Python JWT and config additions. Secure boot update.

Author: BenUdall-Microchip

README.md

@@ -60,6 +60,11 @@ Examples
 
 Release notes
 -----------
+01/25/2019
+  - Python JWT support
+  - Python configuration structures added
+  - Restructure of secure boot app
+
 01/04/2019
   - Added GCM functions
   - Split AES modes into separate files

app/secure_boot/crypto_device_app.c

@@ -223,19 +223,21 @@ static ATCA_STATUS secure_boot_calc_app_digest(secure_boot_parameters* secure_bo
 
     return ATCA_SUCCESS;
 }
-
-ATCA_STATUS check_device_io_protection_key_generate(void)
+/** \brief Binds host MCU and Secure element with IO protection key.
+ *  \param[in]  slot    The slot number of IO protection Key.
+ *  \return ATCA_SUCCESS on success, otherwise an error code.
+ */
+ATCA_STATUS bind_host_and_secure_element_with_io_protection(uint16_t slot)
 {
     bool is_locked;
     ATCA_STATUS status = ATCA_GEN_FAIL;
     uint8_t io_prot_key[ATCA_KEY_SIZE];
 
     /*IO protection key is not on host... Get bind with device */
-
     do
     {
         /* First check Lock status on device */
-        if ((status = atcab_is_slot_locked(IO_PROTECTION_KEY_SLOT, &is_locked)) != ATCA_SUCCESS)
+        if ((status = atcab_is_slot_locked(slot, &is_locked)) != ATCA_SUCCESS)
         {
             break;
         }
@@ -253,9 +255,8 @@ ATCA_STATUS check_device_io_protection_key_generate(void)
             break;
         }
 
-
         /*Load the random number as IO Protection key on the device */
-        if ((status = atcab_write_zone(ATCA_ZONE_DATA, IO_PROTECTION_KEY_SLOT, 0, 0, io_prot_key, ATCA_KEY_SIZE)) != ATCA_SUCCESS)
+        if ((status = atcab_write_zone(ATCA_ZONE_DATA, slot, 0, 0, io_prot_key, ATCA_KEY_SIZE)) != ATCA_SUCCESS)
         {
             break;
         }
@@ -267,12 +268,10 @@ ATCA_STATUS check_device_io_protection_key_generate(void)
         }
 
         /*Lock IO protection key slot */
-        if ((status = atcab_lock_data_slot(IO_PROTECTION_KEY_SLOT)) != ATCA_SUCCESS)
+        if ((status = atcab_lock_data_slot(slot)) != ATCA_SUCCESS)
         {
             break;
         }
-
-
     }
     while (0);
 

app/secure_boot/crypto_device_app.h

@@ -45,10 +45,17 @@ extern "C" {
 #define SECURE_BOOT_CONFIG_FULL_SIGN            2
 #define SECURE_BOOT_CONFIG_FULL_DIG             3
 
+#ifndef SECURE_BOOT_CONFIGURATION
 #define SECURE_BOOT_CONFIGURATION               SECURE_BOOT_CONFIG_FULL_DIG
+#endif
+
+#ifndef SECURE_BOOT_DIGEST_ENCRYPT_ENABLED
 #define SECURE_BOOT_DIGEST_ENCRYPT_ENABLED      true
-#define SECURE_BOOT_UPGRADE_SUPPORT             true
+#endif
 
+#ifndef SECURE_BOOT_UPGRADE_SUPPORT
+#define SECURE_BOOT_UPGRADE_SUPPORT             true
+#endif
 
 typedef struct
 {
@@ -73,11 +80,8 @@ typedef struct
     #endif
 }secure_boot_parameters;
 
-typedef ATCA_STATUS (*secure_boot_handler)(secure_boot_parameters* secure_boot_params);
-
-
 ATCA_STATUS secure_boot_process(void);
-ATCA_STATUS check_device_io_protection_key_generate(void);
+ATCA_STATUS bind_host_and_secure_element_with_io_protection(uint16_t slot);
 extern ATCA_STATUS host_generate_random_number(uint8_t *rand);
 
 #ifdef __cplusplus

app/secure_boot/secure_boot.c

@@ -95,13 +95,13 @@
 
 <p>Contains API for performing the symmetric Authentication between the Host and the device.  
 <a href="#details">More...</a></p>
-<div class="textblock"><code>#include &quot;<a class="el" href="a00320_source.html">cryptoauthlib.h</a>&quot;</code><br />
-<code>#include &quot;<a class="el" href="a00545_source.html">host/atca_host.h</a>&quot;</code><br />
+<div class="textblock"><code>#include &quot;<a class="el" href="a00314_source.html">cryptoauthlib.h</a>&quot;</code><br />
+<code>#include &quot;<a class="el" href="a00539_source.html">host/atca_host.h</a>&quot;</code><br />
 <code>#include &quot;<a class="el" href="a00014_source.html">symmetric_authentication.h</a>&quot;</code><br />
 </div><table class="memberdecls">
 <tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
 Functions</h2></td></tr>
-<tr class="memitem:a9a41d1600ffd22de067ded50447d359b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="a00134.html#a22bd6643f31f1d75dc3e7ea939f468cd">ATCA_STATUS</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="a00011.html#a9a41d1600ffd22de067ded50447d359b">symmetric_authenticate</a> (uint8_t slot, const uint8_t *master_key, const uint8_t *rand_number)</td></tr>
+<tr class="memitem:a9a41d1600ffd22de067ded50447d359b"><td class="memItemLeft" align="right" valign="top"><a class="el" href="a00128.html#a22bd6643f31f1d75dc3e7ea939f468cd">ATCA_STATUS</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="a00011.html#a9a41d1600ffd22de067ded50447d359b">symmetric_authenticate</a> (uint8_t slot, const uint8_t *master_key, const uint8_t *rand_number)</td></tr>
 <tr class="memdesc:a9a41d1600ffd22de067ded50447d359b"><td class="mdescLeft">&#160;</td><td class="mdescRight">Function which does the authentication between the host and device.  <a href="#a9a41d1600ffd22de067ded50447d359b">More...</a><br /></td></tr>
 <tr class="separator:a9a41d1600ffd22de067ded50447d359b"><td class="memSeparator" colspan="2">&#160;</td></tr>
 </table>
@@ -116,7 +116,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a9a41d1600ffd22de067ded50
 <div class="memproto">
       <table class="memname">
         <tr>
-          <td class="memname"><a class="el" href="a00134.html#a22bd6643f31f1d75dc3e7ea939f468cd">ATCA_STATUS</a> symmetric_authenticate </td>
+          <td class="memname"><a class="el" href="a00128.html#a22bd6643f31f1d75dc3e7ea939f468cd">ATCA_STATUS</a> symmetric_authenticate </td>
           <td>(</td>
           <td class="paramtype">uint8_t&#160;</td>
           <td class="paramname"><em>slot</em>, </td>