From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Fri, 27 Apr 2018 13:24:49 +0200
Subject: [PATCH] Digi modifications to the cryptoauth OpenSSL engine

https://jira.digi.com/browse/DEL-5592

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
 Makefile                                      |  1 +
 cryptoauthlib/Makefile                        | 40 +++++++++++++++------------
 cryptoauthlib/lib/atca_cfgs.c                 | 16 +++++++++--
 cryptoauthlib/lib/openssl/eccx08_eckey_meth.c | 16 +++++------
 cryptoauthlib/lib/openssl/eccx08_engine.h     |  4 +++
 5 files changed, 49 insertions(+), 28 deletions(-)
 create mode 100644 Makefile

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..3025439
--- /dev/null
+++ b/Makefile
@@ -0,0 +1 @@
+include cryptoauthlib/Makefile
diff --git a/cryptoauthlib/Makefile b/cryptoauthlib/Makefile
index 399db53..b2596bb 100644
--- a/cryptoauthlib/Makefile
+++ b/cryptoauthlib/Makefile
@@ -1,8 +1,11 @@
 .PHONY: all libcryptoauth libateccssl libpkcs11 dist install clean
 
-OPTIONS := ATCAPRINTF ATCA_HAL_KIT_CDC ENGINE_DYNAMIC_SUPPORT USE_ECCX08 ECC_DEBUG
+OPTIONS := ATCAPRINTF ATCA_HAL_I2C ENGINE_DYNAMIC_SUPPORT USE_ECCX08 ECC_DEBUG
 
-SYSTEM_INCLUDES := /usr/include
+SYSTEM_INCLUDES := $(DESTDIR)/usr/include
+
+TARGET_ARCH = Linux
+TARGET_HAL = I2C
 
 # Check platform
 ifeq ($(OS),Windows_NT)
@@ -38,7 +41,7 @@ endif
 endif
 
 ifeq ($(uname_S),Linux)
-CFLAGS += -g -O1 -m64 -Wall -fPIC $(addprefix -D,$(OPTIONS))
+CFLAGS += -g -O1 -Wall -fPIC $(addprefix -D,$(OPTIONS))
 TARGET_ARCH := Linux
 endif
 #    ifeq ($(uname_S),Darwin)
@@ -55,32 +58,32 @@ endif
 #        CCFLAGS += -D ARM
 #    endif
 
-OPENSSLDIR = /usr/include/openssl
+OPENSSLDIR = $(DESTDIR)/usr/include/openssl
 
-OUTDIR := $(abspath .build)
+OUTDIR := $(abspath cryptoauthlib/.build)
 
 DEPFLAGS = -MT $@ -MMD -MP -MF $(OUTDIR)/$*.d
 ARFLAGS = rcs
 
 
 # Wildcard all the sources and headers
-SOURCES := $(call FIND,lib,*.c)
-INCLUDE := $(sort $(dir $(call FIND, lib, *.h)))
+SOURCES := $(call FIND,cryptoauthlib/lib,*.c)
+INCLUDE := $(sort $(dir $(call FIND, cryptoauthlib/lib, *.h)))
 
 # Gather OpenSSL Engine objects
-LIBATECCSSL_OBJECTS := $(filter $(abspath lib/openssl)/%, $(SOURCES))
+LIBATECCSSL_OBJECTS := $(filter $(abspath cryptoauthlib/lib/openssl)/%, $(SOURCES))
 # Example if statically linking in the certificate definition
 #LIBATECCSSL_OBJECTS += cert_def_1_signer.c cert_def_2_signer.c
 LIBATECCSSL_OBJECTS := $(addprefix $(OUTDIR)/,$(notdir $(LIBATECCSSL_OBJECTS:.c=.o)))
 
 # Gather PKCS11 Objects
-LIBPKCS11_OBJECTS := $(filter $(abspath lib/pkcs11)/%, $(SOURCES))
+LIBPKCS11_OBJECTS := $(filter $(abspath cryptoauthlib/lib/pkcs11)/%, $(SOURCES))
 LIBPKCS11_OBJECTS := $(addprefix $(OUTDIR)/,$(notdir $(LIBPKCS11_OBJECTS:.c=.o)))
 
 # Gather libcryptoauth objects
-LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath lib/hal)/%, $(SOURCES))
-LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath lib/pkcs11)/%, $(LIBCRYPTOAUTH_OBJECTS))
-LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath lib/openssl)/%, $(LIBCRYPTOAUTH_OBJECTS))
+LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath cryptoauthlib/lib/hal)/%, $(SOURCES))
+LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath cryptoauthlib/lib/pkcs11)/%, $(LIBCRYPTOAUTH_OBJECTS))
+LIBCRYPTOAUTH_OBJECTS := $(filter-out $(abspath cryptoauthlib/lib/openssl)/%, $(LIBCRYPTOAUTH_OBJECTS))
 LIBCRYPTOAUTH_OBJECTS += atca_hal.c
 
 ifeq ($(TARGET_ARCH),Windows)
@@ -101,9 +104,9 @@ LIBCRYPTOAUTH_OBJECTS += hal_linux_kit_cdc.c kit_protocol.c
 endif
 endif
 
-TEST_SOURCES := $(call FIND,test,*.c)
+TEST_SOURCES := $(call FIND,cryptoauthlib/test,*.c)
 #TEST_INCLUDE := $(sort $(dir $(call FIND, test, *.h)))
-TEST_INCLUDE := $(abspath .)
+TEST_INCLUDE := $(abspath cryptoauthlib/.)
 TEST_OBJECTS := $(addprefix $(OUTDIR)/,$(notdir $(TEST_SOURCES:.c=.o)))
 
 LIBCRYPTOAUTH_OBJECTS := $(addprefix $(OUTDIR)/,$(notdir $(LIBCRYPTOAUTH_OBJECTS:.c=.o)))
@@ -126,7 +129,7 @@ $(OUTDIR)/libcryptoauth.a: $(LIBCRYPTOAUTH_OBJECTS) | $(OUTDIR)
 	$(AR) $(ARFLAGS) $@ $(LIBCRYPTOAUTH_OBJECTS)
 
 $(OUTDIR)/libateccssl.so: $(LIBATECCSSL_OBJECTS) $(LIBCRYPTOAUTH_OBJECTS) | $(OUTDIR)
-	$(LD) -dll -shared $(LIBATECCSSL_OBJECTS) $(LIBCRYPTOAUTH_OBJECTS) -o $@ -lcrypto -lrt
+	$(CC) -dll -shared $(LIBATECCSSL_OBJECTS) $(LIBCRYPTOAUTH_OBJECTS) -o $@ -lcrypto -lrt
 
 $(OUTDIR)/test: $(OUTDIR)/libateccssl.so $(TEST_OBJECTS) | $(OUTDIR)
 	$(CC) -o $@ $(TEST_OBJECTS) -L$(OUTDIR) -lateccssl -lcrypto -lssl
@@ -142,7 +145,10 @@ libcryptoauth: $(OUTDIR)/libcryptoauth.a | $(OUTDIR)
 all: $(LIBCRYPTOAUTH_OBJECTS) $(LIBATECCSSL_OBJECTS) $(LIBPKCS11_OBJECTS) | $(OUTDIR)
 
 test: $(OUTDIR)/test | $(OUTDIR)
-	env LD_LIBRARY_PATH=$(OUTDIR) $(OUTDIR)/test
+
+install: libateccssl | $(OUTDIR)
+	install -d $(DESTDIR)/usr/lib/ssl/engines
+	install -m 0755 $(OUTDIR)/libateccssl.so $(DESTDIR)/usr/lib/ssl/engines
 
 clean:
-	rm -r $(OUTDIR)
+	rm -rf $(OUTDIR)
diff --git a/cryptoauthlib/lib/atca_cfgs.c b/cryptoauthlib/lib/atca_cfgs.c
index a8f6b68..5775f91 100644
--- a/cryptoauthlib/lib/atca_cfgs.c
+++ b/cryptoauthlib/lib/atca_cfgs.c
@@ -47,14 +47,24 @@
 
 /* if the number of these configurations grows large, we can #ifdef them based on required device support */
 
+/* Default I2C configuration */
+#ifndef ATCA_HAL_I2C_BUS
+#define ATCA_HAL_I2C_BUS 0
+#warning "Using default value for ATCA_HAL_I2C_BUS: 0"
+#endif
+
+#ifndef ATCA_HAL_I2C_SPEED
+#define ATCA_HAL_I2C_SPEED 400000
+#warning "Using default value for ATCA_HAL_I2C_SPEED: 400000"
+#endif
+
 /** \brief default configuration for an ECCx08A device */
 ATCAIfaceCfg cfg_ateccx08a_i2c_default = {
     .iface_type             = ATCA_I2C_IFACE,
     .devtype                = ATECC508A,
     .atcai2c.slave_address  = 0xC0,
-    .atcai2c.bus            = 2,
-    .atcai2c.baud           = 400000,
-    //.atcai2c.baud = 100000,
+    .atcai2c.bus            = ATCA_HAL_I2C_BUS,
+    .atcai2c.baud           = ATCA_HAL_I2C_SPEED,
     .wake_delay             = 1500,
     .rx_retries             = 20
 };
diff --git a/cryptoauthlib/lib/openssl/eccx08_eckey_meth.c b/cryptoauthlib/lib/openssl/eccx08_eckey_meth.c
index a857a92..f79a98f 100644
--- a/cryptoauthlib/lib/openssl/eccx08_eckey_meth.c
+++ b/cryptoauthlib/lib/openssl/eccx08_eckey_meth.c
@@ -818,7 +818,7 @@ int eccx08_pmeth_selector(ENGINE *e, EVP_PKEY_METHOD **pkey_meth,
 #if ATCA_OPENSSL_OLD_API
 /* These are from the OpenSSL 1.1.x API */
 
-static void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, 
+static void ECCX08_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
     int(**pinit) (EVP_PKEY_CTX *ctx))
 {
     if (pmeth && pinit)
@@ -827,7 +827,7 @@ static void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
     }
 }
 
-static void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
+static void ECCX08_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
     int(**pkeygen_init) (EVP_PKEY_CTX *ctx),
     int(**pkeygen) (EVP_PKEY_CTX *ctx,
         EVP_PKEY *pkey))
@@ -845,7 +845,7 @@ static void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
     }
 }
 
-static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+static void ECCX08_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
     int(**psign_init) (EVP_PKEY_CTX *ctx),
     int(**psign) (EVP_PKEY_CTX *ctx,
         unsigned char *sig, size_t *siglen,
@@ -865,7 +865,7 @@ static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
     }
 }
 
-static void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
+static void ECCX08_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
     int(**pderive_init) (EVP_PKEY_CTX *ctx),
     int(**pderive) (EVP_PKEY_CTX *ctx,
         unsigned char *key,
@@ -951,10 +951,10 @@ int eccx08_pkey_meth_init(void)
     EVP_PKEY_meth_copy(eccx08_pkey_meth, defaults);
 
     /* Retain default methods we'll be replacing */
-    EVP_PKEY_meth_get_init(defaults, &eccx08_pkey_def_f.init);
-    EVP_PKEY_meth_get_keygen(defaults, &eccx08_pkey_def_f.keygen_init, &eccx08_pkey_def_f.keygen);
-    EVP_PKEY_meth_get_sign(defaults, &eccx08_pkey_def_f.sign_init, &eccx08_pkey_def_f.sign);
-    EVP_PKEY_meth_get_derive(defaults, &eccx08_pkey_def_f.derive_init, &eccx08_pkey_def_f.derive);
+    ECCX08_PKEY_meth_get_init(defaults, &eccx08_pkey_def_f.init);
+    ECCX08_PKEY_meth_get_keygen(defaults, &eccx08_pkey_def_f.keygen_init, &eccx08_pkey_def_f.keygen);
+    ECCX08_PKEY_meth_get_sign(defaults, &eccx08_pkey_def_f.sign_init, &eccx08_pkey_def_f.sign);
+    ECCX08_PKEY_meth_get_derive(defaults, &eccx08_pkey_def_f.derive_init, &eccx08_pkey_def_f.derive);
 
     /* Replace those we need to intercept */
     EVP_PKEY_meth_set_init(eccx08_pkey_meth, eccx08_pkey_ec_init);
diff --git a/cryptoauthlib/lib/openssl/eccx08_engine.h b/cryptoauthlib/lib/openssl/eccx08_engine.h
index 0df331f..90f9673 100644
--- a/cryptoauthlib/lib/openssl/eccx08_engine.h
+++ b/cryptoauthlib/lib/openssl/eccx08_engine.h
@@ -52,6 +52,10 @@
 
 /* Configuration options */
 
+#define ATCA_OPENSSL_ENGINE_STATIC_CONFIG       (0)
+#define ATCA_OPENSSL_ENGINE_ENABLE_RAND         (1)
+#define ATCA_OPENSSL_ENGINE_ENABLE_SHA256       (1)
+
 /** \brief Advertize RNG to OpenSSL*/
 #ifndef ATCA_OPENSSL_ENGINE_ENABLE_RAND
 #define ATCA_OPENSSL_ENGINE_ENABLE_RAND         (0)