Awesome
CryptoAuthLib - Microchip CryptoAuthentication Library {#mainpage}
Introduction
This library implements the APIs required to communicate with Microchip Security device. The family of devices supported currently are:
CryptoAuth | CryptoAuth2 |
---|---|
ATECC608B | ECC204 |
ATECC608A | ECC206 |
ATECC508A | SHA104 |
ATECC108A | SHA105 |
ATSHA204A | SHA106 |
ATSHA206A | RNG90 |
The best place to start is with the Microchip Trust Platform
Online API documentation is at https://microchiptech.github.io/cryptoauthlib/
Latest software and examples can be found at:
- https://www.microchip.com/design-centers/security-ics/trust-platform
- http://www.microchip.com/SWLibraryWeb/product.aspx?product=CryptoAuthLib
Prerequisite hardware to run CryptoAuthLib examples:
Alternatively a Microchip MCU and Adapter Board:
- ATSAMR21 Xplained Pro or ATSAMD21 Xplained Pro
- CryptoAuthentication SOIC Socket Board to accept SOIC parts
- ATECC608B mikroBUS evaluation board
- ECC204 mikroBUS evaluation board
- SHA104/SHA105 mikroBUS evaluation board
- TA010 mikroBUS evaluation board
For most development, using socketed top-boards is preferable until your configuration is well tested, then you can commit it to a CryptoAuth Xplained Pro Extension, for example. Keep in mind that once you lock a device, it will not be changeable.
Examples
- Install the Trust Platform Design Suite to access Use Case examples for the different Security Solutions (ATECC608, SHA104/105, ECC204, TA010, TA100…)
Configuration
In order to properly configured the library there must be a header file in your
project named atca_config.h
at minimum this needs to contain defines for the
hal and device types being used. Most integrations have an configuration mechanism
for generating this file. See the atca_config.h.in template
which is configured by CMake for Linux, MacOS, & Windows projects.
An example of the configuration:
/* Cryptoauthlib Configuration File */
#ifndef ATCA_CONFIG_H
#define ATCA_CONFIG_H
/* Include HALS */
#define ATCA_HAL_I2C
/* Included device support */
#define ATCA_ATECC608_SUPPORT
/* \brief How long to wait after an initial wake failure for the POST to
* complete.
* If Power-on self test (POST) is enabled, the self test will run on waking
* from sleep or during power-on, which delays the wake reply.
*/
#ifndef ATCA_POST_DELAY_MSEC
#define ATCA_POST_DELAY_MSEC 25
#endif
#endif // ATCA_CONFIG_H
There are two major compiler defines that affect the operation of the library.
- ATCA_NO_POLL can be used to revert to a non-polling mechanism for device responses. Normally responses are polled for after sending a command, giving quicker response times. However, if ATCA_NO_POLL is defined, then the library will simply delay the max execution time of a command before reading the response.
- ATCA_NO_HEAP can be used to remove the use of malloc/free from the main library. This can be helpful for smaller MCUs that don't have a heap implemented. If just using the basic API, then there shouldn't be any code changes required. The lower-level API will no longer use the new/delete functions and the init/release functions should be used directly.
Some specific options are available in the fully documented configuration files lib/calib/calib_config.h
,
atca_configuration.h
, lib/crypto/crypto_config.h
, lib/host/atca_host_config.h
which is also the place where features can be selected.
We provide some configurations focused on specific use cases and the checks are enabled by default.
Release notes
See Release Notes
Host Device Support
CryptoAuthLib will run on a variety of platforms from small micro-controllers to desktop host systems. See hal readme
Porting requires a time delay function of millisecond resolution (hal_delay_ms) which can be implemented via loop, timer, or rtos sleep/wait and a communication interface.
CryptoAuthLib Architecture
Cryptoauthlib API documentation is at https://microchiptech.github.io/cryptoauthlib/
The library is structured to support portability to:
- multiple hardware/microcontroller platforms
- multiple environments including bare-metal, RTOS and Windows/Linux/MacOS
- multiple chip communication protocols (I2C, SPI, and SWI)
All platform dependencies are contained within the HAL (hardware abstraction layer).
Directory Structure
lib - primary library source code
lib/atcacert - certificate data and i/o methods
lib/calib - the Basic Cryptoauth API
lib/crypto - Software crypto implementations external crypto libraries support (primarily SHA1 and SHA2)
lib/hal - hardware abstraction layer code for supporting specific platforms
lib/host - support functions for common host-side calculations
lib/jwt - json web token functions
test - Integration test and examples. See test/cmd-processor.c for main() implementation.
For production code, test directories should be excluded by not compiling it
into a project, so it is up to the developer to include or not as needed. Test
code adds significant bulk to an application - it's not intended to be included
in production code.
Tests
There is a set of integration tests found in the test directory which will at least partially demonstrate the use of the objects. Some tests may depend upon a certain device being configured in a certain way and may not work for all devices or specific configurations of the device. See test readme
Using CryptoAuthLib (Microchip CryptoAuth Library)
The best place to start is with the Microchip Trust Platform
Also application examples are included as part of the Harmony 3 framework and can be copied from the Harmony Content Manager or found with the Harmony 3 Framework Cryptoauthlib_apps
Incorporating CryptoAuthLib in a Linux project using USB HID devices
The Linux HID HAL files use the Linux udev development software package.
To install the udev development package under Ubuntu Linux, please type the following command at the terminal window:
sudo apt-get install libudev-dev
This adds the udev development development software package to the Ubuntu Linux installation.
The Linux HID HAL files also require a udev rule to be added to change the permissions of the USB HID Devices. Please add a new udev rule for the Microchip CryptoAuth USB devices.
cd /etc/udev/rules.d
sudo touch mchp-cryptoauth.rules
Edit the mchp-cryptoauth.rules file and add the following line to the file:
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2312", MODE="0666"