unit_ATECC608B.hpp

Go to the documentation of this file.

/*
 * SPDX-FileCopyrightText: 2025 M5Stack Technology CO LTD
 *
 * SPDX-License-Identifier: MIT
 */
#ifndef M5_UNIT_CRYPTO_UNIT_ATECC608B_HPP
#define M5_UNIT_CRYPTO_UNIT_ATECC608B_HPP
 
#include "atecc608.hpp"
#include <M5UnitComponent.hpp>
#include <m5_utility/container/circular_buffer.hpp>
#include <array>
#include <limits>
 
namespace m5 {
namespace unit {
 
class UnitATECC608B : public Component {
    M5_UNIT_COMPONENT_HPP_BUILDER(UnitATECC608B, 0x35);
 
public:
    struct config_t {
        bool idle{true};
    };
 
    explicit UnitATECC608B(const uint8_t addr = DEFAULT_ADDRESS) : Component(addr)
    {
        auto ccfg  = component_config();
        ccfg.clock = 400 * 1000U;
        component_config(ccfg);
    }
    virtual ~UnitATECC608B()
    {
    }
 
    virtual bool begin() override;
 
 
    inline config_t config()
    {
        return _cfg;
    }
    inline void config(const config_t& cfg)
    {
        _cfg = cfg;
    }
 
    inline const uint8_t* revision() const
    {
        return _revision.data();
    }
 
    inline uint16_t getSlotSize(const atecc608::Slot slot) const
    {
        return _slotSize[m5::stl::to_underlying(slot)];
    }
 
 
    bool wakeup();
    bool idle();
    bool sleep();
 
 
    inline bool readCounter(uint32_t& value, const uint8_t target)
    {
        return counter(value, target, 0 /*read*/);
    }
    inline bool incrementCounter(uint32_t& value, const uint8_t target)
    {
        return counter(value, target, 1 /* increment */);
    }
 
 
    bool readRevision(uint8_t data[4]);
    bool readKeyValid(bool& valid, const atecc608::Slot slot);
    bool readDeviceState(uint16_t& state);
 
 
    bool createNonce(uint8_t output[32], const uint8_t input[20], const bool useRNG = true,
                     const bool updateSeed = true);
 
    bool writeNonce32(const atecc608::Destination dest, const uint8_t input[32])
    {
        return write_nonce(dest, input, 32);
    }
    bool writeNonce64(const atecc608::Destination dest, const uint8_t input[64])
    {
        return write_nonce(dest, input, 64);
    }
 
 
    bool readRandomArray(uint8_t data[32], const bool updateSeed = true);
    template <typename T, typename std::enable_if<std::is_integral<T>::value, std::nullptr_t>::type = nullptr>
    bool readRandom(T& value, const T lower, const T upper)
    {
        static_assert(sizeof(T) <= 32, "readRandom only supports types up to 32 bytes");
        value = lower;
        if (upper <= lower) {
            M5_LIB_LOGE("lower must be less than upper");
            return false;
        }
 
        using U       = typename std::make_unsigned<T>::type;
        const U range = static_cast<U>(upper - lower);
        const U limit = std::numeric_limits<U>::max() - (std::numeric_limits<U>::max() % range);
        uint8_t rv[32]{};
        uint_fast8_t offset{};
        while (true) {
            if (!readRandomArray(rv)) {
                return false;
            }
            offset = 0;
            while (offset + sizeof(U) <= 32) {
                U raw{};
                memcpy(&raw, rv + offset, sizeof(U));
                offset += sizeof(U);
 
                if (raw > limit) {  // Rejection sampling
                    continue;
                }
                value = static_cast<T>(lower + (raw % range));
                return true;
            }
        }
        return false;
    }
    template <typename T, typename std::enable_if<std::is_floating_point<T>::value, std::nullptr_t>::type = nullptr>
    bool readRandom(T& value, const T lower, const T upper)
    {
        value = std::numeric_limits<T>::quiet_NaN();
        if (upper <= lower) {
            M5_LIB_LOGE("lower must be less than upper");
            return false;
        }
        uint8_t rv[32]{};
        if (!readRandomArray(rv)) {
            return false;
        }
        uint32_t raw{};
        memcpy(&raw, rv, sizeof(uint32_t));  // use first 4 bytes
 
        // convert to [0.0, 1.0)
        constexpr double norm = 1.0 / static_cast<double>(std::numeric_limits<uint32_t>::max());
        double r              = static_cast<double>(raw) * norm;
        value                 = static_cast<T>(lower + r * static_cast<double>(upper - lower));
        return std::isfinite(value);
    }
    template <typename T, typename std::enable_if<std::is_integral<T>::value, std::nullptr_t>::type = nullptr>
    inline bool readRandom(T& value)
    {
        return readRandom(value, std::numeric_limits<T>::lowest(), std::numeric_limits<T>::max());
    }
    template <typename T, typename std::enable_if<std::is_floating_point<T>::value, std::nullptr_t>::type = nullptr>
    inline bool readRandom(T& value)
    {
        return readRandom(value, std::numeric_limits<T>::lowest(), std::numeric_limits<T>::max());
    }
 
 
    bool readConfigZone(uint8_t config[128]);
 
    bool readSerialNumber(uint8_t sn[9]);
    bool readSerialNumber(char str[19]);
 
    bool readZoneLocked(bool& configLocked, bool& dataLocked);
    bool readSlotLocked(uint16_t& slotLockedBits);
    inline bool readSlotConfig(uint16_t& cfg, const atecc608::Slot slot)
    {
        constexpr uint8_t SLOT_CONFIG_BASE{20};  // Offset in ConfigZone
        return read_slot_config_word(cfg, SLOT_CONFIG_BASE, slot);
    }
    inline bool readKeyConfig(uint16_t& cfg, const atecc608::Slot slot)
    {
        constexpr uint8_t KEY_CONFIG_BASE{96};  // Offset in ConfigZone
        return read_slot_config_word(cfg, KEY_CONFIG_BASE, slot);
    }
 
    bool readDataZone(uint8_t* data, const uint16_t len, const atecc608::Slot slot);
 
    bool readOTPZone(uint8_t otp[64]);
 
 
    bool selfTest(uint8_t resultBits, const uint8_t testBits = 0x3D /* All */);
 
 
    bool startSHA256();
    bool updateSHA256(const uint8_t* msg, const uint32_t mlen);
    bool finalizeSHA256(const atecc608::Destination dest, uint8_t digest[32]);
    inline bool SHA256(const atecc608::Destination dest, uint8_t digest[32], const uint8_t* msg, const uint32_t mlen)
    {
        return startSHA256() && updateSHA256(msg, mlen) && finalizeSHA256(dest, digest);
    }
 
 
    inline bool ECDHStoredKey(uint8_t out[32], const atecc608::Slot slot, const uint8_t pubKey[64])
    {
        using namespace m5::unit::atecc608;
        return ecdh_receive32(out, ECDH_MODE_SRC_SLOT | ECDH_MODE_OUTPUT_BUFFER, m5::stl::to_underlying(slot), pubKey);
    }
    inline bool ECDHStoredKey(uint8_t out[32], uint8_t nonce[32], const atecc608::Slot slot, const uint8_t pubKey[64])
    {
        using namespace m5::unit::atecc608;
        return ecdh_receive32x2(out, nonce, ECDH_MODE_SRC_SLOT | ECDH_MODE_OUTPUT_BUFFER | ECDH_MODE_ENCRYPT,
                                m5::stl::to_underlying(slot), pubKey);
    }
    inline bool ECDHStoredKey(const atecc608::Slot slot, const uint8_t pubKey[64])
    {
        using namespace m5::unit::atecc608;
        return ecdh_no_output(ECDH_MODE_SRC_SLOT | ECDH_MODE_OUTPUT_TEMPKEY, m5::stl::to_underlying(slot), pubKey);
    }
    inline bool ECDHTempKey(uint8_t out[32], const uint8_t pubKey[64])
    {
        using namespace m5::unit::atecc608;
        return ecdh_receive32(out, ECDH_MODE_SRC_TEMPKEY | ECDH_MODE_OUTPUT_BUFFER, 0x0000, pubKey);
    }
    inline bool ECDHTempKey(uint8_t out[32], uint8_t nonce[32], const uint8_t pubKey[64])
    {
        using namespace m5::unit::atecc608;
        return ecdh_receive32x2(out, nonce, ECDH_MODE_SRC_TEMPKEY | ECDH_MODE_OUTPUT_BUFFER | ECDH_MODE_ENCRYPT, 0x0000,
                                pubKey);
    }
    inline bool ECDHTempKey(const uint8_t pubKey[64])
    {
        using namespace m5::unit::atecc608;
        return ecdh_no_output(ECDH_MODE_SRC_TEMPKEY | ECDH_MODE_OUTPUT_TEMPKEY, 0x0000, pubKey);
    }
    bool ECDHTempKey(const atecc608::Slot slot, const uint8_t pubKey[64])
    {
        using namespace m5::unit::atecc608;
        return ecdh_no_output(ECDH_MODE_SRC_TEMPKEY | ECDH_MODE_OUTPUT_SLOT, m5::stl::to_underlying(slot), pubKey);
    }
 
 
    inline bool generatePrivateKey(const atecc608::Slot slot, uint8_t pubKey[64], const bool digest = false)
    {
        using namespace m5::unit::atecc608;
        return generate_key(pubKey, GENKEY_MODE_PRIVATE | (digest ? GENKEY_MODE_DIGEST : 0x00),
                            m5::stl::to_underlying(slot));
    }
    bool generateKey(uint8_t pubKey[64]);
    inline bool generatePublicKey(uint8_t pubKey[64], const atecc608::Slot slot, const bool digest = false)
    {
        using namespace m5::unit::atecc608;
        return generate_key(pubKey, GENKEY_MODE_PUBLIC | (digest ? GENKEY_MODE_DIGEST : 0x00),
                            m5::stl::to_underlying(slot));
    }
    bool generatePublicKeyDigest(const atecc608::Slot slot, const uint8_t otherData[3] = nullptr);
 
 
    inline bool signInternal(uint8_t signature[64], const atecc608::Slot slot, const atecc608::Source src,
                             const bool includeSerial = false)
    {
        using namespace m5::unit::atecc608;
        return sign(signature, (SIGN_MODE_INTERNAL | (includeSerial ? SIGN_MODE_INCLUDE_SN : 0x00)),
                    m5::stl::to_underlying(slot), src);
    }
    inline bool signExternal(uint8_t signature[64], const atecc608::Slot slot, const atecc608::Source src,
                             const bool includeSerial = false)
    {
        using namespace m5::unit::atecc608;
        return sign(signature, (SIGN_MODE_EXTERNAL | (includeSerial ? SIGN_MODE_INCLUDE_SN : 0x00)),
                    m5::stl::to_underlying(slot), src);
    }
 
 
    inline bool verifyExternal(uint8_t mac[32], const uint8_t signature[64], const uint8_t pubKey[64],
                               const atecc608::Source src)
    {
        using namespace m5::unit::atecc608;
        return verify(mac, VERIFY_MODE_EXTERNAL | (mac ? VERIFY_MODE_MAC : 0x00), 0x0004 /* P256 */, signature, pubKey,
                      src);
    }
    inline bool verifyStored(uint8_t mac[32], const uint8_t signature[64], const atecc608::Slot slot,
                             const atecc608::Source src)
    {
        using namespace m5::unit::atecc608;
        return verify(mac, VERIFY_MODE_STORED | (mac ? VERIFY_MODE_MAC : 0x00), m5::stl::to_underlying(slot), signature,
                      nullptr, src);
    }
 
    // @todo UpdateExtra, Write, AES, CheckMac, GenDig, KDF, MAC command support
 
protected:
    virtual bool begin_impl();
 
    bool send_command(const uint8_t opcode, const uint8_t param1 = 0, const uint16_t param2 = 0,
                      const uint8_t* data = nullptr, uint32_t dlen = 0);
    bool receive_response(uint8_t* data, const uint32_t dlen);
 
    bool counter(uint32_t& value, const uint8_t counter, const uint8_t mode);
 
    bool write_nonce(const atecc608::Destination dest, const uint8_t* input, const uint32_t ilen);
 
    bool read_data(uint8_t* rbuf, const uint32_t rlen, const uint8_t zone, const uint16_t address,
                   const uint32_t delayMs = 3 /* read default */);
    bool read_slot_config_word(uint16_t& cfg, const uint8_t baseOffset, const atecc608::Slot slot);
 
    virtual bool ecdh_receive32(uint8_t out[32], const uint8_t mode, const uint16_t param2, const uint8_t pubKey[64]);
    virtual bool ecdh_receive32x2(uint8_t out[32], uint8_t nonce[32], const uint8_t mode, const uint16_t param2,
                                  const uint8_t pubKey[64]);
    virtual bool ecdh_no_output(const uint8_t mode, const uint16_t param2, const uint8_t pubKey[64]);
 
    virtual bool generate_key(uint8_t pubKey[64], const uint8_t mode, const uint16_t param2 = 0x0000,
                              const uint8_t* data = nullptr, const uint32_t dlen = 0);
    virtual bool sign(uint8_t signature[64], const uint8_t mode, const uint16_t param2, const atecc608::Source src);
 
    bool verify(uint8_t mac[32], const uint8_t mode, const uint16_t param2, const uint8_t signature[64],
                const uint8_t pubKey[64], const atecc608::Source src);
 
private:
    config_t _cfg{};
    std::array<uint8_t, 4> _revision{};
    std::array<uint16_t, 16> _slotSize{
        36,  36, 36, 36, 36, 36, 36, 36,  // slot 0〜7
        416,                              // slot 8
        72,  72, 72, 72, 72, 72, 72       // slot 9〜15
    };
};
 
}  // namespace unit
}  // namespace m5
#endif