Added GCM functions

Author: BenUdall-Microchip

README.md

@@ -60,6 +60,11 @@ Examples
 
 Release notes
 -----------
+01/04/2019
+  - Added GCM functions
+  - Split AES modes into separate files
+  - Bug fix in SWI START driver
+
 10/25/2018
   - Added basic certificate functions to the python wrapper.
   - Added Espressif ESP32 I2C driver.

app/ip_protection/README.md

@@ -0,0 +1,15 @@
+IP Protection with Symmetric Authentication
+------------------------
+The IP protection can be easily integrated to the existing projects.The user project should include symmetric_authentication.c & symmetric_authentication.h files which contains the api
+- **symmetric_authenticate()** - For Performing the authentication between host & device.
+
+User Considerations
+-----------
+- The user should take care on how the master key should be stored on the MCU side.
+- The api's in the file doesn't do the provisioning of the chip and user should take care of the provisioning.
+
+With the provisioned cryptoauthentication device and after doing the cryptoauthlib initialisation,user should only be calling the function symmetric_authenticate() with its necessary parameters for the authentication. The returned authentication status should be used in the application.
+
+Examples
+-----------
+For more information about IP protection and its example project refer [Microchip github](https://github.com/MicrochipTech)

app/ip_protection/symmetric_authentication.c

@@ -0,0 +1,136 @@
+/**
+ * \file
+ * \brief  Contains API for performing the symmetric Authentication between the Host and the device
+ *
+ * \copyright (c) 2015-2018 Microchip Technology Inc. and its subsidiaries.
+ *
+ * \page License
+ *
+ * Subject to your compliance with these terms, you may use Microchip software
+ * and any derivatives exclusively with Microchip products. It is your
+ * responsibility to comply with third party license terms applicable to your
+ * use of third party software (including open source software) that may
+ * accompany Microchip software.
+ *
+ * THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER
+ * EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED
+ * WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A
+ * PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT,
+ * SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE
+ * OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF
+ * MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE
+ * FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL
+ * LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED
+ * THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR
+ * THIS SOFTWARE.
+ */
+
+
+#include "cryptoauthlib.h"
+#include "host/atca_host.h"
+#include "symmetric_authentication.h"
+
+
+
+
+/** \brief Function which does the authentication between the host and device.
+ *  \param[in]  slot                The slot number used for the symmetric authentication.
+ *  \param[in]  master_key          The master key used for the calculating the symmetric key.
+ *  \param[in]  rand_number         The 20 byte rand_number from the host.
+ *  \return ATCA_SUCCESS on successful authentication, otherwise an error code.
+ */
+
+ATCA_STATUS symmetric_authenticate(uint8_t slot, const uint8_t *master_key, const uint8_t *rand_number)
+{
+    ATCA_STATUS status;
+    uint8_t sn[ATCA_SERIAL_NUM_SIZE];
+    uint8_t symmetric_key[ATCA_KEY_SIZE];
+    atca_temp_key_t temp_key, temp_key_derive;
+    uint8_t rand_out[RANDOM_NUM_SIZE];
+    atca_nonce_in_out_t nonce_params;
+    atca_mac_in_out_t mac_params;
+    uint8_t host_mac[MAC_SIZE];
+    uint8_t device_mac[MAC_SIZE];
+    struct atca_derive_key_in_out derivekey_params;
+
+    do
+    {
+        // Read serial number for host-side MAC calculations
+        if ((status = atcab_read_serial_number(sn)) != ATCA_SUCCESS)
+        {
+            break;
+        }
+
+        // Setup nonce command
+        memset(&temp_key, 0, sizeof(temp_key));
+        memset(&nonce_params, 0, sizeof(nonce_params));
+        nonce_params.mode = NONCE_MODE_SEED_UPDATE;
+        nonce_params.zero = 0;
+        nonce_params.num_in = rand_number;
+        nonce_params.rand_out = rand_out;
+        nonce_params.temp_key = &temp_key;
+
+        // Create random nonce
+        if ((status = atcab_nonce_rand(nonce_params.num_in, rand_out)) != ATCA_SUCCESS)
+        {
+            break;
+        }
+
+        // Calculate nonce in host
+        if ((status = atcah_nonce(&nonce_params)) != ATCA_SUCCESS)
+        {
+            break;
+        }
+
+        memset(&temp_key_derive, 0, sizeof(temp_key_derive));
+        temp_key_derive.valid = 1;
+        memcpy(temp_key_derive.value, sn, sizeof(sn)); // 32 bytes TempKey ( SN[0:8] with padded 23 zeros used in symmetric key calculation)
+
+        // Parameters used deriving the symmetric key
+        derivekey_params.mode = 0;
+        derivekey_params.target_key_id = slot;
+        derivekey_params.parent_key = master_key;
+        derivekey_params.sn = sn;
+        derivekey_params.target_key = symmetric_key;
+        derivekey_params.temp_key = &temp_key_derive;
+
+        // calculate the symmetric_diversified_key
+        if ((status = atcah_derive_key(&derivekey_params)) != ATCA_SUCCESS)
+        {
+            break;
+        }
+
+        // Setup MAC command
+        memset(&mac_params, 0, sizeof(mac_params));
+        mac_params.mode = MAC_MODE_BLOCK2_TEMPKEY | MAC_MODE_INCLUDE_SN; // Block 1 is a key, block 2 is TempKey
+        mac_params.key_id = slot;
+        mac_params.challenge = NULL;
+        mac_params.key = symmetric_key;
+        mac_params.otp = NULL;
+        mac_params.sn = sn;
+        mac_params.response = host_mac;
+        mac_params.temp_key = &temp_key;
+
+        // Generate the MAC command from the device
+        if ((status = atcab_mac(mac_params.mode, mac_params.key_id, mac_params.challenge, device_mac)) != ATCA_SUCCESS)
+        {
+            break;
+        }
+
+        // Calculate the MAC on the host side
+        if (( status = atcah_mac(&mac_params)) != ATCA_SUCCESS)
+        {
+            break;
+        }
+
+        //Check whether the MAC calculated on host is same as that generated from the device
+        if (memcmp(device_mac, host_mac, 32) != 0)
+        {
+            status = ATCA_CHECKMAC_VERIFY_FAILED;
+        }
+
+    }
+    while (0);
+
+    return status;
+}

app/ip_protection/symmetric_authentication.h

@@ -0,0 +1,47 @@
+/**
+ * \file
+ * \brief   Contains API for performing the symmetric Authentication between the Host and the device
+ *
+ * \copyright (c) 2015-2018 Microchip Technology Inc. and its subsidiaries.
+ *
+ * \page License
+ *
+ * Subject to your compliance with these terms, you may use Microchip software
+ * and any derivatives exclusively with Microchip products. It is your
+ * responsibility to comply with third party license terms applicable to your
+ * use of third party software (including open source software) that may
+ * accompany Microchip software.
+ *
+ * THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER
+ * EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED
+ * WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A
+ * PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT,
+ * SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE
+ * OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF
+ * MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE
+ * FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL
+ * LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED
+ * THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR
+ * THIS SOFTWARE.
+ */
+
+
+#ifndef SYMMETRIC_AUTHENTICATION_H_
+#define SYMMETRIC_AUTHENTICATION_H_
+
+#include "cryptoauthlib.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ATCA_STATUS symmetric_authenticate(uint8_t slot, const uint8_t *master_key, const uint8_t *rand_number);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* SYMMETRIC_AUTHENTICATION_H_ */

docs/html/a00011.html

@@ -5,7 +5,7 @@
 <meta http-equiv="X-UA-Compatible" content="IE=9"/>
 <meta name="generator" content="Doxygen 1.8.14"/>
 <meta name="viewport" content="width=device-width, initial-scale=1"/>
-<title>CryptoAuthLib: crypto_device_app.c File Reference</title>
+<title>CryptoAuthLib: symmetric_authentication.c File Reference</title>
 <link href="tabs.css" rel="stylesheet" type="text/css"/>
 <script type="text/javascript" src="jquery.js"></script>
 <script type="text/javascript" src="dynsections.js"></script>
@@ -89,47 +89,68 @@
   <div class="summary">
 <a href="#func-members">Functions</a>  </div>
   <div class="headertitle">
-<div class="title">crypto_device_app.c File Reference</div>  </div>
+<div class="title">symmetric_authentication.c File Reference</div>  </div>
 </div><!--header-->
 <div class="contents">
 
-<p>Provides required interface between boot loader and secure boot.  
+<p>Contains API for performing the symmetric Authentication between the Host and the device.  
 <a href="#details">More...</a></p>
-<div class="textblock"><code>#include &lt;stdlib.h&gt;</code><br />
-<code>#include &lt;stdio.h&gt;</code><br />
-<code>#include &quot;<a class="el" href="a00299_source.html">cryptoauthlib.h</a>&quot;</code><br />
-<code>#include &quot;<a class="el" href="a00023_source.html">secure_boot.h</a>&quot;</code><br />
-<code>#include &quot;<a class="el" href="a00017_source.html">io_protection_key.h</a>&quot;</code><br />
-<code>#include &quot;<a class="el" href="a00014_source.html">crypto_device_app.h</a>&quot;</code><br />
+<div class="textblock"><code>#include &quot;<a class="el" href="a00320_source.html">cryptoauthlib.h</a>&quot;</code><br />
+<code>#include &quot;<a class="el" href="a00545_source.html">host/atca_host.h</a>&quot;</code><br />
+<code>#include &quot;<a class="el" href="a00014_source.html">symmetric_authentication.h</a>&quot;</code><br />
 </div><table class="memberdecls">
 <tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
 Functions</h2></td></tr>
-<tr class="memitem:a19617ea9c26833614201b9695ec7a1ca"><td class="memItemLeft" align="right" valign="top"><a class="el" href="a00128.html#a22bd6643f31f1d75dc3e7ea939f468cd">ATCA_STATUS</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="a00011.html#a19617ea9c26833614201b9695ec7a1ca">crypto_device_verify_app</a> (void)</td></tr>
-<tr class="memdesc:a19617ea9c26833614201b9695ec7a1ca"><td class="mdescLeft">&#160;</td><td class="mdescRight">Takes care interface with secure boot and provides status about user application. This also takes care of device configuration if enabled.  <a href="#a19617ea9c26833614201b9695ec7a1ca">More...</a><br /></td></tr>
-<tr class="separator:a19617ea9c26833614201b9695ec7a1ca"><td class="memSeparator" colspan="2">&#160;</td></tr>
+<tr class="memitem:a9a41d1600ffd22de067ded50447d359b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="a00134.html#a22bd6643f31f1d75dc3e7ea939f468cd">ATCA_STATUS</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="a00011.html#a9a41d1600ffd22de067ded50447d359b">symmetric_authenticate</a> (uint8_t slot, const uint8_t *master_key, const uint8_t *rand_number)</td></tr>
+<tr class="memdesc:a9a41d1600ffd22de067ded50447d359b"><td class="mdescLeft">&#160;</td><td class="mdescRight">Function which does the authentication between the host and device.  <a href="#a9a41d1600ffd22de067ded50447d359b">More...</a><br /></td></tr>
+<tr class="separator:a9a41d1600ffd22de067ded50447d359b"><td class="memSeparator" colspan="2">&#160;</td></tr>
 </table>
 <a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
-<div class="textblock"><p>Provides required interface between boot loader and secure boot. </p>
+<div class="textblock"><p>Contains API for performing the symmetric Authentication between the Host and the device. </p>
 <dl class="section copyright"><dt>Copyright</dt><dd>(c) 2015-2018 Microchip Technology Inc. and its subsidiaries. </dd></dl>
 </div><h2 class="groupheader">Function Documentation</h2>
-<a id="a19617ea9c26833614201b9695ec7a1ca"></a>
-<h2 class="memtitle"><span class="permalink"><a href="#a19617ea9c26833614201b9695ec7a1ca">&#9670;&nbsp;</a></span>crypto_device_verify_app()</h2>
+<a id="a9a41d1600ffd22de067ded50447d359b"></a>
+<h2 class="memtitle"><span class="permalink"><a href="#a9a41d1600ffd22de067ded50447d359b">&#9670;&nbsp;</a></span>symmetric_authenticate()</h2>
 
 <div class="memitem">
 <div class="memproto">
       <table class="memname">
         <tr>
-          <td class="memname"><a class="el" href="a00128.html#a22bd6643f31f1d75dc3e7ea939f468cd">ATCA_STATUS</a> crypto_device_verify_app </td>
+          <td class="memname"><a class="el" href="a00134.html#a22bd6643f31f1d75dc3e7ea939f468cd">ATCA_STATUS</a> symmetric_authenticate </td>
           <td>(</td>
-          <td class="paramtype">void&#160;</td>
-          <td class="paramname"></td><td>)</td>
+          <td class="paramtype">uint8_t&#160;</td>
+          <td class="paramname"><em>slot</em>, </td>
+        </tr>
+        <tr>
+          <td class="paramkey"></td>
+          <td></td>
+          <td class="paramtype">const uint8_t *&#160;</td>
+          <td class="paramname"><em>master_key</em>, </td>
+        </tr>
+        <tr>
+          <td class="paramkey"></td>
+          <td></td>
+          <td class="paramtype">const uint8_t *&#160;</td>
+          <td class="paramname"><em>rand_number</em>&#160;</td>
+        </tr>
+        <tr>
           <td></td>
+          <td>)</td>
+          <td></td><td></td>
         </tr>
       </table>
 </div><div class="memdoc">
 
-<p>Takes care interface with secure boot and provides status about user application. This also takes care of device configuration if enabled. </p>
-<dl class="section return"><dt>Returns</dt><dd>ATCA_SUCCESS on success, otherwise an error code. </dd></dl>
+<p>Function which does the authentication between the host and device. </p>
+<dl class="params"><dt>Parameters</dt><dd>
+  <table class="params">
+    <tr><td class="paramdir">[in]</td><td class="paramname">slot</td><td>The slot number used for the symmetric authentication. </td></tr>
+    <tr><td class="paramdir">[in]</td><td class="paramname">master_key</td><td>The master key used for the calculating the symmetric key. </td></tr>
+    <tr><td class="paramdir">[in]</td><td class="paramname">rand_number</td><td>The 20 byte rand_number from the host. </td></tr>
+  </table>
+  </dd>
+</dl>
+<dl class="section return"><dt>Returns</dt><dd>ATCA_SUCCESS on successful authentication, otherwise an error code. </dd></dl>
 
 </div>
 </div>
@@ -138,7 +159,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a19617ea9c26833614201b969
 <!-- start footer part -->
 <div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
   <ul>
-    <li class="navelem"><a class="el" href="dir_d422163b96683743ed3963d4aac17747.html">app</a></li><li class="navelem"><a class="el" href="dir_0680cb466dcc0d680630f5d267d4b7d1.html">secure_boot</a></li><li class="navelem"><a class="el" href="a00011.html">crypto_device_app.c</a></li>
+    <li class="navelem"><a class="el" href="dir_d422163b96683743ed3963d4aac17747.html">app</a></li><li class="navelem"><a class="el" href="dir_87abda79916a436a3f9fdf465608c5f5.html">ip_protection</a></li><li class="navelem"><a class="el" href="a00011.html">symmetric_authentication.c</a></li>
     <li class="footer">Generated by
     <a href="http://www.doxygen.org/index.html">
     <img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.8.14 </li>

docs/html/a00011.js

@@ -1,4 +1,4 @@
 var a00011 =
 [
-    [ "crypto_device_verify_app", "a00011.html#a19617ea9c26833614201b9695ec7a1ca", null ]
+    [ "symmetric_authenticate", "a00011.html#a9a41d1600ffd22de067ded50447d359b", null ]
 ];