Release v3.4 (20221027)

Signed-off-by: Bryan Hunt <[email protected]>

Author: bryan-hunt

.gitignore

@@ -48,6 +48,7 @@ local.properties
 *.o
 
 .vs
+.vscode
 
 # Python
 .tox/
@@ -61,3 +62,14 @@ dist/
 /python/venv*
 /python/cryptoauthlib.egg-info
 /python/VERSION
+
+# Documents
+docs/**/*
+docs/html/**/*
+docs/latex/**/*
+dist-tools/cryptoauthlib*
+
+# Third party libraries
+third_party/mbedtls/*
+third_party/wolfssl/*
+

CMakeLists.txt

@@ -1,68 +1,28 @@
-cmake_minimum_required(VERSION 2.6.4)
+cmake_minimum_required(VERSION 3.1.0)
 project (cryptoauthlib C)
 
 # Set the current release version
-set(VERSION "3.3.3")
+set(VERSION "3.4.0")
 set(VERSION_MAJOR 3)
-set(VERSION_MINOR 3)
-set(VERSION_PATCH 3)
+set(VERSION_MINOR 4)
+set(VERSION_PATCH 0)
 
 # Build Options
 option(BUILD_TESTS "Create Test Application with library" OFF)
-#set(ATCA_PKCS11 ON CACHE INTERNAL "")
+
+if(UNIX)
+option(SETUP_INSTALLER "Setup installation and packaging as well" ON)
+else()
+set(SETUP_INSTALLER OFF CACHE INTERNAL "Disabling installation on this platform")
+endif()
 
 # Default install root which is normally /usr/local/
 set(CMAKE_INSTALL_PREFIX "/" CACHE INTERNAL "")
 
 # If including certificate definitions into the library then include them as ATCACERT_DEF_SRC
 #file(GLOB ATCACERT_DEF_SRC ABSOLUTE "app/*.c")
 
-if(WIN32)
-string(REPLACE "\\" "/" LOCAL_APP_DATA "$ENV{LOCALAPPDATA}/Microchip")
-set(DEFAULT_LIB_PATH "${LOCAL_APP_DATA}" CACHE
-    STRING "The default absolute library path")
-set(DEFAULT_INC_PATH "${LOCAL_APP_DATA}/${PROJECT_NAME}" CACHE
-    STRING "The default include install path")
-set(DEFAULT_CONF_PATH "${LOCAL_APP_DATA}" CACHE
-    STRING "The default location of ${PROJECT_NAME}.conf")
-set(DEFAULT_STORE_PATH "${LOCAL_APP_DATA}/${PROJECT_NAME}" CACHE
-    STRING "The default location of the filestore directory")
-else()
-include(GNUInstallDirs)
-set(DEFAULT_LIB_PATH "${CMAKE_INSTALL_FULL_LIBDIR}" CACHE
-    STRING "The default absolute library path")
-set(DEFAULT_INC_PATH "${CMAKE_INSTALL_INCLUDEDIR}/${PROJECT_NAME}" CACHE
-    STRING "The default include install path")
-set(DEFAULT_CONF_PATH "${CMAKE_INSTALL_FULL_SYSCONFDIR}/${PROJECT_NAME}" CACHE
-    STRING "The default location of ${PROJECT_NAME}.conf")
-set(DEFAULT_STORE_PATH "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/${PROJECT_NAME}" CACHE
-    STRING "The default location of the filestore directory")
-endif()
-
-set(DEFAULT_CONF_FILE_NAME "${PROJECT_NAME}.conf" CACHE 
-    STRING "The default file for library configuration")
-
-if(NOT CMAKE_BUILD_TYPE)
-if(WIN32)
-set(CMAKE_BUILD_TYPE Release CACHE STRING "Default build type" FORCE)
-else()
-set(CMAKE_BUILD_TYPE RelWithDebInfo CACHE STRING "Default build type" FORCE)
-endif()
-endif()
-
-# Set up a default configuration file to install
-configure_file(${PROJECT_SOURCE_DIR}/app/pkcs11/cryptoauthlib.conf.in ${PROJECT_BINARY_DIR}/${DEFAULT_CONF_FILE_NAME})
-
-# Packaging
-set(CPACK_PACKAGE_VENDOR "Microchip Technology Inc")
-set(CPACK_PACKAGE_VERSION_MAJOR ${VERSION_MAJOR})
-set(CPACK_PACKAGE_VERSION_MINOR ${VERSION_MINOR})
-set(CPACK_PACKAGE_VERSION_PATCH ${VERSION_PATCH})
-set(CPACK_GENERATOR "TGZ")
-set(CPACK_SOURCE_GENERATOR "TGZ")
-set(CPACK_SOURCE_IGNORE_FILES "build/*;\\.git/*")
-
-include(CPack)
+include(cmake/check_environment.cmake)
 
 # Make sure when testing that everything goes where it should
 if(BUILD_TESTS)
@@ -78,23 +38,7 @@ add_subdirectory(test)
 set_property(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT cryptoauth_test)
 endif(BUILD_TESTS)
 
-# Installation
-install(DIRECTORY DESTINATION ${DEFAULT_CONF_PATH})
-install(CODE "
-        if(NOT EXISTS ${DEFAULT_CONF_PATH}/${DEFAULT_CONF_FILE_NAME})
-            file(INSTALL ${PROJECT_BINARY_DIR}/${DEFAULT_CONF_FILE_NAME}
-                 DESTINATION ${DEFAULT_CONF_PATH})
-        endif()
-        ")
-install(DIRECTORY DESTINATION ${DEFAULT_STORE_PATH}
-        DIRECTORY_PERMISSIONS
-          OWNER_EXECUTE OWNER_WRITE OWNER_READ
-          GROUP_EXECUTE GROUP_WRITE GROUP_READ
-          WORLD_EXECUTE WORLD_WRITE WORLD_READ
-        )
-install(CODE "
-        if(NOT EXISTS ${DEFAULT_STORE_PATH}/slot.conf.tmpl)
-            file(INSTALL ${PROJECT_SOURCE_DIR}/app/pkcs11/slot.conf.tmpl
-                 DESTINATION ${DEFAULT_STORE_PATH})
-        endif()
-        ")
+# If we're installing the library then we'll add the global configuration files
+if(SETUP_INSTALLER)
+include(cmake/config_install.cmake)
+endif()

README.md

@@ -94,6 +94,9 @@ There are two major compiler defines that affect the operation of the library.
     changes required. The lower-level API will no longer use the new/delete
     functions and the init/release functions should be used directly.
 
+Some specific options are available in the fully documented configuration files `lib/calib/calib_config.h`,
+`atca_configuration.h`, `lib/crypto/crypto_config.h`, `lib/host/atca_host_config.h` which is also the place where features can be selected.
+ We provide some configurations focused on specific use cases and the checks are enabled by default. 
 
 Release notes
 -----------

SECURITY.md

@@ -12,6 +12,7 @@ The previous API version is maintained for a year after a new version is release
 
 | Version | Supported          | Notes |
 | ------- | ------------------ | ----- |
+| 3.4.x   | :heavy_check_mark: |       |
 | 3.3.x   | :heavy_check_mark: |       |
 | 3.2.x   | :x: | Security updates until January 2022 |
 | < 3.2   | :x:                |       |

app/pkcs11/example_pkcs11_config.c

@@ -127,7 +127,7 @@ CK_RV pkcs11_config_load_objects(pkcs11_slot_ctx_ptr pSlot)
 
     if (CKR_OK == rv)
     {
-        rv = pkcs11_object_alloc(&pObject);
+        rv = pkcs11_object_alloc(pSlot->slot_id, &pObject);
         if (pObject)
         {
             /* Slot 0 - Device Private Key */
@@ -140,7 +140,7 @@ CK_RV pkcs11_config_load_objects(pkcs11_slot_ctx_ptr pSlot)
 
     if (CKR_OK == rv)
     {
-        rv = pkcs11_object_alloc(&pObject);
+        rv = pkcs11_object_alloc(pSlot->slot_id, &pObject);
         if (pObject)
         {
             /* Slot 0 - Device Public Key */
@@ -153,7 +153,7 @@ CK_RV pkcs11_config_load_objects(pkcs11_slot_ctx_ptr pSlot)
 
     if (CKR_OK == rv)
     {
-        rv = pkcs11_object_alloc(&pObject);
+        rv = pkcs11_object_alloc(pSlot->slot_id, &pObject);
         if (pObject)
         {
             /* Slot 0 - Device Public Key */
@@ -166,7 +166,7 @@ CK_RV pkcs11_config_load_objects(pkcs11_slot_ctx_ptr pSlot)
 
     if (CKR_OK == rv)
     {
-        rv = pkcs11_object_alloc(&pObject);
+        rv = pkcs11_object_alloc(pSlot->slot_id, &pObject);
         if (pObject)
         {
             /* Slot 0 - Device Public Key */

app/pkcs11/trust_pkcs11_config.c

@@ -164,7 +164,7 @@ CK_RV pkcs11_trust_load_objects(pkcs11_slot_ctx_ptr pSlot)
 
     if (CKR_OK == rv)
     {
-        rv = pkcs11_object_alloc(&pObject);
+        rv = pkcs11_object_alloc(pSlot->slot_id, &pObject);
         if (pObject)
         {
             /* Slot 0 - Device Private Key */
@@ -177,7 +177,7 @@ CK_RV pkcs11_trust_load_objects(pkcs11_slot_ctx_ptr pSlot)
 
     if (CKR_OK == rv)
     {
-        rv = pkcs11_object_alloc(&pObject);
+        rv = pkcs11_object_alloc(pSlot->slot_id, &pObject);
         if (pObject)
         {
             /* Slot 0 - Device Public Key */
@@ -190,7 +190,7 @@ CK_RV pkcs11_trust_load_objects(pkcs11_slot_ctx_ptr pSlot)
 
     if (CKR_OK == rv)
     {
-        rv = pkcs11_object_alloc(&pObject);
+        rv = pkcs11_object_alloc(pSlot->slot_id, &pObject);
         if (pObject)
         {
             /* Device Certificate */
@@ -203,7 +203,7 @@ CK_RV pkcs11_trust_load_objects(pkcs11_slot_ctx_ptr pSlot)
 
     if (CKR_OK == rv)
     {
-        rv = pkcs11_object_alloc(&pObject);
+        rv = pkcs11_object_alloc(pSlot->slot_id, &pObject);
         if (pObject)
         {
             /* Signer Certificate */

app/wpc/atca_config.h

@@ -0,0 +1,139 @@
+/* Auto-generated config file atca_config.h */
+#ifndef ATCA_CONFIG_H
+#define ATCA_CONFIG_H
+
+/* MPLAB Harmony Common Include */
+#include "definitions.h"
+
+#ifndef ATCA_HAL_I2C
+#define ATCA_HAL_I2C
+#endif
+
+
+
+/** Include Device Support Options */
+#define ATCA_ATECC608_SUPPORT
+
+
+
+
+/* Polling Configuration Options  */
+#ifndef ATCA_POLLING_INIT_TIME_MSEC
+#define ATCA_POLLING_INIT_TIME_MSEC       1
+#endif
+#ifndef ATCA_POLLING_FREQUENCY_TIME_MSEC
+#define ATCA_POLLING_FREQUENCY_TIME_MSEC  2
+#endif
+#ifndef ATCA_POLLING_MAX_TIME_MSEC
+#define ATCA_POLLING_MAX_TIME_MSEC        2500
+#endif
+
+/** Define if the library is not to use malloc/free */
+#define ATCA_NO_HEAP
+
+#define atca_delay_ms   hal_delay_ms
+#define atca_delay_us   hal_delay_us
+
+/* \brief How long to wait after an initial wake failure for the POST to
+ *         complete.
+ * If Power-on self test (POST) is enabled, the self test will run on waking
+ * from sleep or during power-on, which delays the wake reply.
+ */
+#ifndef ATCA_POST_DELAY_MSEC
+#define ATCA_POST_DELAY_MSEC 25
+#endif
+
+
+/* Define generic interfaces to the processor libraries */
+
+#define PLIB_I2C_ERROR          SERCOM_I2C_ERROR
+#define PLIB_I2C_ERROR_NONE     SERCOM_I2C_ERROR_NONE
+#define PLIB_I2C_TRANSFER_SETUP SERCOM_I2C_TRANSFER_SETUP
+
+typedef bool (* atca_i2c_plib_read)(uint16_t, uint8_t *, uint32_t);
+typedef bool (* atca_i2c_plib_write)(uint16_t, uint8_t *, uint32_t);
+typedef bool (* atca_i2c_plib_is_busy)(void);
+typedef PLIB_I2C_ERROR (* atca_i2c_error_get)(void);
+typedef bool (* atca_i2c_plib_transfer_setup)(PLIB_I2C_TRANSFER_SETUP* setup, uint32_t srcClkFreq);
+
+typedef struct atca_plib_i2c_api
+{
+    atca_i2c_plib_read           read;
+    atca_i2c_plib_write          write;
+    atca_i2c_plib_is_busy        is_busy;
+    atca_i2c_error_get           error_get;
+    atca_i2c_plib_transfer_setup transfer_setup;
+} atca_plib_i2c_api_t;
+
+
+
+
+extern atca_plib_i2c_api_t sercom2_plib_i2c_api;
+
+/* WPC Configuration */
+#define WPC_CHAIN_DIGEST_HANDLE_0   0x03
+#define WPC_CHAIN_CERT_DEF_0        g_cert_def_2_device
+
+/* Define for a simple mapping of slot to certificate */
+#define WPC_STRICT_SLOT_INDEX
+
+/* One of the certificate format options is to generate the certificate serial
+   number from a hash of several data elements - this saves storage in the device
+   at the expense of code space and time */
+#define WPC_CERT_SN_FROM_HASH_EN    FEATURE_DISABLED
+
+/* Enable the Power Transmitter API */
+#define WPC_MSG_PT_EN               FEATURE_ENABLED
+
+/* Disable the Power Receiver API since this project is demonstrating the transmitter */
+#define WPC_MSG_PR_EN               FEATURE_DISABLED
+
+
+/* Turn off parameter checking in the library - enable for easier debugging in development */
+//#define ATCA_CHECK_PARAMS_EN        FEATURE_DISABLED
+
+/* API Configuration Options */
+#define ATCAB_AES_EN                FEATURE_DISABLED
+#define ATCAB_AES_GCM_EN            FEATURE_DISABLED
+#define ATCAB_COUNTER_EN            FEATURE_DISABLED
+#define ATCAB_DERIVEKEY_EN          FEATURE_DISABLED
+#define ATCAB_ECDH_EN               FEATURE_DISABLED
+#define ATCAB_ECDH_ENC_EN           FEATURE_DISABLED
+#define ATCAB_GENDIG_EN             FEATURE_DISABLED
+#define ATCAB_GENKEY_MAC_EN         FEATURE_DISABLED
+#define ATCAB_HMAC_EN               FEATURE_DISABLED
+#define ATCAB_INFO_LATCH_EN         FEATURE_DISABLED
+#define ATCAB_KDF_EN                FEATURE_DISABLED
+#define ATCAB_LOCK_EN               FEATURE_DISABLED
+#define ATCAB_MAC_EN                FEATURE_DISABLED
+#define ATCAB_PRIVWRITE_EN          FEATURE_DISABLED
+/* By default the random command is only required for the power receiver to generate
+   challenges - because a health check on the rng before a sign can return failures
+   the power transmitter has a choice - enable the random command which will use more
+   code or retry the sign operation if a health check failure occurs. */
+#define ATCAB_RANDOM_EN             WPC_MSG_PR_EN
+#define ATCAB_READ_ENC_EN           FEATURE_DISABLED
+#define ATCAB_SECUREBOOT_EN         FEATURE_DISABLED
+#define ATCAB_SECUREBOOT_MAC_EN     FEATURE_DISABLED
+#define ATCAB_SELFTEST_EN           FEATURE_DISABLED
+#define ATCAB_SHA_HMAC_EN           FEATURE_DISABLED
+#define ATCAB_SIGN_INTERNAL_EN      FEATURE_DISABLED
+#define ATCAB_UPDATEEXTRA_EN        FEATURE_DISABLED
+/* Enable the verify command when the power receiver api is enabled - this helps
+   with testing - it is unnecessary for the power transmitter */
+#define ATCAB_VERIFY_EN             WPC_MSG_PR_EN
+#define ATCAB_WRITE_EN              FEATURE_DISABLED
+
+/* Disable software cryptography */
+#define ATCAC_SHA1_EN               FEATURE_DISABLED
+#define ATCAC_SHA256_EN             FEATURE_DISABLED
+
+/* Certificate Processing Configuration */
+#define ATCACERT_DATEFMT_UTC_EN     FEATURE_ENABLED
+#define ATCACERT_DATEFMT_GEN_EN     FEATURE_ENABLED
+
+#define ATCACERT_DATEFMT_ISO_EN     FEATURE_DISABLED
+#define ATCACERT_DATEFMT_POSIX_EN   FEATURE_DISABLED
+
+
+#endif // ATCA_CONFIG_H