/** \brief Test proper ECDHE operation after a GenKey using the ECDH slot of the default configuration.
* \return void
*/
void test_atcatls_ecdhe(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t pmk[ATCA_KEY_SIZE] = { 0 };
uint8_t pmkNull[ATCA_KEY_SIZE] = { 0 };
uint8_t pubKeyRet[ATCA_PUB_KEY_SIZE] = { 0 };
uint8_t pubKeyNull[ATCA_PUB_KEY_SIZE] = { 0 };
int cmpResult = 0;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_ecdhe(TLS_SLOT_ECDH_PRIV, pubKey1, pubKeyRet, pmk);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Compare pmk memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(pmk, pmkNull, ATCA_KEY_SIZE);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
// Compare pmk memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(pubKeyRet, pubKeyNull, ATCA_PUB_KEY_SIZE);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/**
*
* \brief Generates a random bytes stream. The ATECCX08 TRNG is
* used to seed a standard OpenSSL PRNG (RAND_SSLeay()),
* which is used to produce the random stream then. The
* PRNG is reseeded after MAX_RAND_BYTES are generated
*
* \param[out] buf - a pointer to buffer for the random byte
* stream. The caller must allocate enough space in the
* buffer in order to fit all generated bytes.
* \param[in] num - number of bytes to generate
* \return 1 for success
*/
static int RAND_eccx08_rand_bytes(unsigned char *buf, int num)
{
int rc = 0;
uint32_t atcab_buf[TLS_RANDOM_SIZE / sizeof(uint32_t)];
double entropy;
RAND_METHOD *meth_rand = RAND_SSLeay();
ATCA_STATUS status = ATCA_GEN_FAIL;
#ifdef USE_ECCX08
if (total_num > MAX_RAND_BYTES) {
total_num = 0;
}
if (total_num == 0) {
eccx08_debug("RAND_eccx08_rand_bytes() - hw\n");
status = atcatls_init(pCfg);
if (status != ATCA_SUCCESS) goto done;
status = atcatls_random((uint8_t *)atcab_buf);
if (status != ATCA_SUCCESS) goto done;
status = atcatls_finish();
if (status != ATCA_SUCCESS) goto done;
entropy = (double)atcab_buf[0];
meth_rand->add(buf, num, entropy);
}
total_num += num;
#else // USE_ECCX08
eccx08_debug("RAND_eccx08_rand_bytes() - sw\n");
#endif // USE_ECCX08
rc = meth_rand->bytes(buf, num);
done:
return (rc);
}
/** \brief Test proper initialization of the encryption key. Write the random value to the encryption key slot of the default configuration.
* \return void
*/
void test_atcatls_init_enc_key(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t enckey_ret[ATCA_KEY_SIZE] = { 0 };
bool lock = false;
uint8_t enckeyId = TLS_SLOT_ENC_PARENT;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatlsfn_set_get_enckey(&get_enc_key);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Save the return value of _enckeytest to the application
// Return _enckeytest when get_enc_key is called
status = atcatls_init_enckey(_enckeytest, enckeyId, lock);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_get_enckey(enckey_ret);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
TEST_ASSERT_EQUAL_MEMORY(enckey_ret, _enckeytest, ATCA_KEY_SIZE);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test proper encrypted write/read using the default configuration.
* \return void
*/
void test_atcatls_enc_write_read(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t writeBytes[] = { 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19 };
int16_t writeSize = sizeof(writeBytes);
uint8_t readBytes[ATCA_BLOCK_SIZE] = { 0 };
int16_t readSize = sizeof(readBytes);
uint8_t enckeyId = TLS_SLOT_ENC_PARENT;
uint8_t slotId = TLS_SLOT8_ENC_STORE;
uint8_t block = 0;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_enc_write(slotId, block, enckeyId, writeBytes, writeSize);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_enc_read(slotId, block, enckeyId, readBytes, &readSize);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Check the equivalence of the buffers
TEST_ASSERT_EQUAL(readSize, writeSize);
TEST_ASSERT_EQUAL_MEMORY(readBytes, writeBytes, readSize);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief This test will initialize and finish the communication to an ECC508.
* \return void
*/
void test_atcatls_init_finish(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
// The atcatls_init() function will call atcatls_com_init(), test for success
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// The atcatls_finish() function will call atcatls_com_release(), test for success
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief This test will write a default configuration and lock a blank device for testing.
* If the part is already locked, it will verify the configuration zone against the default configuraion.
* \return void
*/
void test_atcatls_config_default(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_config_default();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
void test_atcatls_get_cert(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t *certout = NULL;
int16_t certsize = 0;
status = atcatls_init();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_get_cert(certout, &certsize);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test that the part can be used for an external verify using known valid vectors.
* \return void
*/
void test_atcatls_verify(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
bool verified = false;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_verify(msg1, sig1, pubKey1, &verified);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// See if the buffers actually verified
TEST_ASSERT_TRUE(verified);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
void atmel_init(void)
{
if (!mAtcaInitDone) {
#ifdef WOLFSSL_ATECC508A
int i;
/* Init the free slot list */
for (i=0; i<=ATECC_MAX_SLOT; i++) {
if (i == 0 || i == 2 || i == 7) {
/* ECC Slots (mark avail) */
mSlotList[i] = ATECC_INVALID_SLOT;
}
else {
mSlotList[i] = i;
}
}
/* Initialize the CryptoAuthLib to communicate with ATECC508A */
atcatls_init(&cfg_ateccx08a_i2c_default);
/* Init the I2C pipe encryption key. */
/* Value is generated/stored during pair for the ATECC508A and stored
on micro flash */
/* For this example its a fixed value */
if (atmel_init_enc_key() != ATCA_SUCCESS) {
WOLFSSL_MSG("Failed to initialize transport key");
}
/* show revision information */
atmel_show_rev_info();
/* Configure the ECC508 for use with TLS API funcitons */
#if 0
atcatls_device_provision();
#else
atcatls_config_default();
#endif
#endif /* WOLFSSL_ATECC508A */
mAtcaInitDone = 1;
}
}
/** \brief Test proper Random Command operation using the ECC508.
* \return void
*/
void test_atcatls_random(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t randomNum[RANDOM_RSP_SIZE] = { 0 };
uint8_t randomNumNull[RANDOM_RSP_SIZE] = { 0 };
int cmpResult = 0;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcab_random(randomNum);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Compare randomNum memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(randomNum, randomNumNull, RANDOM_RSP_SIZE);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test that the serial number can be read from the ECC508. This test should always succeed.
* \return void
*/
void test_atcatls_get_sn(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t snOut[ATCA_SERIAL_NUM_SIZE] = { 0 };
uint8_t snOutNull[ATCA_SERIAL_NUM_SIZE] = { 0 };
int cmpResult = 0;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_get_sn(snOut);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Compare snOut memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(snOut, snOutNull, ATCA_SERIAL_NUM_SIZE);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
void test_atcatls_create_key(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t pubkey[ATCA_PUB_KEY_SIZE] = { 0 };
uint8_t pubkeyNull[ATCA_PUB_KEY_SIZE] = { 0 };
int cmpResult = 0;
status = atcatls_init();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_create_key(AUTH_PRIV_SLOT, pubkey);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Compare pubkey memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(pubkey, pubkeyNull, ATCA_PUB_KEY_SIZE);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test proper public key retrieval after writing from a clear read/write slot of the default configuration.
* \return void
*/
void test_atcatls_ca_pubkey_write_read(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t pubkey[ATCA_PUB_KEY_SIZE] = { 0 };
uint8_t pubkeyNull[ATCA_PUB_KEY_SIZE] = { 0 };
int cmpResult = 0;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
atcatls_read_pubkey(TLS_SLOT_MFRCA_PUBKEY, pubkey);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Compare randomNum memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(pubkey, pubkeyNull, ATCA_PUB_KEY_SIZE);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test that a signature is produced from the authentication slot of the default configuration.
* \return void
*/
void test_atcatls_sign(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t signature[ATCA_SIG_SIZE] = { 0 };
uint8_t sigNull[ATCA_SIG_SIZE] = { 0 };
int cmpResult = 0;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_sign(TLS_SLOT_AUTH_PRIV, msg1, signature);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Compare signature memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(signature, sigNull, ATCA_SIG_SIZE);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test proper encrypted write/read of an RSA key using the default configuration.
* \return void
*/
void test_atcatls_enc_rsakey_write_read(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t rsakey[] = { 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49,
0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59,
0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69,
0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79,
0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89,
0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99,
0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9,
0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9,
0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9,
0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9,
0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9,
0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 };
uint8_t readBytes[RSA2048_KEY_SIZE] = { 0 };
uint8_t enckeyId = TLS_SLOT_ENC_PARENT;
int16_t keysize = RSA2048_KEY_SIZE;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Write the RSA key
status = atcatls_enc_rsakey_write(enckeyId, rsakey, keysize);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Read the RSA key
status = atcatls_enc_rsakey_read(enckeyId, readBytes, &keysize);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
TEST_ASSERT_EQUAL(keysize, RSA2048_KEY_SIZE);
// Check the equivalence of the buffers
TEST_ASSERT_EQUAL_MEMORY(readBytes, rsakey, RSA2048_KEY_SIZE);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test the return value of the CA certificate.
* \return void
*/
void test_atcatls_get_ca_cert(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t caCert[1024] = { 0 };
uint8_t caCertNull[1024] = { 0 };
size_t caCertSize = 1024;
int cmpResult = 0;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Get the CA cert
status = atcatls_get_ca_cert(caCert, &caCertSize);
// Compare certificate memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(caCert, caCertNull, 1024);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test chain verification using certificates that were read from a properly configured ECC508.
* The device certificate and signer certificate are verified.
* \return void
*/
void test_atcatls_verify_cert_chain(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t signerPubkey[64] = { 0 };
uint8_t caPubkey[64] = { 0 };
uint8_t signerCert[1024] = { 0 };
uint8_t deviceCert[1024] = { 0 };
size_t signerCertSize = 1024;
size_t deviceCertSize = 1024;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Get the CA public key
memcpy(caPubkey, g_signer_1_ca_public_key_t, sizeof(caPubkey));
// Get the signer certificate
status = atcatls_get_cert(&g_cert_def_1_signer_t, g_signer_1_ca_public_key_t, signerCert, &signerCertSize);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Get the signer public key from the signer certificate
status = atcacert_get_subj_public_key(&g_cert_def_1_signer_t, signerCert, signerCertSize, signerPubkey);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Get the device certificate
status = atcatls_get_cert(&g_cert_def_0_device_t, signerPubkey, deviceCert, &deviceCertSize);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Verify the signer certificate
status = atcacert_verify_cert_hw(&g_cert_def_1_signer_t, signerCert, signerCertSize, caPubkey);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Verify the device certificate
status = atcacert_verify_cert_hw(&g_cert_def_0_device_t, deviceCert, deviceCertSize, signerPubkey);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
void test_atcatls_init_enc_key(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
uint8_t enckey_ret[ATCA_KEY_SIZE] = { 0 };
bool lock = false;
status = atcatls_init();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatlsfn_set_get_enckey(&get_enc_key);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_init_enckey(_enckeytest, lock);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
status = atcatls_get_enckey(enckey_ret);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// todo: Test that these are equal (_enckeytest == enckey_ret)
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
/** \brief Test the return value of the CA certificate.
* \return void
*/
void test_atcatls_create_csr(void)
{
ATCA_STATUS status = ATCA_GEN_FAIL;
char csr[1024] = { 0 };
char csrNull[1024] = { 0 };
size_t csrSize = 1024;
int cmpResult = 0;
status = atcatls_init(g_pCfg);
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
// Get the CSR
status = atcatls_create_csr(&g_DeviceCsrDef, csr, &csrSize);
// Print the CSR to the console
printf(csr);
// Compare certificate memory, it should have changed. If all bytes are equal memcmp will return 0.
cmpResult = memcmp(csr, csrNull, csrSize);
TEST_ASSERT_NOT_EQUAL(cmpResult, 0);
status = atcatls_finish();
TEST_ASSERT_EQUAL(ATCA_SUCCESS, status);
}
