M5Unit-CRYPTO/atecc608_8hpp_source.html

/*

 * SPDX-FileCopyrightText: 2025 M5Stack Technology CO LTD

 *

 * SPDX-License-Identifier: MIT

 */

#ifndef M5_UNIT_CRYPTO_ATECC608_HPP

#define M5_UNIT_CRYPTO_ATECC608_HPP


#include <cstdint>


namespace m5 {

namespace unit {

namespace atecc608 {


enum class Slot : uint8_t {

    PrimaryPrivateKey,

    InternalSignPrivateKey,

    SecondaryPrivateKey1,

    SecondaryPrivateKey2,

    SecondaryPrivateKey3,

    MACAddress,

    IOProtectionKey,

    GeneralData = 8,

    AESKey,

    DeviceCompressedCertificate,

    SignerPublicKey,

    SignerCompressedCertificate,

    // 7,13,14,15 are reserved

};


enum class Source : uint8_t {

    TempKey,

    MsgDigestBuffer,

    AlternateKeyBuffer,

    ExternalBuffer,

};


using Destination = Source;


constexpr uint8_t ZONE_CONFIG{0x00};

constexpr uint8_t ZONE_OTP{0x01};

constexpr uint8_t ZONE_DATA{0x02};


enum Error : uint8_t {

    CHECK_MAC_OR_VERIFY_ERROR  = 0x01,

    PARSE_ERROR                = 0x03,

    ECC_FAULT                  = 0x05,

    SELF_TEST_ERROR            = 0x07,

    HEALTH_TEST_ERROR          = 0x08,

    EXECUTION_ERROR            = 0x0F,

    AFTER_WAKE_PRIOR_ERROR     = 0X11,

    WATCH_DOG_ERROR            = 0xEE,

    CRC_OR_COMMUNICATION_ERROR = 0XFF,

};


constexpr uint32_t DELAY_READ{3};

constexpr uint32_t DELAY_WRITE{45};

constexpr uint32_t DELAY_INFO{2};

constexpr uint32_t DELAY_NONCE{16};

constexpr uint32_t DELAY_SELFTEST{200};

constexpr uint32_t DELAY_RANDOM{23};

constexpr uint32_t DELAY_COUNTER{20};

constexpr uint32_t DELAY_GENKEY{115};

constexpr uint32_t DELAY_SIGN{70};

constexpr uint32_t DELAY_SHA{9};

constexpr uint32_t DELAY_ECDH{58};

constexpr uint32_t DELAY_VERIFY{120};


constexpr uint8_t WORD_VALUE_RESET{0x00};

constexpr uint8_t WORD_ADDRESS_VALUE_SLEEP{0x01};

constexpr uint8_t WORD_ADDRESS_VALUE_IDLE{0x02};

constexpr uint8_t WORD_ADDRESS_VALUE_COMMAND{0x03};


constexpr uint8_t OPCODE_READ{0x02};

constexpr uint8_t OPCODE_WRITE{0x12};

constexpr uint8_t OPCODE_NONCE{0x16};

// constexpr uint8_t OPCODE_LOCK{0x17};

constexpr uint8_t OPCODE_RANDOM{0x1B};

constexpr uint8_t OPCODE_COUNTER{0x24};

constexpr uint8_t OPCODE_INFO{0x30};

constexpr uint8_t OPCODE_GENKEY{0x40};

constexpr uint8_t OPCODE_SIGN{0x41};

constexpr uint8_t OPCODE_ECDH{0x43};

constexpr uint8_t OPCODE_VERIFY{0x45};

constexpr uint8_t OPCODE_SHA{0x47};

constexpr uint8_t OPCODE_SELFTEST{0x77};


constexpr uint8_t INFO_MODE_REVISION{0x00};

constexpr uint8_t INFO_MODE_KEYVALID{0x01};

constexpr uint8_t INFO_MODE_DEVICE_STATE{0x02};


constexpr uint8_t NONCE_MODE_RANDOM_UPDATE_SEED{0x00};

constexpr uint8_t NONCE_MODE_RANDOM_NOT_UPDATE_SEED{0x01};

constexpr uint8_t NONCE_MODE_PASSTHROUGH{0x03};

constexpr uint8_t NONCE_MODE_INPUT_64{0x20};


constexpr uint8_t NONCE_MODE_TARGET_TEMPKEY{0x00};

constexpr uint8_t NONCE_MODE_TARGET_DIGEST{0x40};

constexpr uint8_t NONCE_MODE_TARGET_ALTKEY{0x80};


constexpr uint16_t NONCE_USE_TRNG{0x0000};

constexpr uint16_t NONCE_USE_TEMPKEY{0x8000};


constexpr uint8_t RANDOM_MODE_UPDATE_SEED{0x00};

constexpr uint8_t RANDOM_MODE_NOT_UPDATE_SEED{0x01};


constexpr uint8_t SHA_MODE_START{0x00};

constexpr uint8_t SHA_MODE_UPDATE{0x01};

constexpr uint8_t SHA_MODE_FINALIZE{0x02};

constexpr uint8_t SHA_MODE_OUTPUT_TEMPKEY{0x00};

constexpr uint8_t SHA_MODE_OUTPUT_DIGEST{0x40};

constexpr uint8_t SHA_MODE_OUTPUT_BUFFER{0xC0};


// constexpr uint8_t ECDH_MODE_SLOT{0x04};

constexpr uint8_t ECDH_MODE_SRC_SLOT{0x00};

constexpr uint8_t ECDH_MODE_SRC_TEMPKEY{0x01};


constexpr uint8_t ECDH_MODE_ENCRYPT{0x02};


constexpr uint8_t ECDH_MODE_OUTPUT_TEMPKEY{0x08};

constexpr uint8_t ECDH_MODE_OUTPUT_BUFFER{0x0C};

constexpr uint8_t ECDH_MODE_OUTPUT_SLOT{0x04};


constexpr uint8_t GENKEY_MODE_PUBLIC{0x00};

constexpr uint8_t GENKEY_MODE_PRIVATE{0x04};

constexpr uint8_t GENKEY_MODE_DIGEST{0x08};

constexpr uint8_t GENKEY_MODE_PUBLIC_DIGEST{0x10};


constexpr uint8_t SIGN_MODE_INTERNAL{0x00};

constexpr uint8_t SIGN_MODE_INCLUDE_SN{0x40};

constexpr uint8_t SIGN_MODE_EXTERNAL{0x80};


constexpr uint8_t SIGN_MODE_TEMPKEY{0x00};

constexpr uint8_t SIGN_MODE_DIGEST{0x20};


constexpr uint8_t VERIFY_MODE_STORED{0x00};

constexpr uint8_t VERIFY_MODE_EXTERNAL{0x02};


constexpr uint8_t VERIFY_MODE_TEMPKEY{0x00};

constexpr uint8_t VERIFY_MODE_DIGEST{0x20};


constexpr uint8_t VERIFY_MODE_MAC{0x80};


inline uint16_t offset_to_param2_for_config(const uint8_t offset)

{

    const uint8_t block = (offset >> 5) & 0x03;         // 0〜3

    const uint8_t index = ((offset & 31) >> 2) & 0x07;  // 0〜7

    return (block << 3) | index;

}


inline uint16_t slot_block_to_param2(const uint8_t slot, const uint16_t offset)

{

    const uint8_t block       = offset >> 5;         // 0〜2

    const uint8_t word_offset = (offset & 31) >> 2;  // 0〜7

    return (slot << 3) | (block << 8) | word_offset;

}


constexpr inline uint32_t encoded_base64_length(const uint32_t ilen)

{

    return ((ilen + 2) / 3) * 4;

}


bool convertToPEM(char* out, const uint32_t out_len, const uint8_t* der, uint32_t dlen,

                  const char* header = "CERTIFICATE", const char* footer = "CERTIFICATE");


extern const uint8_t template_for_device[];

extern const uint8_t template_for_signer[];

extern const uint32_t template_for_device_size;

extern const uint32_t template_for_signer_size;


class CompCertAccessor {

public:


    struct DateTime {

        int tm_sec;   // 0 to 59

        int tm_min;   // 0 to 59

        int tm_hour;  // 0 to 23

        int tm_mday;  // 1 to 31

        int tm_mon;   // 0 to 11

        int tm_year;  // years since 1900

    };


    explicit CompCertAccessor(const uint8_t* data) : _data(data)

    {

        if (_data) {

            _issue_date  = get_issue_date();

            _expire_date = get_expire_date();

        }

    }


    inline uint8_t format_version() const

    {

        return _data[70] & 0x0F;

    }

    inline uint8_t template_id() const

    {

        return (_data[69] >> 4) & 0x0F;

    }

    inline uint8_t chain_id() const

    {

        return _data[69] & 0x0F;

    }

    inline uint8_t sn_source() const

    {

        return (_data[70] >> 4) & 0x0F;

    }


    inline const uint8_t* signer_id() const

    {

        return _data + 67;

    }


    inline const uint8_t* signature() const

    {

        return _data + 0;

    }

    inline const uint8_t* signature_r() const

    {

        return _data + 0;

    }

    inline const uint8_t* signature_s() const

    {

        return _data + 32;

    }


    inline DateTime issue_date() const

    {

        return _issue_date;

    }

    inline DateTime expire_date() const

    {

        return _expire_date;

    }


private:

    const uint8_t* _data{};

    DateTime _issue_date{}, _expire_date{};


    DateTime get_issue_date() const

    {

        DateTime dt{};

        uint8_t b64     = _data[64];

        uint8_t b65     = _data[65];

        uint8_t b66     = _data[66];

        uint8_t b71     = _data[71];

        uint8_t fmt_ver = format_version();


        if (fmt_ver == 1 || fmt_ver == 2) {

            dt.tm_year = ((((b71 & 0xC0) >> 1) | ((b64 >> 3) & 0x1F)) + 100);

        } else {

            dt.tm_year = ((b64 >> 3) + 100);

        }

        dt.tm_mon  = (((b64 & 0x07) << 1) | ((b65 & 0x80) >> 7)) - 1;

        dt.tm_mday = (b65 & 0x7C) >> 2;

        dt.tm_hour = ((b65 & 0x03) << 3) | ((b66 & 0xE0) >> 5);

        dt.tm_min  = 0;

        dt.tm_sec  = 0;

        return dt;

    }


    DateTime get_expire_date() const

    {

        DateTime dt     = issue_date();

        uint8_t b66     = _data[66];

        uint8_t b71     = _data[71];

        uint8_t fmt_ver = format_version();

        uint8_t expire_years{};


        if (fmt_ver == 1 || fmt_ver == 2) {

            expire_years = (b66 & 0x1F) | ((b71 & 0x30) << 1);

        } else {

            expire_years = b66 & 0x1F;

        }


        if (expire_years != 0) {

            dt.tm_year += expire_years;

        } else {

            // indefinite

            dt.tm_year = 9999 - 1900;

            dt.tm_mon  = 11;

            dt.tm_mday = 31;

            dt.tm_hour = 23;

            dt.tm_min  = 59;

            dt.tm_sec  = 59;

        }

        return dt;

    }

};


}  // namespace atecc608

}  // namespace unit

}  // namespace m5

#endif


#if 0

7:01:52.557 > [   899][E][unit_ATECC608B.cpp:1186] receive_response(): CRC error: C76B != FFFF (count:35 max_read:35)

17:01:52.563 > DUMP:0x3ffb2080 35 bytes

17:01:52.572 > 0x3ffb2080| 23 8F 0F 8F 8F 0F 0F 8F 0F 0F 8F 0F 8F 0F 8F 8F |#...............

17:01:52.578 > 0x3ffb2090| 8F 8F 8F 9F FF FF FF FF FF FF FF FF FF FF FF FF |................

17:01:52.583 > 0x3ffb20a0| FF FF FF                                        |...

17:01:52.589 > [   923][E][PlotToSerial.cpp:237] setup(): readConfigZone NG

17:01:52.590 > [   936][E][unit_ATECC608B.cpp:1210] read_data(): Failed send_command:01 0002

17:01:52.596 > [   941][E][PlotToSerial.cpp:242] setup(): readOTPZone NG

17:01:52.607 > [   941][W][unit_ATECC608B.cpp:596] wakeup_i2c_class(): Wakeup retry 0 err:-5 resp:00,00,00,00

17:01:52.620 > [   962][W][unit_ATECC608B.cpp:596] wakeup_i2c_class(): Wakeup retry 1 err:-5 resp:00,00,00,00

17:01:52.631 > [   972][E][unit_ATECC608B.cpp:1186] receive_response(): CRC error: 2C9E != FFFF (count:35 max_read:35)

17:01:52.637 > DUMP:0x3ffb1ed0 35 bytes

17:01:52.646 > 0x3ffb1ed0| 23 07 31 00 64 FE AF 6E A0 7A 2F F5 96 55 AA 6B |#.1.d..n.z/..U.k

17:01:52.652 > 0x3ffb1ee0| 11 AF 44 A3 1E DF DD 2E 57 E3 96 F0 FF FF FF FF |..D.....W.......

17:01:52.657 > 0x3ffb1ef0| FF FF FF                                        |...

17:01:52.663 > [   997][E][PlotToSerial.cpp:247] setup(): readDataZone NG

17:01:52.671 > [  1013][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.677 > [  1018][E][PlotToSerial.cpp:253] setup(): readKeyValid[1] NG

17:01:52.682 > [  1022][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.688 > [  1027][E][PlotToSerial.cpp:253] setup(): readKeyValid[2] NG

17:01:52.693 > [  1040][W][unit_ATECC608B.cpp:596] wakeup_i2c_class(): Wakeup retry 0 err:-5 resp:00,00,00,00

17:01:52.705 > [  1048][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.710 > [  1053][E][PlotToSerial.cpp:253] setup(): readKeyValid[4] NG

17:01:52.716 > [  1057][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.727 > [  1062][E][PlotToSerial.cpp:253] setup(): readKeyValid[5] NG

17:01:52.732 > [  1071][E][unit_ATECC608B.cpp:1186] receive_response(): CRC error: 0F0E != FFFF (count:7 max_read:7)

17:01:52.738 > DUMP:0x3ffb1f30 7 bytes

17:01:52.747 > 0x3ffb1f30| 07 00 00 0F FF FF FF                            |.......

17:01:52.753 > [  1086][E][PlotToSerial.cpp:253] setup(): readKeyValid[6] NG

17:01:52.760 > [  1104][E][PlotToSerial.cpp:253] setup(): readKeyValid[8] NG

17:01:52.765 > [  1104][W][unit_ATECC608B.cpp:596] wakeup_i2c_class(): Wakeup retry 0 err:-5 resp:00,00,00,00

17:01:52.771 > [  1113][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.776 > [  1118][E][PlotToSerial.cpp:253] setup(): readKeyValid[9] NG

17:01:52.787 > [  1129][W][unit_ATECC608B.cpp:596] wakeup_i2c_class(): Wakeup retry 0 err:-5 resp:00,00,00,00

17:01:52.793 > [  1138][E][PlotToSerial.cpp:253] setup(): readKeyValid[11] NG

17:01:52.798 > [  1138][W][unit_ATECC608B.cpp:596] wakeup_i2c_class(): Wakeup retry 0 err:-5 resp:00,00,00,00

17:01:52.810 > [  1150][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.815 > [  1155][E][PlotToSerial.cpp:253] setup(): readKeyValid[12] NG

17:01:52.821 > [  1162][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.832 > [  1167][E][PlotToSerial.cpp:253] setup(): readKeyValid[13] NG

17:01:52.837 > [  1176][E][unit_ATECC608B.cpp:1186] receive_response(): CRC error: 2552 != 0000 (count:31 max_read:7)

17:01:52.843 > DUMP:0x3ffb1f30 7 bytes

17:01:52.852 > 0x3ffb1f30| 1F FF FF FF FF FF FF                            |.......

17:01:52.858 > [  1191][E][PlotToSerial.cpp:253] setup(): readKeyValid[14] NG

17:01:52.866 > [  1208][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.872 > [  1213][E][PlotToSerial.cpp:259] setup(): readCounter(0) NG

17:01:52.877 > [  1218][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.883 > [  1223][E][PlotToSerial.cpp:262] setup(): readCounter(1) NG

17:01:52.888 > [  1230][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:52.900 > [  1235][E][PlotToSerial.cpp:267] setup(): readDeviceState NG

17:01:53.099 > [  1441][E][unit_ATECC608B.cpp:1173] receive_response(): Failed to read response

17:01:53.105 > [  1446][E][PlotToSerial.cpp:272] setup(): selfTest NG

#endif

m5::unit::atecc608::Source
Source
Data source.
Definition atecc608.hpp:48

m5::unit::atecc608::Source::AlternateKeyBuffer
@ AlternateKeyBuffer
Alternate Key Buffer.

m5::unit::atecc608::Source::ExternalBuffer
@ ExternalBuffer
Any buffer.

m5::unit::atecc608::Source::MsgDigestBuffer
@ MsgDigestBuffer
Message digest buffer.

m5::unit::atecc608::Source::TempKey
@ TempKey
TempKey.

m5::unit::atecc608::Slot
Slot
Slot configuration summary.
Definition atecc608.hpp:26

m5::unit::atecc608::Slot::SecondaryPrivateKey1
@ SecondaryPrivateKey1
Secondary private key for other uses.

m5::unit::atecc608::Slot::SignerCompressedCertificate
@ SignerCompressedCertificate

m5::unit::atecc608::Slot::MACAddress
@ MACAddress
IEEE EUI-48 MAC Address.

m5::unit::atecc608::Slot::PrimaryPrivateKey
@ PrimaryPrivateKey
Primary authentication key.

m5::unit::atecc608::Slot::SignerPublicKey
@ SignerPublicKey
Public key for the CA (signer) that signed the device cert.

m5::unit::atecc608::Slot::InternalSignPrivateKey
@ InternalSignPrivateKey

m5::unit::atecc608::Slot::SecondaryPrivateKey3
@ SecondaryPrivateKey3
Secondary private key for other uses.

m5::unit::atecc608::Slot::DeviceCompressedCertificate
@ DeviceCompressedCertificate
Certificate primary public key in the CryptoAuthentication compressed format.

m5::unit::atecc608::Slot::IOProtectionKey
@ IOProtectionKey
Key used to protect the I2C bus communication (IO) of certain commands.

m5::unit::atecc608::Slot::SecondaryPrivateKey2
@ SecondaryPrivateKey2
Secondary private key for other uses.

m5::unit::atecc608::Slot::GeneralData
@ GeneralData
General purpose data storage (416 bytes)

m5::unit::atecc608::Slot::AESKey
@ AESKey
Intermediate key storage for ECDH and KDF output.

m5::unit::atecc608::slot_block_to_param2
uint16_t slot_block_to_param2(const uint8_t slot, const uint16_t offset)
Conversion slot and block to address for Data zone.
Definition atecc608.hpp:214

m5::unit::atecc608::encoded_base64_length
constexpr uint32_t encoded_base64_length(const uint32_t ilen)
Calculate encoded size (no line break)
Definition atecc608.hpp:222

m5::unit::atecc608::offset_to_param2_for_config
uint16_t offset_to_param2_for_config(const uint8_t offset)
Conversion offset to address for Config,OTP zone.
Definition atecc608.hpp:207

m5::unit::atecc608::Error
Error
Error status.
Definition atecc608.hpp:71

m5::unit::atecc608::CompCertAccessor
Compressed certificate accessor.

atecc608
For ATECC608.

m5
Top level namespace of M5stack.

unit
Unit-related namespace.

m5::unit::atecc608::CompCertAccessor::DateTime
Definition atecc608.hpp:244