1 /**
2 * atecc608a_ecdsa example
3 *
4 * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
5 * Additions Copyright (C) Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
6 *
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 /* This is mbedtls boilerplate for library configuration */
22 #include "mbedtls/config.h"
23
24 /* System Includes*/
25 #include <stdio.h>
26 #include "freertos/FreeRTOS.h"
27 #include "freertos/task.h"
28 #include "esp_system.h"
29 #include "esp_spi_flash.h"
30 #include "esp_log.h"
31
32 /* Cryptoauthlib includes */
33 #include "cryptoauthlib.h"
34 #include "mbedtls/atca_mbedtls_wrap.h"
35
36 /* mbedTLS includes */
37 #include "mbedtls/platform.h"
38 #include "mbedtls/debug.h"
39 #include "mbedtls/ssl.h"
40 #include "mbedtls/entropy.h"
41 #include "mbedtls/ctr_drbg.h"
42 #include "mbedtls/pk.h"
43
44 static const char *TAG = "atecc_example";
45 /* globals for mbedtls RNG */
46 static mbedtls_entropy_context entropy;
47 static mbedtls_ctr_drbg_context ctr_drbg;
48
configure_mbedtls_rng(void)49 static int configure_mbedtls_rng(void)
50 {
51 int ret;
52 const char * seed = "some random seed string";
53 mbedtls_ctr_drbg_init(&ctr_drbg);
54
55 ESP_LOGI(TAG, "Seeding the random number generator...");
56
57 mbedtls_entropy_init(&entropy);
58 ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
59 (const unsigned char *)seed, strlen(seed));
60 if (ret != 0) {
61 ESP_LOGI(TAG, " failed ! mbedtls_ctr_drbg_seed returned %d", ret);
62 } else {
63 ESP_LOGI(TAG, " ok");
64 }
65 return ret;
66 }
67
close_mbedtls_rng(void)68 static void close_mbedtls_rng(void)
69 {
70 mbedtls_ctr_drbg_free(&ctr_drbg);
71 mbedtls_entropy_free(&entropy);
72 }
73
74 /* An example hash */
75 static unsigned char hash[32] = {
76 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
77 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
78 };
79
80 static const uint8_t public_key_x509_header[] = {
81 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A,
82 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04
83 };
84
print_public_key(uint8_t * pubkey)85 static void print_public_key(uint8_t *pubkey)
86 {
87 uint8_t buf[128];
88 uint8_t * tmp;
89 size_t buf_len = sizeof(buf);
90
91 /* Calculate where the raw data will fit into the buffer */
92 tmp = buf + sizeof(buf) - ATCA_PUB_KEY_SIZE - sizeof(public_key_x509_header);
93
94 /* Copy the header */
95 memcpy(tmp, public_key_x509_header, sizeof(public_key_x509_header));
96
97 /* Copy the key bytes */
98 memcpy(tmp + sizeof(public_key_x509_header), pubkey, ATCA_PUB_KEY_SIZE);
99
100 /* Convert to base 64 */
101 (void)atcab_base64encode(tmp, ATCA_PUB_KEY_SIZE + sizeof(public_key_x509_header), (char*)buf, &buf_len);
102
103 /* Add a null terminator */
104 buf[buf_len] = '\0';
105
106 /* Print out the key */
107 ESP_LOGI(TAG, "\r\n-----BEGIN PUBLIC KEY-----\r\n%s\r\n-----END PUBLIC KEY-----", buf);
108 }
109
atca_ecdsa_test(void)110 static int atca_ecdsa_test(void)
111 {
112 mbedtls_pk_context pkey;
113 int ret;
114 unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
115 size_t olen = 0;
116
117 /* ECDSA Sign/Verify */
118
119 #ifdef MBEDTLS_ECDSA_SIGN_ALT
120 /* Convert to an mbedtls key */
121 ESP_LOGI(TAG, " Using a hardware private key ..." );
122 ret = atca_mbedtls_pk_init(&pkey, 0);
123 if (ret != 0) {
124 ESP_LOGI(TAG, " failed ! atca_mbedtls_pk_init returned %02x", ret);
125 goto exit;
126 }
127 ESP_LOGI(TAG, " ok");
128 #else
129 ESP_LOGI(TAG, " Generating a software private key ..." );
130 mbedtls_pk_init(&pkey);
131 ret = mbedtls_pk_setup(&pkey,
132 mbedtls_pk_info_from_type( MBEDTLS_PK_ECDSA ));
133 if (ret != 0) {
134 ESP_LOGI(TAG, " failed ! mbedtls_pk_setup returned -0x%04x", -ret );
135 goto exit;
136 }
137
138 ret = mbedtls_ecp_gen_key( MBEDTLS_ECP_DP_SECP256R1,
139 mbedtls_pk_ec( pkey ),
140 mbedtls_ctr_drbg_random, &ctr_drbg );
141 if (ret != 0) {
142 ESP_LOGI(TAG, " failed ! mbedtls_ecp_gen_key returned -0x%04x", -ret );
143 goto exit;
144 }
145 ESP_LOGI(TAG, " ok");
146 #endif
147
148 ESP_LOGI(TAG, " Generating ECDSA Signature...");
149 ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
150 mbedtls_ctr_drbg_random, &ctr_drbg);
151 if (ret != 0) {
152 ESP_LOGI(TAG, " failed ! mbedtls_pk_sign returned -0x%04x", -ret);
153 goto exit;
154 }
155 ESP_LOGI(TAG, " ok");
156
157 ESP_LOGI(TAG, " Verifying ECDSA Signature...");
158 ret = mbedtls_pk_verify(&pkey, MBEDTLS_MD_SHA256, hash, 0,
159 buf, olen);
160 if (ret != 0) {
161 ESP_LOGI(TAG, " failed ! mbedtls_pk_verify returned -0x%04x", -ret);
162 goto exit;
163 }
164 ESP_LOGI(TAG, " ok");
165
166 exit:
167 fflush(stdout);
168 return ret;
169 }
170
app_main(void)171 void app_main(void)
172 {
173 int ret = 0;
174 bool lock;
175 uint8_t buf[ATCA_ECC_CONFIG_SIZE];
176 uint8_t pubkey[ATCA_PUB_KEY_SIZE];
177
178 /* Initialize the mbedtls library */
179 ret = configure_mbedtls_rng();
180 #ifdef CONFIG_ATECC608A_TNG
181 ESP_LOGI(TAG, " . Initialize the ATECC interface for Trust & GO ...");
182 cfg_ateccx08a_i2c_default.atcai2c.address = 0x6A;
183 #elif CONFIG_ATECC608A_TFLEX /* CONFIG_ATECC608A_TNGO */
184 ESP_LOGI(TAG, " . Initialize the ATECC interface for TrustFlex ...");
185 cfg_ateccx08a_i2c_default.atcai2c.address = 0x6C;
186 #elif CONFIG_ATECC608A_TCUSTOM /* CONFIG_ATECC608A_TFLEX */
187 ESP_LOGI(TAG, " . Initialize the ATECC interface for TrustCustom ...");
188 /* Default slave address is same as that of TCUSTOM ATECC608A chips */
189 #endif /* CONFIG_ATECC608A_TCUSTOM */
190 ret = atcab_init(&cfg_ateccx08a_i2c_default);
191 if (ret != 0) {
192 ESP_LOGI(TAG, " failed ! atcab_init returned %02x", ret);
193 goto exit;
194 }
195 ESP_LOGI(TAG, " ok");
196
197 lock = 0;
198 ESP_LOGI(TAG, " Check the data zone lock status...");
199 ret = atcab_is_locked(LOCK_ZONE_DATA, &lock);
200 if (ret != 0) {
201 ESP_LOGI(TAG, " failed\n ! atcab_is_locked returned %02x", ret);
202 goto exit;
203 }
204
205 if (lock) {
206 ESP_LOGI(TAG, " ok: locked");
207 } else {
208 ESP_LOGE(TAG, "unlocked, please lock(configure) the ATECC608A chip with help of esp_cryptoauth_utility and try again");
209 goto exit;
210 }
211
212 ESP_LOGI(TAG, " Get the device info (type)...");
213 ret = atcab_info(buf);
214 if (ret != 0) {
215 ESP_LOGI(TAG, " failed\n ! atcab_info returned %02x", ret);
216 goto exit;
217 }
218 ESP_LOGI(TAG, " ok: %02x %02x", buf[2], buf[3]);
219
220 ESP_LOGI(TAG, " Get the public key...");
221 ret = atcab_get_pubkey(0, pubkey);
222 if (ret != 0) {
223 ESP_LOGI(TAG, " failed\n ! atcab_get_pubkey returned %02x", ret);
224 goto exit;
225 }
226 ESP_LOGI(TAG, " ok");
227 print_public_key(pubkey);
228
229 /* Perform a Sign/Verify Test */
230 ret = atca_ecdsa_test();
231 if (ret != 0) {
232 ESP_LOGE(TAG, " ECDSA sign/verify failed");
233 goto exit;
234 }
235
236 exit:
237 fflush(stdout);
238 close_mbedtls_rng();
239
240 }
241
