdog setting. +- ATCA_STATUS status = set_chip_mode(0xFF, 0xFF, ATCA_CHIPMODE_WATCHDOG_LONG, ATCA_CHIPMODE_CLOCK_DIV_M2); +- if (status == ATCA_SUCCESS) +- { +- printf("Set device to clock divider M2 (0x%02X) and watchdog to 13s nominal.\r\n", ATCA_CHIPMODE_CLOCK_DIV_M2 >> 3); +- } +-} +\ No newline at end of file diff --git a/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib_git.bb b/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib_git.bb index 769665d1c..82b7359f5 100644 --- a/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib_git.bb +++ b/meta-digi-arm/recipes-digi/cryptoauthlib/cryptoauthlib_git.bb @@ -14,6 +14,8 @@ SRC_URI = " \ ${GIT_URI};nobranch=1 \ file://0001-Port-changes-from-the-cryptoauth-engine-repo-to-the-.patch \ file://0002-Remove-unused-HAL-implementations.patch \ + file://0003-Build-cryptochip-cmd-processor-application-along-wit.patch \ + file://0004-Remove-unnecessary-code-from-cryptochip-cmd-processo.patch \ " S = "${WORKDIR}/git"