recipes-digi: add cryptoauth-openssl-engine

https://jira.digi.com/browse/DEL-5592 Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
2018-05-07 12:23:36 +02:00 · 2018-05-07 12:23:36 +02:00 · d08f067e12
parent 7f58541f9a
commit d08f067e12
5 changed files with 300 additions and 1 deletions
--- a/meta-digi-arm/conf/machine/ccimx6qpsbc.conf
+++ b/meta-digi-arm/conf/machine/ccimx6qpsbc.conf
@ -11,7 +11,10 @@ WIRELESS_MODULE_append = " ${@base_conditional('HAVE_WIFI', '1', 'kernel-module-
 # Wireless p2p interface
 WLAN_P2P_INTERFACE ?= "p2p0"
-MACHINE_EXTRA_RRECOMMENDS += "cryptoauthlib"
+MACHINE_EXTRA_RRECOMMENDS += " \
    cryptoauthlib \
    cryptoauth-openssl-engine \
 "
 # Firmware
 MACHINE_FIRMWARE_append = " ${@base_conditional('HAVE_BT', '1', 'firmware-qualcomm-qca6564-bt', '', d)}"
--- a/meta-digi-arm/conf/machine/include/ccimx6ul.inc
+++ b/meta-digi-arm/conf/machine/include/ccimx6ul.inc
@ -35,6 +35,7 @@ MACHINE_EXTRA_RRECOMMENDS += " \
    ${@bb.utils.contains('DISTRO_FEATURES', 'alsa', 'imx-alsa-plugins', '', d)} \
    cryptoauthlib \
    cryptodev-module \
    cryptoauth-openssl-engine \
 "
 MACHINE_FEATURES += "wifi bluetooth"
--- a/meta-digi-arm/custom-licenses/MICROCHIP_ENGINE_LICENSE
+++ b/meta-digi-arm/custom-licenses/MICROCHIP_ENGINE_LICENSE
@ -0,0 +1,30 @@
 Copyright (c) 2017 Microchip Technology Inc. and its subsidiaries (Microchip). All rights reserved.
 You are permitted to use this software and its derivatives with Microchip
 products. Redistribution and use in source and binary forms, with or without
 modification, is permitted provided that the following conditions are met:
 1. Redistributions of source code must retain the above copyright notice,
   this list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright notice,
   this list of conditions and the following disclaimer in the documentation
   and/or other materials provided with the distribution.
 3. The name of Microchip may not be used to endorse or promote products derived
   from this software without specific prior written permission.
 4. This software may only be redistributed and used in connection with a
   Microchip integrated circuit.
 THIS SOFTWARE IS PROVIDED BY MICROCHIP "AS IS" AND ANY EXPRESS OR IMPLIED
 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE
 EXPRESSLY AND SPECIFICALLY DISCLAIMED. IN NO EVENT SHALL MICROCHIP BE LIABLE FOR
 ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.
--- a/meta-digi-dey/recipes-digi/cryptoauth-openssl-engine/cryptoauth-openssl-engine/0001-Digi-modifications-to-the-cryptoauth-OpenSSL-engine.patch
+++ b/meta-digi-dey/recipes-digi/cryptoauth-openssl-engine/cryptoauth-openssl-engine/0001-Digi-modifications-to-the-cryptoauth-OpenSSL-engine.patch
@ -0,0 +1,228 @@
 From: Gabriel Valcazar <gabriel.valcazar@digi.com>
 Date: Fri, 27 Apr 2018 13:24:49 +0200
 Subject: [PATCH] Digi modifications to the cryptoauth OpenSSL engine
 https://jira.digi.com/browse/DEL-5592
 Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
 ---
 Makefile                                      |  1 +
 cryptoauthlib/Makefile                        | 40 +++++++++++++++------------
 cryptoauthlib/lib/atca_cfgs.c                 | 16 +++++++++--
 cryptoauthlib/lib/openssl/eccx08_eckey_meth.c | 16 +++++------
 cryptoauthlib/lib/openssl/eccx08_engine.h     |  4 +++
 5 files changed, 49 insertions(+), 28 deletions(-)
 create mode 100644 Makefile
 diff --git a/Makefile b/Makefile
 new file mode 100644
 index 0000000..3025439
 --- /dev/null
 +++ b/Makefile
@@ -0,0 +1 @@
 +include cryptoauthlib/Makefile
 diff --git a/cryptoauthlib/Makefile b/cryptoauthlib/Makefile
 index 399db53..b2596bb 100644
 --- a/cryptoauthlib/Makefile
 +++ b/cryptoauthlib/Makefile
@@ -1,8 +1,11 @@
 .PHONY: all libcryptoauth libateccssl libpkcs11 dist install clean
 -OPTIONS := ATCAPRINTF ATCA_HAL_KIT_CDC ENGINE_DYNAMIC_SUPPORT USE_ECCX08 ECC_DEBUG
 +OPTIONS := ATCAPRINTF ATCA_HAL_I2C ENGINE_DYNAMIC_SUPPORT USE_ECCX08 ECC_DEBUG
 -SYSTEM_INCLUDES := /usr/include
 +SYSTEM_INCLUDES := $(DESTDIR)/usr/include
 +
 +TARGET_ARCH = Linux
 +TARGET_HAL = I2C
 # Check platform
 ifeq ($(OS),Windows_NT)
@@ -38,7 +41,7 @@ endif
 endif
 ifeq ($(uname_S),Linux)
 -CFLAGS += -g -O1 -m64 -Wall -fPIC $(addprefix -D,$(OPTIONS))
 +CFLAGS += -g -O1 -Wall -fPIC $(addprefix -D,$(OPTIONS))
 TARGET_ARCH := Linux
 endif
 #    ifeq ($(uname_S),Darwin)
@@ -55,32 +58,32 @@ endif
 #        CCFLAGS += -D ARM
 #    endif
 -OPENSSLDIR = /usr/include/openssl
 +OPENSSLDIR = $(DESTDIR)/usr/include/openssl
 -OUTDIR := $(abspath .build)
 +OUTDIR := $(abspath cryptoauthlib/.build)
 DEPFLAGS = -MT $@ -MMD -MP -MF $(OUTDIR)/$*.d
 ARFLAGS = rcs
 # Wildcard all the sources and headers
 -SOURCES := $(call FIND,lib,*.c)
 -INCLUDE := $(sort $(dir $(call FIND, lib, *.h)))
 +SOURCES := $(call FIND,cryptoauthlib/lib,*.c)
 +INCLUDE := $(sort $(dir $(call FIND, cryptoauthlib/lib, *.h)))
 # Gather OpenSSL Engine objects
 -LIBATECCSSL_OBJECTS := $(filter $(abspath lib/openssl)/%, $(SOURCES))
 +LIBATECCSSL_OBJECTS := $(filter $(abspath cryptoauthlib/lib/openssl)/%, $(SOURCES))
 # Example if statically linking in the certificate definition
 #LIBATECCSSL_OBJECTS += cert_def_1_signer.c cert_def_2_signer.c
 LIBATECCSSL_OBJECTS := $(addprefix $(OUTDIR)/,$(notdir $(LIBATECCSSL_OBJECTS:.c=.o)))
 # Gather PKCS11 Objects
 -LIBPKCS11_OBJECTS := $(filter $(abspath lib/pkcs11)/%, $(SOURCES))
 +LIBPKCS11_OBJECTS := $(filter $(abspath cryptoauthlib/lib/pkcs11)/%, $(SOURCES))
 LIBPKCS11_OBJECTS := $(addprefix $(OUTDIR)/,$(notdir $(LIBPKCS11_OBJECTS:.c=.o)))
 # Gather libcryptoauth objects
 -LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath lib/hal)/%, $(SOURCES))
 -LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath lib/pkcs11)/%, $(LIBCRYPTOAUTH_OBJECTS))
 -LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath lib/openssl)/%, $(LIBCRYPTOAUTH_OBJECTS))
 +LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath cryptoauthlib/lib/hal)/%, $(SOURCES))
 +LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath cryptoauthlib/lib/pkcs11)/%, $(LIBCRYPTOAUTH_OBJECTS))
 +LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath cryptoauthlib/lib/openssl)/%, $(LIBCRYPTOAUTH_OBJECTS))
 LIBCRYPTOAUTH_OBJECTS += atca_hal.c
 ifeq ($(TARGET_ARCH),Windows)
@@ -101,9 +104,9 @@ LIBCRYPTOAUTH_OBJECTS += hal_linux_kit_cdc.c kit_protocol.c
 endif
 endif
 -TEST_SOURCES := $(call FIND,test,*.c)
 +TEST_SOURCES := $(call FIND,cryptoauthlib/test,*.c)
 #TEST_INCLUDE := $(sort $(dir $(call FIND, test, *.h)))
 -TEST_INCLUDE := $(abspath .)
 +TEST_INCLUDE := $(abspath cryptoauthlib/.)
 TEST_OBJECTS := $(addprefix $(OUTDIR)/,$(notdir $(TEST_SOURCES:.c=.o)))
 LIBCRYPTOAUTH_OBJECTS := $(addprefix $(OUTDIR)/,$(notdir $(LIBCRYPTOAUTH_OBJECTS:.c=.o)))
@@ -126,7 +129,7 @@ $(OUTDIR)/libcryptoauth.a: $(LIBCRYPTOAUTH_OBJECTS) | $(OUTDIR)
 	$(AR) $(ARFLAGS) $@ $(LIBCRYPTOAUTH_OBJECTS)
 $(OUTDIR)/libateccssl.so: $(LIBATECCSSL_OBJECTS) $(LIBCRYPTOAUTH_OBJECTS) | $(OUTDIR)
 -	$(LD) -dll -shared $(LIBATECCSSL_OBJECTS) $(LIBCRYPTOAUTH_OBJECTS) -o $@ -lcrypto -lrt
 +	$(CC) -dll -shared $(LIBATECCSSL_OBJECTS) $(LIBCRYPTOAUTH_OBJECTS) -o $@ -lcrypto -lrt
 $(OUTDIR)/test: $(OUTDIR)/libateccssl.so $(TEST_OBJECTS) | $(OUTDIR)
 	$(CC) -o $@ $(TEST_OBJECTS) -L$(OUTDIR) -lateccssl -lcrypto -lssl
@@ -142,7 +145,10 @@ libcryptoauth: $(OUTDIR)/libcryptoauth.a | $(OUTDIR)
 all: $(LIBCRYPTOAUTH_OBJECTS) $(LIBATECCSSL_OBJECTS) $(LIBPKCS11_OBJECTS) | $(OUTDIR)
 test: $(OUTDIR)/test | $(OUTDIR)
 -	env LD_LIBRARY_PATH=$(OUTDIR) $(OUTDIR)/test
 +
 +install: libateccssl | $(OUTDIR)
 +	install -d $(DESTDIR)/usr/lib/ssl/engines
 +	install -m 0755 $(OUTDIR)/libateccssl.so $(DESTDIR)/usr/lib/ssl/engines
 clean:
 -	rm -r $(OUTDIR)
 +	rm -rf $(OUTDIR)
 diff --git a/cryptoauthlib/lib/atca_cfgs.c b/cryptoauthlib/lib/atca_cfgs.c
 index a8f6b68..5775f91 100644
 --- a/cryptoauthlib/lib/atca_cfgs.c
 +++ b/cryptoauthlib/lib/atca_cfgs.c
@@ -47,14 +47,24 @@
 /* if the number of these configurations grows large, we can #ifdef them based on required device support */
 +/* Default I2C configuration */
 +#ifndef ATCA_HAL_I2C_BUS
 +#define ATCA_HAL_I2C_BUS 0
 +#warning "Using default value for ATCA_HAL_I2C_BUS: 0"
 +#endif
 +
 +#ifndef ATCA_HAL_I2C_SPEED
 +#define ATCA_HAL_I2C_SPEED 400000
 +#warning "Using default value for ATCA_HAL_I2C_SPEED: 400000"
 +#endif
 +
 /** \brief default configuration for an ECCx08A device */
 ATCAIfaceCfg cfg_ateccx08a_i2c_default = {
     .iface_type             = ATCA_I2C_IFACE,
     .devtype                = ATECC508A,
     .atcai2c.slave_address  = 0xC0,
 -    .atcai2c.bus            = 2,
 -    .atcai2c.baud           = 400000,
 -    //.atcai2c.baud = 100000,
 +    .atcai2c.bus            = ATCA_HAL_I2C_BUS,
 +    .atcai2c.baud           = ATCA_HAL_I2C_SPEED,
     .wake_delay             = 1500,
     .rx_retries             = 20
 };
 diff --git a/cryptoauthlib/lib/openssl/eccx08_eckey_meth.c b/cryptoauthlib/lib/openssl/eccx08_eckey_meth.c
 index a857a92..f79a98f 100644
 --- a/cryptoauthlib/lib/openssl/eccx08_eckey_meth.c
 +++ b/cryptoauthlib/lib/openssl/eccx08_eckey_meth.c
@@ -818,7 +818,7 @@ int eccx08_pmeth_selector(ENGINE *e, EVP_PKEY_METHOD **pkey_meth,
 #if ATCA_OPENSSL_OLD_API
 /* These are from the OpenSSL 1.1.x API */
 -static void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, 
 +static void ECCX08_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
     int(**pinit) (EVP_PKEY_CTX *ctx))
 {
     if (pmeth && pinit)
@@ -827,7 +827,7 @@ static void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
     }
 }
 -static void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
 +static void ECCX08_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
     int(**pkeygen_init) (EVP_PKEY_CTX *ctx),
     int(**pkeygen) (EVP_PKEY_CTX *ctx,
         EVP_PKEY *pkey))
@@ -845,7 +845,7 @@ static void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
     }
 }
 -static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
 +static void ECCX08_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
     int(**psign_init) (EVP_PKEY_CTX *ctx),
     int(**psign) (EVP_PKEY_CTX *ctx,
         unsigned char *sig, size_t *siglen,
@@ -865,7 +865,7 @@ static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
     }
 }
 -static void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
 +static void ECCX08_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
     int(**pderive_init) (EVP_PKEY_CTX *ctx),
     int(**pderive) (EVP_PKEY_CTX *ctx,
         unsigned char *key,
@@ -951,10 +951,10 @@ int eccx08_pkey_meth_init(void)
     EVP_PKEY_meth_copy(eccx08_pkey_meth, defaults);
     /* Retain default methods we'll be replacing */
 -    EVP_PKEY_meth_get_init(defaults, &eccx08_pkey_def_f.init);
 -    EVP_PKEY_meth_get_keygen(defaults, &eccx08_pkey_def_f.keygen_init, &eccx08_pkey_def_f.keygen);
 -    EVP_PKEY_meth_get_sign(defaults, &eccx08_pkey_def_f.sign_init, &eccx08_pkey_def_f.sign);
 -    EVP_PKEY_meth_get_derive(defaults, &eccx08_pkey_def_f.derive_init, &eccx08_pkey_def_f.derive);
 +    ECCX08_PKEY_meth_get_init(defaults, &eccx08_pkey_def_f.init);
 +    ECCX08_PKEY_meth_get_keygen(defaults, &eccx08_pkey_def_f.keygen_init, &eccx08_pkey_def_f.keygen);
 +    ECCX08_PKEY_meth_get_sign(defaults, &eccx08_pkey_def_f.sign_init, &eccx08_pkey_def_f.sign);
 +    ECCX08_PKEY_meth_get_derive(defaults, &eccx08_pkey_def_f.derive_init, &eccx08_pkey_def_f.derive);
     /* Replace those we need to intercept */
     EVP_PKEY_meth_set_init(eccx08_pkey_meth, eccx08_pkey_ec_init);
 diff --git a/cryptoauthlib/lib/openssl/eccx08_engine.h b/cryptoauthlib/lib/openssl/eccx08_engine.h
 index 0df331f..90f9673 100644
 --- a/cryptoauthlib/lib/openssl/eccx08_engine.h
 +++ b/cryptoauthlib/lib/openssl/eccx08_engine.h
@@ -52,6 +52,10 @@
 /* Configuration options */
 +#define ATCA_OPENSSL_ENGINE_STATIC_CONFIG       (0)
 +#define ATCA_OPENSSL_ENGINE_ENABLE_RAND         (1)
 +#define ATCA_OPENSSL_ENGINE_ENABLE_SHA256       (1)
 +
 /** \brief Advertize RNG to OpenSSL*/
 #ifndef ATCA_OPENSSL_ENGINE_ENABLE_RAND
 #define ATCA_OPENSSL_ENGINE_ENABLE_RAND         (0)
--- a/meta-digi-dey/recipes-digi/cryptoauth-openssl-engine/cryptoauth-openssl-engine_git.bb
+++ b/meta-digi-dey/recipes-digi/cryptoauth-openssl-engine/cryptoauth-openssl-engine_git.bb
@ -0,0 +1,37 @@
 # Copyright (C) 2018 Digi International Inc.
 SUMMARY = "Microchip CryptoAuthentication OpenSSL engine"
 SECTION = "libs"
 LICENSE = "MICROCHIP_ENGINE_LICENSE"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3fdaa96f37898a0641820700bbf5f7b8"
 SRCBRANCH = "master"
 SRCREV = "a69a4f92af6bee9cb13035c2f859912744796380"
 GIT_URI ?= "git://github.com/MicrochipTech/cryptoauth-openssl-engine.git;protocol=git"
 SRC_URI = " \
    ${GIT_URI};nobranch=1 \
    file://0001-Digi-modifications-to-the-cryptoauth-OpenSSL-engine.patch \
 "
 S = "${WORKDIR}/git"
 I2C_BUS ?= "0"
 I2C_BUS_ccimx6qpsbc = "1"
 I2C_SPEED ?= "100000"
 CFLAGS += "-DATCA_HAL_I2C_BUS=${I2C_BUS} -DATCA_HAL_I2C_SPEED=${I2C_SPEED}"
 do_install() {
 	oe_runmake DESTDIR=${D} install
 }
 DEPENDS += "openssl"
 TARGET_CC_ARCH += "${LDFLAGS}"
 FILES_${PN} += "${libdir}/ssl/engines/libateccssl.so"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 COMPATIBLE_MACHINE = "(ccimx6qpsbc|ccimx6ul)"