RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-17 18:52:44 +01:00
Code Releases Activity

sys/shell: add cryptoauthlib shell handler

Browse Source
This commit is contained in:
Lena Boeckmann 2020-02-07 17:17:39 +01:00 committed by Einhornhool
parent 8c2174773c
commit 5bc0b15114
4 changed files with 261 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/cryptoauthlib/doc.txt
View File

@ -23,6 +23,17 @@
* USEPKG += cryptoauthlib * USEPKG += cryptoauthlib
* to your Makefile. * to your Makefile.
* *
*
* ### Shell
*
* To facilitate the device configuration the RIOT shell provides some
* helper commands. Currently there are shell commands to read the device's
* config zone, to lock the config zone (this will lock the config zone permanently
* and cannot be undone) and to check whether config and data zone are locked.
* The shell handler is enabled, if cryptoauthlib is included as a package in the
* Makefile of an application that also includes the shell (e.g. examples/default).
*
*
* ### No poll mode * ### No poll mode
* *
* After sending a command to the device, responses are usually polled to enable * After sending a command to the device, responses are usually polled to enable

4
sys/shell/commands/Makefile
View File

@ -104,4 +104,8 @@ ifneq (,$(filter suit_coap,$(USEMODULE)))
SRC += sc_suit.c SRC += sc_suit.c
endif endif
ifneq (,$(filter cryptoauthlib,$(USEPKG)))
SRC += sc_cryptoauthlib.c
endif
include $(RIOTBASE)/Makefile.base include $(RIOTBASE)/Makefile.base

239
sys/shell/commands/sc_cryptoauthlib.c Normal file
View File

@ -0,0 +1,239 @@
/*
* Copyright (C) 2020 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup sys_shell_commands
* @{
*
* @file
* @brief Shell commands for the cryptoauthlib module
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include <stdio.h>
#include <stdint.h>
#include "cryptoauthlib.h"
void get_bin(char *result, uint8_t byte)
{
for (int i = 0; i < 8; i++) {
result[i] = (((byte << i) & 0x80) ? '1' : '0');
}
result[8] = '\0';
}
int _read_config(void)
{
uint8_t data[ATCA_ECC_CONFIG_SIZE];
uint8_t data_count = 0;
char binary[9];
memset(data, 0, ATCA_ECC_CONFIG_SIZE);
if (atcab_read_config_zone(data) != ATCA_SUCCESS) {
printf("Error reading config zone\n");
return 1;
}
printf("Config zone: \n\n");
printf("%03d:%03d ", data_count, data_count+3);
for (int i = 0; i < 4; i++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("SN0 SN1 SN2 SN3\n");
printf("%03d:%03d ", data_count, data_count+3);
for (int i = 0; i < 4; i++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("RN0 RN1 RN2 RN3\n");
printf("%03d:%03d ", data_count, data_count+3);
for (int i = 0; i < 4; i++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("SN4 SN5 SN6 SN7\n");
printf("%03d:%03d ", data_count, data_count+3);
for (int i = 0; i < 4; i++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("SN8 RSVD I2CE RSVD\n");
printf("%03d:%03d ", data_count, data_count+3);
for (int i = 0; i < 4; i++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("I2CA RSVD OTPM CM\n");
for (int i = 0; i < 32; i += 4) {
static int slotcount = 0;
printf("%03d:%03d ", data_count, data_count+3);
for (int j = 0; j < 4; j++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("SC%d SC%d ", slotcount, slotcount);
slotcount++;
printf("SC%d SC%d\n", slotcount, slotcount);
slotcount++;
}
for (int k = 0; k < 2; k++) {
static int cnt_no = 0;
for (int i = 0; i < 8; i += 4) {
printf("%03d:%03d ", data_count, data_count+3);
for (int j = 0; j < 4; j++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("CNT%d CNT%d CNT%d CNT%d\n", cnt_no, cnt_no, cnt_no, cnt_no);
}
cnt_no++;
}
for (int i = 0; i < 16; i += 4) {
printf("%03d:%03d ", data_count, data_count+3);
for (int j = 0; j < 4; j++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("LKU%d LKU%d LKU%d LKU%d\n", i, i+1, i+2, i+3);
}
printf("%03d:%03d ", data_count, data_count+3);
for (int i = 0; i < 4; i++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("UE SEL LV LC\n");
printf("%03d:%03d ", data_count, data_count+3);
for (int i = 0; i < 4; i++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("SL0 SL1 RFU0 RFU1\n");
printf("%03d:%03d ", data_count, data_count+3);
for (int i = 0; i < 4; i++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("X509-0 X509-1 X509-2 X509-3\n");
for (int i = 0; i < 32; i += 4) {
static int key_cnt = 0;
printf("%03d:%03d ", data_count, data_count+3);
for (int j = 0; j < 4; j++) {
get_bin(binary, data[data_count]);
printf("%s ", binary);
data_count++;
}
printf("KC%d KC%d ", key_cnt, key_cnt);
key_cnt++;
printf("KC%d KC%d\n", key_cnt, key_cnt);
key_cnt++;
}
return 0;
}
int _check_lock_config(void)
{
bool is_locked = false;
atcab_is_locked(LOCK_ZONE_CONFIG, &is_locked);
if (is_locked) {
printf("Config zone is locked\n");
}
else {
printf("Config zone is not locked\n");
}
return 0;
}
int _check_lock_data(void)
{
bool is_locked = false;
atcab_is_locked(LOCK_ZONE_DATA, &is_locked);
if (is_locked) {
printf("Data zone is locked\n");
}
else {
printf("Data zone is not locked\n");
}
return 0;
}
int _lock_config(void)
{
bool is_locked = false;
atcab_is_locked(LOCK_ZONE_CONFIG, &is_locked);
if (is_locked) {
printf("Error: Config zone is already locked\n");
return 1;
}
if (atcab_lock_config_zone() != ATCA_SUCCESS) {
printf("Error: Locking failed\n");
return 1;
}
printf("Device successfully locked\n");
return 0;
}
int _cryptoauth(int argc, char **argv)
{
if (argc > 1) {
if ((strcmp(argv[1], "read") == 0)) {
return _read_config();
}
else if ((strcmp(argv[1], "lock_c") == 0)) {
return _lock_config();
}
else if ((strcmp(argv[1], "check_lc") == 0)) {
return _check_lock_config();
}
else if ((strcmp(argv[1], "check_ld") == 0)) {
return _check_lock_data();
}
}
else {
printf("* read - read Microchip CryptoAuth device's config zone\n");
printf("* lock_c - PERMANENTLY lock Microchip CryptoAuth device's config \
zone (cannot be undone!)\n");
printf("* check_lc - check if Microchip CryptoAuth device's config zone is locked\n");
printf("* check_ld - check if Microchip CryptoAuth device's data zone is locked\n");
}
return 0;
}

7
sys/shell/commands/shell_commands.c
View File

@ -167,6 +167,10 @@ extern int _test_ready(int argc, char **argv);
extern int _suit_handler(int argc, char **argv); extern int _suit_handler(int argc, char **argv);
#endif #endif
#ifdef MODULE_CRYPTOAUTHLIB
extern int _cryptoauth(int argc, char **argv);
#endif
const shell_command_t _shell_command_list[] = { const shell_command_t _shell_command_list[] = {
{"reboot", "Reboot the node", _reboot_handler}, {"reboot", "Reboot the node", _reboot_handler},
#ifdef MODULE_CONFIG #ifdef MODULE_CONFIG
@ -279,6 +283,9 @@ const shell_command_t _shell_command_list[] = {
#endif #endif
#ifdef MODULE_SUIT_COAP #ifdef MODULE_SUIT_COAP
{ "suit", "Trigger a SUIT firmware update", _suit_handler }, { "suit", "Trigger a SUIT firmware update", _suit_handler },
#endif
#ifdef MODULE_CRYPTOAUTHLIB
{ "cryptoauth", "Commands for Microchip CryptoAuth devices", _cryptoauth },
#endif #endif
{NULL, NULL, NULL} {NULL, NULL, NULL}
}; };