From efbbb3d7d2db57fa2ef63e6ca1c62655d9e5254c Mon Sep 17 00:00:00 2001 From: Joel Guittet Date: Mon, 30 Oct 2023 13:17:16 +0100 Subject: [PATCH] platform: add tls cryptoauthlib option to use secure elements --- .github/workflows/build_tests.sh | 4 + .gitignore | 1 + README.md | 3 +- esp-idf/Kconfig | 3 + .../generic/cryptoauthlib/src/mender-tls.c | 348 ++++++++++++++++++ tests/CMakeLists.txt | 3 + tests/mocks/CMakeLists.txt | 3 + tests/mocks/cryptoauthlib/CMakeLists.txt | 68 ++++ zephyr/Kconfig | 4 + 9 files changed, 435 insertions(+), 2 deletions(-) create mode 100644 platform/tls/generic/cryptoauthlib/src/mender-tls.c create mode 100755 tests/mocks/cryptoauthlib/CMakeLists.txt diff --git a/.github/workflows/build_tests.sh b/.github/workflows/build_tests.sh index c44d31e..1c142b6 100755 --- a/.github/workflows/build_tests.sh +++ b/.github/workflows/build_tests.sh @@ -37,12 +37,16 @@ cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="esp-idf" -DCONFI make -j$(nproc) cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_NET_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="freertos" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="esp-idf/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/mbedtls" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=OFF -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON make -j$(nproc) +cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_NET_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="freertos" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="esp-idf/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/cryptoauthlib" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=ON -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON +make -j$(nproc) # Build Zephyr use case cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_NET_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="zephyr/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/mbedtls" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=ON -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON make -j$(nproc) cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_NET_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="zephyr/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/mbedtls" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=OFF -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON make -j$(nproc) +cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_NET_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="zephyr/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/cryptoauthlib" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=ON -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON +make -j$(nproc) # Build Posix use case cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="posix" -DCONFIG_MENDER_PLATFORM_NET_TYPE="generic/curl" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="posix" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="posix" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="posix" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/mbedtls" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=ON -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON diff --git a/.gitignore b/.gitignore index 6ac3f2e..c984f94 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ build tests/build tests/mocks/cjson/cjson +tests/mocks/cryptoauthlib/cryptoauthlib tests/mocks/freertos/freertos tests/mocks/mbedtls/mbedtls diff --git a/README.md b/README.md index ab59655..8910278 100755 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ Additionally, a TCP/IP interface is required because communications are done usi And finally, 4kB of storage should be reserved to save client private and public keys used for authentication with mender server, plus OTA ID and artifact name to be deployed when an update is done (this is used internally to perform OTA report to the server). -From the source code perspective, the dependencies of the core part of the library are limited to [cJSON](https://github.com/DaveGamble/cJSON). The platform source files may depends of external libraries or Hardware Abstraction Layers: [esp-idf](https://github.com/espressif/esp-idf), [mbedTLS](https://github.com/Mbed-TLS/mbedtls/), ... +From the source code perspective, the dependencies of the core part of the library are limited to [cJSON](https://github.com/DaveGamble/cJSON). The platform source files may depends of external libraries or Hardware Abstraction Layers: [esp-idf](https://github.com/espressif/esp-idf), [mbedTLS](https://github.com/Mbed-TLS/mbedtls), [cryptoauthlib](https://github.com/MicrochipTech/cryptoauthlib), ... Additionally, building the Device Troubleshoot add-on requires [msgpack-c](https://github.com/msgpack/msgpack-c) to perform encoding and decoding of messages. On the ESP-IDF platform, this also constraints to download [esp_websocket_client](https://components.espressif.com/components/espressif/esp_websocket_client), which is compatible with ESP-IDF v5.0 and later only. @@ -145,7 +145,6 @@ The following features are currently in the pipeline. Please note that I haven't * Support update of [modules](https://docs.mender.io/artifact-creation/create-a-custom-update-module) to perform other kind of updates that could be specific to one project: files, images, etc. * Integration of other nice to have Mender features: Device Troubleshoot sending and receiving files, ... * Support new boards and prove it is cross-platform and that it is able to work on small MCU too: STM32F7, ATSAMD51... -* Integration of ATECC608B secure element to perform TLS authentication. * Support other RTOS (particularly Azure RTOS) and bare metal platforms. * ... diff --git a/esp-idf/Kconfig b/esp-idf/Kconfig index 816779b..3161474 100755 --- a/esp-idf/Kconfig +++ b/esp-idf/Kconfig @@ -240,6 +240,8 @@ menu "Mender Platform Options (ADVANCED)" config MENDER_PLATFORM_TLS_TYPE_MBEDTLS bool "mbedtls" + config MENDER_PLATFORM_TLS_TYPE_CRYPTOAUTHLIB + bool "cryptoauthlib" config MENDER_PLATFORM_TLS_TYPE_WEAK bool "weak" endchoice @@ -247,6 +249,7 @@ menu "Mender Platform Options (ADVANCED)" config MENDER_PLATFORM_TLS_TYPE string "Mender platform TLS implementation type" default "generic/mbedtls" if MENDER_PLATFORM_TLS_TYPE_MBEDTLS + default "generic/cryptoauthlib" if MENDER_PLATFORM_TLS_TYPE_CRYPTOAUTHLIB default "generic/weak" if MENDER_PLATFORM_TLS_TYPE_WEAK endmenu diff --git a/platform/tls/generic/cryptoauthlib/src/mender-tls.c b/platform/tls/generic/cryptoauthlib/src/mender-tls.c new file mode 100644 index 0000000..efe1883 --- /dev/null +++ b/platform/tls/generic/cryptoauthlib/src/mender-tls.c @@ -0,0 +1,348 @@ +/** + * @file mender-tls.c + * @brief Mender TLS interface for cryptoauthlib platform + * + * MIT License + * + * Copyright (c) 2022-2023 joelguittet and mender-mcu-client contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include +#include "mender-log.h" +#include "mender-tls.h" + +/** + * @brief Default private key ID + */ +#ifndef CONFIG_MENDER_TLS_PRIVATE_KEY_ID +#define CONFIG_MENDER_TLS_PRIVATE_KEY_ID (0) +#endif /* CONFIG_MENDER_TLS_PRIVATE_KEY_ID */ + +/** + * @brief base64 rules to format public key and signature + */ +static const uint8_t mender_tls_atcab_b64rules[4] = { (uint8_t)'+', (uint8_t)'/', (uint8_t)'=', 0u }; + +/** + * @brief Public key x509 header + */ +static const uint8_t mender_tls_public_key_x509_header[] = { 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, + 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04 }; + +/** + * @brief Public key of the device + */ +static unsigned char *mender_tls_public_key = NULL; +static size_t mender_tls_public_key_length = 0; + +/** + * @brief Write a buffer of PEM information from a DER encoded buffer + * @note This function is derived from mbedtls_pem_write_buffer with const header and footer, and line feed is "\\n" + * @param der_data The DER data to encode + * @param der_len The length of the DER data + * @param buf The buffer to write to + * @param buf_len The length of the output buffer + * @param olen The address at which to store the total length written or required output buffer length is not enough + * @return MENDER_OK if the function succeeds, error code otherwise + */ +static mender_err_t mender_tls_pem_write_buffer(const unsigned char *der_data, size_t der_len, char *buf, size_t buf_len, size_t *olen); + +mender_err_t +mender_tls_init(void) { + + uint8_t revision[4]; + uint8_t serial_number[ATCA_SERIAL_NUM_SIZE]; + bool lock = false; + + /* 'atcab_init' is supposed to be called first in the user application to initialize the library with the wanted HAL settings */ + + /* Check secure element information */ + if (ATCA_SUCCESS != atcab_info(revision)) { + mender_log_error("Unable to get the secure element revision information"); + return MENDER_FAIL; + } + mender_log_info("Secure element revision information: '%02x%02x%02x%02x'", revision[0], revision[1], revision[2], revision[3]); + if (0x02 == revision[3]) { + mender_log_info("Secure element is an ATECC608A"); + } else if (0x03 == revision[3]) { + mender_log_info("Secure element is an ATECC608B"); + } + + /* Check secure element serial number */ + if (ATCA_SUCCESS != atcab_read_serial_number(serial_number)) { + mender_log_error("Unable to get the secure element serial number"); + return MENDER_FAIL; + } + mender_log_info("Secure element serial number is: '%02x%02x%02x%02x%02x%02x%02x%02x%02x'", + serial_number[0], + serial_number[1], + serial_number[2], + serial_number[3], + serial_number[4], + serial_number[5], + serial_number[6], + serial_number[7], + serial_number[8]); + + /* Ensure the data is locked (device has been provisioned) */ + if (ATCA_SUCCESS != atcab_is_locked(LOCK_ZONE_DATA, &lock)) { + mender_log_error("Unable to check if the secure element is locked"); + return MENDER_FAIL; + } + if (true != lock) { + mender_log_error("Secure element is not locked"); + return MENDER_FAIL; + } + + return MENDER_OK; +} + +mender_err_t +mender_tls_init_authentication_keys(bool recommissioning) { + + /* Release memory */ + if (NULL != mender_tls_public_key) { + free(mender_tls_public_key); + mender_tls_public_key = NULL; + } + mender_tls_public_key_length = 0; + + /* Check if recommissioning is forced */ + if (true == recommissioning) { + mender_log_warning("Recommissioning not supported"); + } + + /* Retrieve public key */ + if (NULL == (mender_tls_public_key = (unsigned char *)malloc(ATCA_PUB_KEY_SIZE))) { + mender_log_error("Unable to allocate memory"); + return MENDER_FAIL; + } + if (ATCA_SUCCESS != atcab_get_pubkey(CONFIG_MENDER_TLS_PRIVATE_KEY_ID, (uint8_t *)mender_tls_public_key)) { + mender_log_error("Unable to get public key"); + free(mender_tls_public_key); + mender_tls_public_key = NULL; + return MENDER_FAIL; + } + mender_tls_public_key_length = ATCA_PUB_KEY_SIZE; + + return MENDER_OK; +} + +mender_err_t +mender_tls_get_public_key_pem(char **public_key) { + + assert(NULL != public_key); + mender_err_t ret; + + /* Compute size of the public key */ + size_t olen = 0; + mender_tls_pem_write_buffer(mender_tls_public_key, mender_tls_public_key_length, NULL, 0, &olen); + if (0 == olen) { + mender_log_error("Unable to compute public key size"); + return MENDER_FAIL; + } + if (NULL == (*public_key = (char *)malloc(olen))) { + mender_log_error("Unable to allocate memory"); + return MENDER_FAIL; + } + + /* Convert public key from DER to PEM format */ + if (MENDER_OK != (ret = mender_tls_pem_write_buffer(mender_tls_public_key, mender_tls_public_key_length, *public_key, olen, &olen))) { + mender_log_error("Unable to convert public key"); + return ret; + } + + return MENDER_OK; +} + +mender_err_t +mender_tls_sign_payload(char *payload, char **signature, size_t *signature_length) { + + assert(NULL != payload); + assert(NULL != signature); + assert(NULL != signature_length); + uint8_t digest[ATCA_SHA256_DIGEST_SIZE]; + uint8_t sign[ATCA_ECCP256_SIG_SIZE]; + uint8_t *r = &sign[0]; + uint8_t *s = &sign[32]; + uint8_t asn1[72]; + size_t index = 0; + char * tmp; + + /* Compute digest (sha256) of the payload */ + if (ATCA_SUCCESS != atcab_hw_sha2_256(payload, strlen(payload), digest)) { + mender_log_error("Unable to compute digest of the payload"); + return MENDER_FAIL; + } + + /* Compute signature of the digest value */ + if (ATCA_SUCCESS != atcab_sign(CONFIG_MENDER_TLS_PRIVATE_KEY_ID, digest, sign)) { + mender_log_error("Unable to compute signature of the digest value"); + return MENDER_FAIL; + } + + /* Convert signature to ASN.1 format */ + asn1[index] = 0x30; + index++; + asn1[index] = 4 + ((0x00 != (r[0] & 0x80)) ? 1 : 0) + 32 + ((0x00 != (s[0] & 0x80)) ? 1 : 0) + 32; + index++; + asn1[index] = 0x02; + index++; + asn1[index] = ((0x00 != (r[0] & 0x80)) ? 1 : 0) + 32; + index++; + if (0x00 != (r[0] & 0x80)) { + asn1[index] = 0x00; + index++; + } + memcpy(&asn1[index], r, 32); + index += 32; + asn1[index] = 0x02; + index++; + asn1[index] = ((0x00 != (s[0] & 0x80)) ? 1 : 0) + 32; + index++; + if (0x00 != (s[0] & 0x80)) { + asn1[index] = 0x00; + index++; + } + memcpy(&asn1[index], s, 32); + index += 32; + + /* Encode signature to base64 */ + if (NULL == (*signature = malloc(2 * index + 1))) { + mender_log_error("Unable to allocate memory"); + return MENDER_FAIL; + } + memset(*signature, 0, 2 * index + 1); + *signature_length = 2 * index; + if (ATCA_SUCCESS != atcab_base64encode_(asn1, index, *signature, signature_length, mender_tls_atcab_b64rules)) { + mender_log_error("Unable to convert signature to base64 format"); + free(*signature); + *signature = NULL; + return MENDER_FAIL; + } + if (NULL == (tmp = realloc(*signature, *signature_length + 1))) { + mender_log_error("Unable to allocate memory"); + free(*signature); + *signature = NULL; + return MENDER_FAIL; + } + *signature = tmp; + + return MENDER_OK; +} + +mender_err_t +mender_tls_exit(void) { + + /* Release memory */ + if (NULL != mender_tls_public_key) { + free(mender_tls_public_key); + mender_tls_public_key = NULL; + } + mender_tls_public_key_length = 0; + + return MENDER_OK; +} + +static mender_err_t +mender_tls_pem_write_buffer(const unsigned char *der_data, size_t der_len, char *buf, size_t buf_len, size_t *olen) { + +#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----" +#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----" + + mender_err_t ret = MENDER_OK; + unsigned char *encode_buf = NULL; + unsigned char *p = (unsigned char *)buf; + + /* Compute length required to convert DER data */ + size_t use_len = 2 * ATCA_PUB_KEY_SIZE; + + /* Compute length required to format PEM */ + size_t add_len = strlen(PEM_BEGIN_PUBLIC_KEY) + 2 + strlen(PEM_END_PUBLIC_KEY) + 2 * ((use_len / 64) + 1); + + /* Check buffer length */ + if (use_len + add_len > buf_len) { + *olen = use_len + add_len; + ret = MENDER_FAIL; + goto END; + } + + /* Check buffer */ + if (NULL == p) { + ret = MENDER_FAIL; + goto END; + } + + /* Allocate memory to store PEM data */ + if (NULL == (encode_buf = (unsigned char *)malloc(use_len))) { + mender_log_error("Unable to allocate memory"); + ret = MENDER_FAIL; + goto END; + } + + /* Convert DER data */ + uint8_t *tmp = buf + 2 * ATCA_PUB_KEY_SIZE - der_len - sizeof(mender_tls_public_key_x509_header); + memcpy(tmp, mender_tls_public_key_x509_header, sizeof(mender_tls_public_key_x509_header)); + memcpy(tmp + sizeof(mender_tls_public_key_x509_header), der_data, der_len); + if (ATCA_SUCCESS != atcab_base64encode_(tmp, der_len + sizeof(mender_tls_public_key_x509_header), encode_buf, &use_len, mender_tls_atcab_b64rules)) { + mender_log_error("Unable to convert data to base64 format"); + ret = MENDER_FAIL; + goto END; + } + + /* Copy header */ + memcpy(p, PEM_BEGIN_PUBLIC_KEY, strlen(PEM_BEGIN_PUBLIC_KEY)); + p += strlen(PEM_BEGIN_PUBLIC_KEY); + *p++ = '\\'; + *p++ = 'n'; + + /* Copy PEM data */ + unsigned char *c = encode_buf; + while (use_len) { + size_t len = (use_len > 64) ? 64 : use_len; + memcpy(p, c, len); + use_len -= len; + p += len; + c += len; + *p++ = '\\'; + *p++ = 'n'; + } + + /* Copy footer */ + memcpy(p, PEM_END_PUBLIC_KEY, strlen(PEM_END_PUBLIC_KEY)); + p += strlen(PEM_END_PUBLIC_KEY); + *p++ = '\0'; + + /* Compute output length */ + *olen = p - (unsigned char *)buf; + + /* Clean any remaining data previously written to the buffer */ + memset(buf + *olen, 0, buf_len - *olen); + +END: + + /* Release memory */ + if (NULL != encode_buf) { + free(encode_buf); + } + + return ret; +} diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index c62748d..d27e4d8 100755 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -143,6 +143,9 @@ endif() if(CONFIG_MENDER_PLATFORM_RTOS_TYPE MATCHES "posix") target_link_libraries(${APP_EXECUTABLE_NAME} rt) endif() +if(CONFIG_MENDER_PLATFORM_TLS_TYPE MATCHES "generic/cryptoauthlib") + target_link_libraries(${APP_EXECUTABLE_NAME} cryptoauth) +endif() # Define project LANGUAGES project(${PROJECT_BASE_NAME} LANGUAGES C ASM) diff --git a/tests/mocks/CMakeLists.txt b/tests/mocks/CMakeLists.txt index f80763f..b333f17 100755 --- a/tests/mocks/CMakeLists.txt +++ b/tests/mocks/CMakeLists.txt @@ -38,3 +38,6 @@ endif() if(CONFIG_MENDER_PLATFORM_TLS_TYPE MATCHES "generic/mbedtls") include("${CMAKE_CURRENT_LIST_DIR}/mbedtls/CMakeLists.txt") endif() +if(CONFIG_MENDER_PLATFORM_TLS_TYPE MATCHES "generic/cryptoauthlib") + include("${CMAKE_CURRENT_LIST_DIR}/cryptoauthlib/CMakeLists.txt") +endif() diff --git a/tests/mocks/cryptoauthlib/CMakeLists.txt b/tests/mocks/cryptoauthlib/CMakeLists.txt new file mode 100755 index 0000000..84ac6c9 --- /dev/null +++ b/tests/mocks/cryptoauthlib/CMakeLists.txt @@ -0,0 +1,68 @@ +# @file CMakeLists.txt +# @brief cryptoauthlib mock CMakeLists file +# +# MIT License +# +# Copyright (c) 2022-2023 joelguittet and mender-mcu-client contributors +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +# Fetch repository +set(GIT_REPO_URL "https://github.com/MicrochipTech/cryptoauthlib") +set(GIT_TAG_NAME "v3.5.1") + +# Fetch destination +set(GIT_FOLDER_NAME "${CMAKE_CURRENT_LIST_DIR}/cryptoauthlib") + +# Declare fetch content +include(FetchContent) +FetchContent_Declare( + cryptoauthlib + URL "${GIT_REPO_URL}/archive/refs/tags/${GIT_TAG_NAME}.zip" + SOURCE_DIR "${GIT_FOLDER_NAME}" + DOWNLOAD_EXTRACT_TIMESTAMP TRUE +) + +# Fetch if not already done +FetchContent_GetProperties(cryptoauthlib) +if(NOT cryptoauthlib_POPULATED) + message("Populating ${GIT_FOLDER_NAME}, please wait...") + FetchContent_Populate(cryptoauthlib) +endif() + +# Configure cryptoauthlib +SET(ATCA_HAL_I2C ON CACHE INTERNAL "") +SET(ATCA_ATSHA204A_SUPPORT OFF CACHE INTERNAL "") +SET(ATCA_ATSHA206A_SUPPORT OFF CACHE INTERNAL "") +SET(ATCA_ATECC108A_SUPPORT OFF CACHE INTERNAL "") +SET(ATCA_ATECC508A_SUPPORT OFF CACHE INTERNAL "") +SET(ATCA_ATECC608_SUPPORT ON CACHE INTERNAL "") +SET(ATCA_ATECC608A_SUPPORT ON CACHE INTERNAL "") +SET(ATCA_TA100_SUPPORT OFF CACHE INTERNAL "") +SET(ATCA_ECC204_SUPPORT OFF CACHE INTERNAL "") +SET(ATCA_TA010_SUPPORT OFF CACHE INTERNAL "") +SET(ATCA_SHA104_SUPPORT OFF CACHE INTERNAL "") +SET(ATCA_SHA105_SUPPORT OFF CACHE INTERNAL "") + +# Include library +add_subdirectory("${GIT_FOLDER_NAME}/lib") + +# Add include directories +include_directories("${CMAKE_CURRENT_BINARY_DIR}/mocks/cryptoauthlib/cryptoauthlib/lib") +include_directories("${GIT_FOLDER_NAME}/lib") diff --git a/zephyr/Kconfig b/zephyr/Kconfig index ced4d8c..97e6eb9 100755 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -258,6 +258,9 @@ if MENDER_MCU_CLIENT config MENDER_PLATFORM_TLS_TYPE_MBEDTLS bool "mbedtls" select MBEDTLS + config MENDER_PLATFORM_TLS_TYPE_CRYPTOAUTHLIB + bool "cryptoauthlib" + select CRYPTOAUTHLIB config MENDER_PLATFORM_TLS_TYPE_WEAK bool "weak" endchoice @@ -265,6 +268,7 @@ if MENDER_MCU_CLIENT config MENDER_PLATFORM_TLS_TYPE string "Mender platform TLS implementation type" default "generic/mbedtls" if MENDER_PLATFORM_TLS_TYPE_MBEDTLS + default "generic/cryptoauthlib" if MENDER_PLATFORM_TLS_TYPE_CRYPTOAUTHLIB default "generic/weak" if MENDER_PLATFORM_TLS_TYPE_WEAK endmenu