1- /**
2- * \file
3- * \brief Contains API for performing the symmetric Authentication between the Host and the device
4- *
5- * \copyright (c) 2015-2018 Microchip Technology Inc. and its subsidiaries.
6- *
7- * \page License
8- *
9- * Subject to your compliance with these terms, you may use Microchip software
10- * and any derivatives exclusively with Microchip products. It is your
11- * responsibility to comply with third party license terms applicable to your
12- * use of third party software (including open source software) that may
13- * accompany Microchip software.
14- *
15- * THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER
16- * EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED
17- * WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A
18- * PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT,
19- * SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE
20- * OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF
21- * MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE
22- * FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL
23- * LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED
24- * THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR
25- * THIS SOFTWARE.
26- */
27-
28-
29- #include "cryptoauthlib.h"
30- #include "host/atca_host.h"
31- #include "symmetric_authentication.h"
32-
33-
34-
35-
36- /** \brief Function which does the authentication between the host and device.
37- * \param[in] slot The slot number used for the symmetric authentication.
38- * \param[in] master_key The master key used for the calculating the symmetric key.
39- * \param[in] rand_number The 20 byte rand_number from the host.
40- * \return ATCA_SUCCESS on successful authentication, otherwise an error code.
41- */
42-
43- ATCA_STATUS symmetric_authenticate (uint8_t slot , const uint8_t * master_key , const uint8_t * rand_number )
44- {
45- ATCA_STATUS status ;
46- uint8_t sn [ATCA_SERIAL_NUM_SIZE ];
47- uint8_t symmetric_key [ATCA_KEY_SIZE ];
48- atca_temp_key_t temp_key , temp_key_derive ;
49- uint8_t rand_out [RANDOM_NUM_SIZE ];
50- atca_nonce_in_out_t nonce_params ;
51- atca_mac_in_out_t mac_params ;
52- uint8_t host_mac [MAC_SIZE ];
53- uint8_t device_mac [MAC_SIZE ];
54- struct atca_derive_key_in_out derivekey_params ;
55-
56- do
57- {
58- // Read serial number for host-side MAC calculations
59- if ((status = atcab_read_serial_number (sn )) != ATCA_SUCCESS )
60- {
61- break ;
62- }
63-
64- // Setup nonce command
65- memset (& temp_key , 0 , sizeof (temp_key ));
66- memset (& nonce_params , 0 , sizeof (nonce_params ));
67- nonce_params .mode = NONCE_MODE_SEED_UPDATE ;
68- nonce_params .zero = 0 ;
69- nonce_params .num_in = rand_number ;
70- nonce_params .rand_out = rand_out ;
71- nonce_params .temp_key = & temp_key ;
72-
73- // Create random nonce
74- if ((status = atcab_nonce_rand (nonce_params .num_in , rand_out )) != ATCA_SUCCESS )
75- {
76- break ;
77- }
78-
79- // Calculate nonce in host
80- if ((status = atcah_nonce (& nonce_params )) != ATCA_SUCCESS )
81- {
82- break ;
83- }
84-
85- memset (& temp_key_derive , 0 , sizeof (temp_key_derive ));
86- temp_key_derive .valid = 1 ;
87- memcpy (temp_key_derive .value , sn , sizeof (sn )); // 32 bytes TempKey ( SN[0:8] with padded 23 zeros used in symmetric key calculation)
88-
89- // Parameters used deriving the symmetric key
90- derivekey_params .mode = 0 ;
91- derivekey_params .target_key_id = slot ;
92- derivekey_params .parent_key = master_key ;
93- derivekey_params .sn = sn ;
94- derivekey_params .target_key = symmetric_key ;
95- derivekey_params .temp_key = & temp_key_derive ;
96-
97- // calculate the symmetric_diversified_key
98- if ((status = atcah_derive_key (& derivekey_params )) != ATCA_SUCCESS )
99- {
100- break ;
101- }
102-
103- // Setup MAC command
104- memset (& mac_params , 0 , sizeof (mac_params ));
105- mac_params .mode = MAC_MODE_BLOCK2_TEMPKEY | MAC_MODE_INCLUDE_SN ; // Block 1 is a key, block 2 is TempKey
106- mac_params .key_id = slot ;
107- mac_params .challenge = NULL ;
108- mac_params .key = symmetric_key ;
109- mac_params .otp = NULL ;
110- mac_params .sn = sn ;
111- mac_params .response = host_mac ;
112- mac_params .temp_key = & temp_key ;
113-
114- // Generate the MAC command from the device
115- if ((status = atcab_mac (mac_params .mode , mac_params .key_id , mac_params .challenge , device_mac )) != ATCA_SUCCESS )
116- {
117- break ;
118- }
119-
120- // Calculate the MAC on the host side
121- if (( status = atcah_mac (& mac_params )) != ATCA_SUCCESS )
122- {
123- break ;
124- }
125-
126- //Check whether the MAC calculated on host is same as that generated from the device
127- if (memcmp (device_mac , host_mac , 32 ) != 0 )
128- {
129- status = ATCA_CHECKMAC_VERIFY_FAILED ;
130- }
131-
132- }
133- while (0 );
134-
135- return status ;
1+ /**
2+ * \file
3+ * \brief Contains API for performing the symmetric Authentication between the Host and the device
4+ *
5+ * \copyright (c) 2015-2018 Microchip Technology Inc. and its subsidiaries.
6+ *
7+ * \page License
8+ *
9+ * Subject to your compliance with these terms, you may use Microchip software
10+ * and any derivatives exclusively with Microchip products. It is your
11+ * responsibility to comply with third party license terms applicable to your
12+ * use of third party software (including open source software) that may
13+ * accompany Microchip software.
14+ *
15+ * THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER
16+ * EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED
17+ * WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A
18+ * PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT,
19+ * SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE
20+ * OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF
21+ * MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE
22+ * FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL
23+ * LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED
24+ * THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR
25+ * THIS SOFTWARE.
26+ */
27+
28+
29+ #include "cryptoauthlib.h"
30+ #include "host/atca_host.h"
31+ #include "symmetric_authentication.h"
32+
33+
34+
35+
36+ /** \brief Function which does the authentication between the host and device.
37+ * \param[in] slot The slot number used for the symmetric authentication.
38+ * \param[in] master_key The master key used for the calculating the symmetric key.
39+ * \param[in] rand_number The 20 byte rand_number from the host.
40+ * \return ATCA_SUCCESS on successful authentication, otherwise an error code.
41+ */
42+
43+ ATCA_STATUS symmetric_authenticate (uint8_t slot , const uint8_t * master_key , const uint8_t * rand_number )
44+ {
45+ ATCA_STATUS status ;
46+ uint8_t sn [ATCA_SERIAL_NUM_SIZE ];
47+ uint8_t symmetric_key [ATCA_KEY_SIZE ];
48+ atca_temp_key_t temp_key , temp_key_derive ;
49+ uint8_t rand_out [RANDOM_NUM_SIZE ];
50+ atca_nonce_in_out_t nonce_params ;
51+ atca_mac_in_out_t mac_params ;
52+ uint8_t host_mac [MAC_SIZE ];
53+ uint8_t device_mac [MAC_SIZE ];
54+ struct atca_derive_key_in_out derivekey_params ;
55+
56+ do
57+ {
58+ // Read serial number for host-side MAC calculations
59+ if ((status = atcab_read_serial_number (sn )) != ATCA_SUCCESS )
60+ {
61+ break ;
62+ }
63+
64+ // Setup nonce command
65+ memset (& temp_key , 0 , sizeof (temp_key ));
66+ memset (& nonce_params , 0 , sizeof (nonce_params ));
67+ nonce_params .mode = NONCE_MODE_SEED_UPDATE ;
68+ nonce_params .zero = 0 ;
69+ nonce_params .num_in = rand_number ;
70+ nonce_params .rand_out = rand_out ;
71+ nonce_params .temp_key = & temp_key ;
72+
73+ // Create random nonce
74+ if ((status = atcab_nonce_rand (nonce_params .num_in , rand_out )) != ATCA_SUCCESS )
75+ {
76+ break ;
77+ }
78+
79+ // Calculate nonce in host
80+ if ((status = atcah_nonce (& nonce_params )) != ATCA_SUCCESS )
81+ {
82+ break ;
83+ }
84+
85+ memset (& temp_key_derive , 0 , sizeof (temp_key_derive ));
86+ temp_key_derive .valid = 1 ;
87+ memcpy (temp_key_derive .value , sn , sizeof (sn )); // 32 bytes TempKey ( SN[0:8] with padded 23 zeros used in symmetric key calculation)
88+
89+ // Parameters used deriving the symmetric key
90+ derivekey_params .mode = 0 ;
91+ derivekey_params .target_key_id = slot ;
92+ derivekey_params .parent_key = master_key ;
93+ derivekey_params .sn = sn ;
94+ derivekey_params .target_key = symmetric_key ;
95+ derivekey_params .temp_key = & temp_key_derive ;
96+
97+ // calculate the symmetric_diversified_key
98+ if ((status = atcah_derive_key (& derivekey_params )) != ATCA_SUCCESS )
99+ {
100+ break ;
101+ }
102+
103+ // Setup MAC command
104+ memset (& mac_params , 0 , sizeof (mac_params ));
105+ mac_params .mode = MAC_MODE_BLOCK2_TEMPKEY | MAC_MODE_INCLUDE_SN ; // Block 1 is a key, block 2 is TempKey
106+ mac_params .key_id = slot ;
107+ mac_params .challenge = NULL ;
108+ mac_params .key = symmetric_key ;
109+ mac_params .otp = NULL ;
110+ mac_params .sn = sn ;
111+ mac_params .response = host_mac ;
112+ mac_params .temp_key = & temp_key ;
113+
114+ // Generate the MAC command from the device
115+ if ((status = atcab_mac (mac_params .mode , mac_params .key_id , mac_params .challenge , device_mac )) != ATCA_SUCCESS )
116+ {
117+ break ;
118+ }
119+
120+ // Calculate the MAC on the host side
121+ if (( status = atcah_mac (& mac_params )) != ATCA_SUCCESS )
122+ {
123+ break ;
124+ }
125+
126+ //Check whether the MAC calculated on host is same as that generated from the device
127+ if (memcmp (device_mac , host_mac , 32 ) != 0 )
128+ {
129+ status = ATCA_CHECKMAC_VERIFY_FAILED ;
130+ }
131+
132+ }
133+ while (0 );
134+
135+ return status ;
136136}
0 commit comments