Merge branch 'secchip-interface'

Author: benma

src/CMakeLists.txt

@@ -143,6 +143,7 @@ set(PLATFORM-BITBOX02-SOURCES ${PLATFORM-BITBOX02-SOURCES} PARENT_SCOPE)
 
 set(SECURECHIP-SOURCES
   ${CMAKE_SOURCE_DIR}/src/atecc/atecc.c
+  ${CMAKE_SOURCE_DIR}/src/securechip/securechip.c
 )
 set(SECURECHIP-SOURCES ${SECURECHIP-SOURCES} PARENT_SCOPE)
 

src/atecc/atecc.c

@@ -14,6 +14,7 @@
 
 #include "atecc.h"
 #include "hardfault.h"
+#include "securechip/securechip.h"
 #include <i2c_ecc.h>
 #include <util.h>
 
@@ -90,7 +91,7 @@ typedef union {
 
 #pragma GCC diagnostic pop
 
-static const atecc_interface_functions_t* _interface_functions = NULL;
+static const securechip_interface_functions_t* _interface_functions = NULL;
 
 /** \brief initialize an I2C interface using given config.
  * \param[in] hal - opaque ptr to HAL data
@@ -378,7 +379,7 @@ static int _verify_config(void)
     return ATCA_SUCCESS;
 }
 
-int atecc_setup(const atecc_interface_functions_t* ifs)
+int atecc_setup(const securechip_interface_functions_t* ifs)
 {
     if (ifs == NULL) {
         return ATECC_ERR_IFS;
@@ -781,7 +782,7 @@ bool atecc_u2f_counter_inc(uint32_t* counter)
 }
 #endif
 
-bool atecc_model(atecc_model_t* model_out)
+bool atecc_model(securechip_model_t* model_out)
 {
     uint8_t revision[4] = {0};
     if (atcab_info(revision) != ATCA_SUCCESS) {

src/atecc/atecc.h

@@ -16,6 +16,7 @@
 #define _ATECC_H_
 
 #include "compiler_util.h"
+#include "securechip/securechip.h"
 #include <platform/platform_config.h>
 #include <stdbool.h>
 #include <stddef.h>
@@ -32,23 +33,6 @@ typedef enum {
     ATECC_ERR_INVALID_ARGS = -8,
 } atecc_error_t;
 
-typedef struct {
-    /**
-     * @param[out] key_out must be of size 32
-     */
-    void (*const get_auth_key)(uint8_t* key_out);
-    /**
-     * @param[out] key_out must be of size 32
-     */
-    void (*const get_io_protection_key)(uint8_t* key_out);
-    /**
-     * @param[out] key_out must be of size 32
-     */
-    void (*const get_encryption_key)(uint8_t* key_out);
-
-    void (*const random_32_bytes)(uint8_t* buf);
-} atecc_interface_functions_t;
-
 /**
  * Initializes the cryptoauthlib communication, by providing a custom i2c chip
  * communication interface/bridge to cryptoauthlib. On first call, the chip
@@ -57,7 +41,7 @@ typedef struct {
  * @return values of `atecc_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on
  * success.
  */
-USE_RESULT int atecc_setup(const atecc_interface_functions_t* ifs);
+USE_RESULT int atecc_setup(const securechip_interface_functions_t* ifs);
 
 /**
  * Updates the two KDF keys (rollkey and kdf key). The previous keys are lost
@@ -150,16 +134,11 @@ USE_RESULT bool atecc_u2f_counter_set(uint32_t counter);
 USE_RESULT bool atecc_u2f_counter_inc(uint32_t* counter);
 #endif
 
-typedef enum {
-    ATECC_ATECC608A,
-    ATECC_ATECC608B,
-} atecc_model_t;
-
 /**
  * Output the atecc model.
  * @param[out] model_out atecc model
  * @return True if success
  */
-USE_RESULT bool atecc_model(atecc_model_t* model_out);
+USE_RESULT bool atecc_model(securechip_model_t* model_out);
 
 #endif

src/common_main.c

@@ -13,7 +13,6 @@
 // limitations under the License.
 
 #include "common_main.h"
-#include "atecc/atecc.h"
 #include "driver_init.h"
 #include "flags.h"
 #include "hardfault.h"
@@ -23,6 +22,7 @@
 #include "memory/smarteeprom.h"
 #include "random.h"
 #include "screen.h"
+#include "securechip/securechip.h"
 #include "util.h"
 #include <wally_core.h>
 
@@ -45,7 +45,7 @@ static const memory_interface_functions_t _memory_interface_functions = {
     .random_32_bytes = random_32_bytes_mcu,
 };
 
-static const atecc_interface_functions_t _securechip_interface_functions = {
+static const securechip_interface_functions_t _securechip_interface_functions = {
     .get_auth_key = memory_get_authorization_key,
     .get_io_protection_key = memory_get_io_protection_key,
     .get_encryption_key = memory_get_encryption_key,
@@ -83,9 +83,12 @@ void common_main(void)
     /* Enable/configure SmartEEPROM. */
     smarteeprom_bb02_config();
 
+    if (!securechip_init()) {
+        AbortAutoenter("Failed to detect securechip");
+    }
     // securechip_setup must come after memory_setup, so the io/auth keys to be
     // used are already initialized.
-    int securechip_result = atecc_setup(&_securechip_interface_functions);
+    int securechip_result = securechip_setup(&_securechip_interface_functions);
     if (securechip_result) {
         char errmsg[100] = {0};
         snprintf(

src/factorysetup.c

@@ -12,14 +12,14 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#include "atecc/atecc.h"
 #include "common_main.h"
 #include "driver_init.h"
 #include "flags.h"
 #include "hardfault.h"
 #include "memory/memory.h"
 #include "platform_init.h"
 #include "screen.h"
+#include "securechip/securechip.h"
 #include "usb/usb.h"
 #include "usb/usb_packet.h"
 #include "usb/usb_processing.h"
@@ -210,7 +210,7 @@ static void _api_msg(const uint8_t* input, size_t in_len, uint8_t* output, size_
     case OP_GENKEY: {
         screen_print_debug("generating pubkey...", 0);
         uint8_t pubkey[64];
-        if (!atecc_gen_attestation_key(pubkey)) {
+        if (!securechip_gen_attestation_key(pubkey)) {
             screen_print_debug("generating pubkey\nfailed", 0);
             result = ERR_FAILED;
             break;
@@ -277,13 +277,13 @@ static void _api_msg(const uint8_t* input, size_t in_len, uint8_t* output, size_
         screen_print_debug("DONE", 0);
         break;
     case OP_SC_ROLLKEYS:
-        if (!atecc_update_keys()) {
+        if (!securechip_update_keys()) {
             screen_print_debug("rollkeys: failed", 0);
             result = ERR_FAILED;
             break;
         }
         screen_print_debug("rollkeys: success", 100);
-        if (!atecc_u2f_counter_set(0)) {
+        if (!securechip_u2f_counter_set(0)) {
             screen_print_debug("reset u2f counter", 0);
             result = ERR_FAILED;
             break;

src/keystore.c

@@ -14,7 +14,6 @@
 
 #include <string.h>
 
-#include "atecc/atecc.h"
 #include "cipher/cipher.h"
 #include "hardfault.h"
 #include "keystore.h"
@@ -23,6 +22,7 @@
 #include "random.h"
 #include "reset.h"
 #include "salt.h"
+#include "securechip/securechip.h"
 #include "util.h"
 
 #include <rust/rust.h>
@@ -72,7 +72,7 @@ USE_RESULT static keystore_error_t _stretch_retained_seed_encryption_key(
     if (!salt_hash_data(encryption_key, 32, purpose_in, salted_hashed)) {
         return KEYSTORE_ERR_SALT;
     }
-    if (atecc_kdf(salted_hashed, 32, out)) {
+    if (securechip_kdf(salted_hashed, 32, out)) {
         return KEYSTORE_ERR_SECURECHIP;
     }
     if (!salt_hash_data(encryption_key, 32, purpose_out, salted_hashed)) {
@@ -188,7 +188,7 @@ static keystore_error_t _stretch_password(
     memcpy(kdf_in, password_salted_hashed, 32);
 
     // First KDF on rollkey increments the monotonic counter. Call only once!
-    int securechip_result = atecc_kdf_rollkey(kdf_in, 32, kdf_out);
+    int securechip_result = securechip_kdf_rollkey(kdf_in, 32, kdf_out);
     if (securechip_result) {
         if (securechip_result_out != NULL) {
             *securechip_result_out = securechip_result;
@@ -198,7 +198,7 @@ static keystore_error_t _stretch_password(
     // Second KDF does not use the counter and we call it multiple times.
     for (int i = 0; i < KDF_NUM_ITERATIONS; i++) {
         memcpy(kdf_in, kdf_out, 32);
-        securechip_result = atecc_kdf(kdf_in, 32, kdf_out);
+        securechip_result = securechip_kdf(kdf_in, 32, kdf_out);
         if (securechip_result) {
             if (securechip_result_out != NULL) {
                 *securechip_result_out = securechip_result;
@@ -302,7 +302,7 @@ keystore_error_t keystore_encrypt_and_store_seed(
     // Update the two kdf keys before setting a new password. This already
     // happens on a device reset, but we do it here again anyway so the keys are
     // initialized also on first use, reducing trust in the factory setup.
-    if (!atecc_update_keys()) {
+    if (!securechip_update_keys()) {
         return KEYSTORE_ERR_SECURECHIP;
     }
     uint8_t secret[32] = {0};

src/memory/memory_shared.c

@@ -51,3 +51,8 @@ uint8_t memory_get_screen_type(void)
         return MEMORY_SCREEN_TYPE_SH1107;
     }
 }
+
+uint8_t memory_get_securechip_type(void)
+{
+    return MEMORY_SECURECHIP_TYPE_ATECC;
+}

src/memory/memory_shared.h

@@ -102,4 +102,8 @@ void memory_read_shared_bootdata(chunk_shared_t* chunk_out);
  */
 USE_RESULT uint8_t memory_get_screen_type(void);
 
+#define MEMORY_SECURECHIP_TYPE_ATECC 0xFF
+#define MEMORY_SECURECHIP_TYPE_OPTIGA 0x01
+USE_RESULT uint8_t memory_get_securechip_type(void);
+
 #endif

src/random.c

@@ -15,9 +15,9 @@
 #include <stdio.h>
 #include <string.h>
 #ifndef TESTING
-#include "atecc/atecc.h"
 #include "driver_init.h"
 #include "flags.h"
+#include "securechip/securechip.h"
 #include <hal_rand_sync.h>
 #endif
 #include "hardfault.h"
@@ -72,8 +72,8 @@ static void random_32_bytes_sec(uint8_t* buf)
         random[i] = rand();
     }
 #else
-    if (!atecc_random(random)) {
-        Abort("Abort: atecc_random");
+    if (!securechip_random(random)) {
+        Abort("Abort: securechip_random");
     }
 #endif
     for (size_t i = 0; i < sizeof(random); i++) {

src/reset.c

@@ -20,7 +20,7 @@
 #include "memory/smarteeprom.h"
 
 #ifndef TESTING
-#include "atecc/atecc.h"
+#include "securechip/securechip.h"
 #include <driver_init.h>
 #include <hal_delay.h>
 #include <ui/components/status.h>
@@ -50,7 +50,7 @@ void reset_reset(bool status)
 #if !defined(TESTING)
     bool sc_result_update_keys = false;
     for (int retries = 0; retries < 5; retries++) {
-        sc_result_update_keys = atecc_update_keys();
+        sc_result_update_keys = securechip_update_keys();
         if (sc_result_update_keys) {
             break;
         }
@@ -61,7 +61,7 @@ void reset_reset(bool status)
 #if APP_U2F == 1
     bool sc_result_u2f_counter_set = false;
     for (int retries = 0; retries < 5; retries++) {
-        sc_result_u2f_counter_set = atecc_u2f_counter_set(0);
+        sc_result_u2f_counter_set = securechip_u2f_counter_set(0);
         if (sc_result_u2f_counter_set) {
             break;
         }

src/rust/bitbox02-sys/build.rs

@@ -125,10 +125,10 @@ const ALLOWLIST_FNS: &[&str] = &[
     "sd_write_bin",
     "sdcard_create",
     "secp256k1_ecdsa_anti_exfil_host_commit",
-    "atecc_attestation_sign",
-    "atecc_model",
-    "atecc_monotonic_increments_remaining",
-    "atecc_u2f_counter_set",
+    "securechip_attestation_sign",
+    "securechip_model",
+    "securechip_monotonic_increments_remaining",
+    "securechip_u2f_counter_set",
     "smarteeprom_bb02_config",
     "status_create",
     "trinary_choice_create",
@@ -150,7 +150,7 @@ const RUSTIFIED_ENUMS: &[&str] = &[
     "memory_result_t",
     "multisig_script_type_t",
     "output_type_t",
-    "atecc_model_t",
+    "securechip_model_t",
     "simple_type_t",
     "trinary_choice_t",
 ];

src/rust/bitbox02-sys/wrapper.h

@@ -12,7 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#include <atecc/atecc.h>
 #include <bip32.h>
 #include <keystore.h>
 #include <memory/bitbox02_smarteeprom.h>
@@ -24,6 +23,7 @@
 #include <sd.h>
 #include <secp256k1_ecdsa_adaptor.h>
 #include <secp256k1_ecdsa_s2c.h>
+#include <securechip/securechip.h>
 #include <system.h>
 #include <time.h>
 #include <ui/components/confirm.h>

src/rust/bitbox02/src/securechip.rs

@@ -12,11 +12,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-pub use bitbox02_sys::atecc_model_t as Model;
+pub use bitbox02_sys::securechip_model_t as Model;
 
 pub fn attestation_sign(challenge: &[u8; 32], signature: &mut [u8; 64]) -> Result<(), ()> {
     match unsafe {
-        bitbox02_sys::atecc_attestation_sign(challenge.as_ptr(), signature.as_mut_ptr())
+        bitbox02_sys::securechip_attestation_sign(challenge.as_ptr(), signature.as_mut_ptr())
     } {
         true => Ok(()),
         false => Err(()),
@@ -25,7 +25,7 @@ pub fn attestation_sign(challenge: &[u8; 32], signature: &mut [u8; 64]) -> Resul
 
 pub fn monotonic_increments_remaining() -> Result<u32, ()> {
     let mut result: u32 = 0;
-    match unsafe { bitbox02_sys::atecc_monotonic_increments_remaining(&mut result as _) } {
+    match unsafe { bitbox02_sys::securechip_monotonic_increments_remaining(&mut result as _) } {
         true => Ok(result),
         false => Err(()),
     }
@@ -34,7 +34,7 @@ pub fn monotonic_increments_remaining() -> Result<u32, ()> {
 #[cfg(feature = "app-u2f")]
 #[cfg(not(feature = "testing"))]
 pub fn u2f_counter_set(counter: u32) -> Result<(), ()> {
-    match unsafe { bitbox02_sys::atecc_u2f_counter_set(counter) } {
+    match unsafe { bitbox02_sys::securechip_u2f_counter_set(counter) } {
         true => Ok(()),
         false => Err(()),
     }
@@ -48,7 +48,7 @@ pub fn u2f_counter_set(_counter: u32) -> Result<(), ()> {
 
 pub fn model() -> Result<Model, ()> {
     let mut ver = core::mem::MaybeUninit::uninit();
-    match unsafe { bitbox02_sys::atecc_model(ver.as_mut_ptr()) } {
+    match unsafe { bitbox02_sys::securechip_model(ver.as_mut_ptr()) } {
         true => Ok(unsafe { ver.assume_init() }),
         false => Err(()),
     }