Release v3.7.3 (20240131)

Author: Srinivas-E

CMakeLists.txt

@@ -2,10 +2,10 @@ cmake_minimum_required(VERSION 3.1.0)
 project (cryptoauthlib C)
 
 # Set the current release version
-set(VERSION "3.7.0")
+set(VERSION "3.7.3")
 set(VERSION_MAJOR 3)
 set(VERSION_MINOR 7)
-set(VERSION_PATCH 0)
+set(VERSION_PATCH 3)
 
 # Build Options
 option(BUILD_TESTS "Create Test Application with library" OFF)

harmony/config/cryptoauthlib.py

@@ -35,7 +35,7 @@
 _HAL_FILES = ["atca_hal.c", "atca_hal.h"]
 _CORE_PATHS = ['crypto/**/*', 'crypto/*', 'jwt/*', '*']
 _CA_PATHS = ['atcacert/*', 'calib/*', 'host/*']
-_TA_PATHS = ['talib/*']
+_TA_PATHS = ['atcacert/*', 'talib/*']
 _SHA206_PATHS = ['api_206a/*']
 _EXCL_FILES = ['atca_utils_sizes.c']
 

harmony/config/pkcs11.py

@@ -135,6 +135,10 @@ def instantiateComponent(calPkcs11Component):
     calPkcs11MaxCertsCache.setLabel('Maximum number of certificates cached')
     calPkcs11MaxCertsCache.setDefaultValue(5)
 
+    calPkcs11MaxKeyIDsCache = calPkcs11Component.createIntegerSymbol('PKCS11_MAX_KEYS_CACHED', None)
+    calPkcs11MaxKeyIDsCache.setLabel('Maximum number of Key IDs cached')
+    calPkcs11MaxKeyIDsCache.setDefaultValue(5)
+
     calPkcs11MaxConfig = calPkcs11Component.createIntegerSymbol('CAL_PKCS11_MAX_CONFIG', None)
     calPkcs11MaxConfig.setLabel('Maximum number of PKCS11 Config Options')
     calPkcs11MaxConfig.setDefaultValue(7)

harmony/templates/pkcs11_config.h.ftl

@@ -79,6 +79,11 @@
 #define PKCS11_MAX_CERTS_CACHED      ${CAL_PKCS11_MAX_CERTS_CACHED}
 #endif
 
+/** Maximum number of Key ID's allowed to be cached*/
+#ifndef PKCS11_MAX_KEYS_CACHED
+#define PKCS11_MAX_KEYS_CACHED       ${PKCS11_MAX_KEYS_CACHED}
+#endif
+
 /** Maximum number of cryptographic objects allowed to be cached */
 #ifndef PKCS11_MAX_OBJECTS_ALLOWED
 #define PKCS11_MAX_OBJECTS_ALLOWED      ${CAL_PKCS11_MAX_OBJECTS}

lib/atca_basic.c

@@ -3548,7 +3548,7 @@ ATCA_STATUS atcab_sha_hmac_init(atca_hmac_sha256_ctx_t* ctx, uint16_t key_slot)
     ATCA_STATUS status = ATCA_UNIMPLEMENTED;
     ATCADeviceType dev_type = atcab_get_device_type();
 
-    if (atcab_is_ca_device(dev_type))
+    if (atcab_is_ca_device(dev_type) || atcab_is_ca2_device(dev_type))
     {
 #if CALIB_SHA_HMAC_EN
         status = calib_sha_hmac_init(g_atcab_device_ptr, ctx, key_slot);
@@ -3579,7 +3579,7 @@ ATCA_STATUS atcab_sha_hmac_update(atca_hmac_sha256_ctx_t* ctx, const uint8_t* da
     ATCA_STATUS status = ATCA_UNIMPLEMENTED;
     ATCADeviceType dev_type = atcab_get_device_type();
 
-    if (atcab_is_ca_device(dev_type))
+    if (atcab_is_ca_device(dev_type) || atcab_is_ca2_device(dev_type))
     {
 #if CALIB_SHA_HMAC_EN
         status = calib_sha_hmac_update(g_atcab_device_ptr, ctx, data, data_size);
@@ -3613,7 +3613,7 @@ ATCA_STATUS atcab_sha_hmac_finish(atca_hmac_sha256_ctx_t* ctx, uint8_t* digest,
     ATCA_STATUS status = ATCA_UNIMPLEMENTED;
     ATCADeviceType dev_type = atcab_get_device_type();
 
-    if (atcab_is_ca_device(dev_type))
+    if (atcab_is_ca_device(dev_type) || atcab_is_ca2_device(dev_type))
     {
 #if CALIB_SHA_HMAC_EN
         status = calib_sha_hmac_finish(g_atcab_device_ptr, ctx, digest, target);
@@ -3650,7 +3650,7 @@ ATCA_STATUS atcab_sha_hmac_ext(ATCADevice device, const uint8_t* data, size_t da
     ATCA_STATUS status = ATCA_UNIMPLEMENTED;
     ATCADeviceType dev_type = atcab_get_device_type_ext(device);
 
-    if (atcab_is_ca_device(dev_type))
+    if (atcab_is_ca_device(dev_type) || atcab_is_ca2_device(dev_type))
     {
 #if CALIB_SHA_HMAC_EN
         status = calib_sha_hmac(device, data, data_size, key_slot, digest, target);

lib/atca_config_check.h

@@ -124,6 +124,10 @@
 #define ATCACERT_EN             (DEFAULT_ENABLED)
 #endif
 
+#ifndef ATCA_NO_HEAP
+#define ATCA_HEAP
+#endif 
+
 /**** AES command ****/
 
 /** \def ATCAB_AES

lib/atca_version.h

@@ -30,9 +30,9 @@
 #define ATCA_VERSION_H
 
 // Version format yyyymmdd
-#define ATCA_LIBRARY_VERSION_DATE   "20231222"
+#define ATCA_LIBRARY_VERSION_DATE   "20240131"
 #define ATCA_LIBRARY_VERSION_MAJOR  3
 #define ATCA_LIBRARY_VERSION_MINOR  7
-#define ATCA_LIBRARY_VERSION_BUILD  2
+#define ATCA_LIBRARY_VERSION_BUILD  3
 
 #endif /* ATCA_VERSION_H */

lib/atcacert/atcacert_client.c

@@ -33,7 +33,10 @@
 #include "atcacert_der.h"
 #include "atcacert_pem.h"
 #include "cryptoauthlib.h"
+
+#if ATCA_CA_SUPPORT
 #include "calib/calib_basic.h"
+#endif
 
 #if ATCACERT_COMPCERT_EN
 
@@ -146,10 +149,12 @@ ATCA_STATUS atcacert_read_cert_ext(ATCADevice            device,
                                    size_t*               cert_size)
 {
     ATCA_STATUS ret = ATCACERT_E_BAD_PARAMS;
+#if ATCACERT_COMPCERT_EN
     atcacert_device_loc_t device_locs[16];
     size_t device_locs_count = 0;
     size_t i = 0;
     atcacert_build_state_t build_state;
+#endif
 
     if (cert_def == NULL || cert_size == NULL)
     {
@@ -245,9 +250,11 @@ ATCA_STATUS atcacert_write_cert_ext(ATCADevice            device,
                                     size_t                cert_size)
 {
     ATCA_STATUS ret = 0;
+#if ATCACERT_COMPCERT_EN
     atcacert_device_loc_t device_locs[16];
     size_t device_locs_count = 0;
     size_t i = 0;
+#endif
 
     if (cert_def == NULL || cert == NULL)
     {
@@ -511,9 +518,11 @@ ATCA_STATUS atcacert_read_cert_size_ext(ATCADevice            device,
                                         const atcacert_def_t* cert_def,
                                         size_t*               cert_size)
 {
+    ATCA_STATUS ret = ATCACERT_E_SUCCESS;
+#if ATCACERT_COMPCERT_EN
     uint8_t buffer[75];
     size_t buflen = sizeof(buffer);
-    ATCA_STATUS ret = ATCACERT_E_SUCCESS;
+#endif
 
     if ((NULL == cert_def) || (NULL == cert_size))
     {

lib/atcacert/atcacert_def.c

@@ -1131,6 +1131,7 @@ ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def,
     return status;
 }
 
+#if ATCACERT_COMPCERT_EN
 static void uint8_to_hex(uint8_t num, uint8_t* hex_str)
 {
     uint8_t nibble = (num >> 4) & 0x0Fu;
@@ -1154,7 +1155,6 @@ static void uint8_to_hex(uint8_t num, uint8_t* hex_str)
     }
 }
 
-#if ATCACERT_COMPCERT_EN
 ATCA_STATUS atcacert_set_signer_id(const atcacert_def_t* cert_def,
                                    uint8_t*              cert,
                                    size_t                cert_size,
@@ -1172,7 +1172,6 @@ ATCA_STATUS atcacert_set_signer_id(const atcacert_def_t* cert_def,
 
     return atcacert_set_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_SIGNER_ID], cert, cert_size, hex_str, 4);
 }
-#endif
 
 static ATCA_STATUS hex_to_uint8(const uint8_t hex_str[2], uint8_t* num)
 {
@@ -1215,7 +1214,6 @@ static ATCA_STATUS hex_to_uint8(const uint8_t hex_str[2], uint8_t* num)
     return ATCACERT_E_SUCCESS;
 }
 
-#if ATCACERT_COMPCERT_EN
 ATCA_STATUS atcacert_get_signer_id(const atcacert_def_t* cert_def,
                                    const uint8_t*        cert,
                                    size_t                cert_size,

lib/calib/calib_sha.c

@@ -489,25 +489,30 @@ ATCA_STATUS calib_sha_hmac_update(ATCADevice device, atca_hmac_sha256_ctx_t* ctx
  */
 ATCA_STATUS calib_sha_hmac_finish(ATCADevice device, atca_hmac_sha256_ctx_t *ctx, uint8_t* digest, uint8_t target)
 {
-    uint8_t mode = SHA_MODE_HMAC_END;
+    uint8_t mode;
     uint16_t digest_size = 32;
+    ATCADeviceType dev_type = device->mIface.mIfaceCFG->devtype;
 
     if (device == NULL)
     {
         return ATCA_TRACE(ATCA_BAD_PARAM, "NULL pointer received");
     }
 
-    if (ATECC608A == device->mIface.mIfaceCFG->devtype)
+    switch (dev_type)
     {
-        mode = SHA_MODE_608_HMAC_END;
-    }
-    if (atcab_is_ca2_device(device->mIface.mIfaceCFG->devtype))
-    {
-        mode = SHA_MODE_ECC204_HMAC_END;
-    }
-    if (target != SHA_MODE_TARGET_TEMPKEY)
-    {
-        return ATCA_TRACE(ATCA_BAD_PARAM, "Invalid target received");
+        case ATECC608:
+            mode = SHA_MODE_608_HMAC_END;
+            break;
+#if ATCA_CA2_SUPPORT
+        case ECC204:
+        /* fallthrough */
+        case TA010:
+            mode = SHA_MODE_ECC204_HMAC_END;
+            break;
+#endif
+        default:
+            mode = SHA_MODE_HMAC_END;
+            break;
     }
 
     mode |= target;