Skip to content

Commit 9dad31a

Browse files
bryan-huntbryan-hunt
committed
Release v3.6.0 (20230404)
1 parent 86b3046 commit 9dad31a

161 files changed

Lines changed: 6183 additions & 4747 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

CMakeLists.txt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@ cmake_minimum_required(VERSION 3.1.0)
22
project (cryptoauthlib C)
33

44
# Set the current release version
5-
set(VERSION "3.5.1")
5+
set(VERSION "3.6.0")
66
set(VERSION_MAJOR 3)
7-
set(VERSION_MINOR 5)
8-
set(VERSION_PATCH 1)
7+
set(VERSION_MINOR 6)
8+
set(VERSION_PATCH 0)
99

1010
# Build Options
1111
option(BUILD_TESTS "Create Test Application with library" OFF)

SECURITY.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,11 @@ The previous API version is maintained for a year after a new version is release
1212

1313
| Version | Supported | Notes |
1414
| ------- | ------------------ | ----- |
15-
| 3.4.x | :heavy_check_mark: | |
16-
| 3.3.x | :heavy_check_mark: | |
17-
| 3.2.x | :x: | Security updates until January 2022 |
15+
| 3.6.x | :heavy_check_mark: | |
16+
| 3.5.x | :heavy_check_mark: | Support Ends April 4 2024 |
17+
| 3.4.x | :heavy_check_mark: | Support Ends March 14 2024 |
18+
| 3.3.x | :x: | |
19+
| 3.2.x | :x: | |
1820
| < 3.2 | :x: | |
1921

2022
## Reporting a Vulnerability

app/api_206a/api_206a.c

Lines changed: 59 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -58,28 +58,28 @@ ATCA_STATUS sha206a_diversify_parent_key(uint8_t* parent_key, uint8_t* diversifi
5858
break;
5959
}
6060

61-
memcpy(p_temp, parent_key, ATCA_KEY_SIZE);
61+
(void)memcpy(p_temp, parent_key, ATCA_KEY_SIZE);
6262
p_temp += ATCA_KEY_SIZE;
6363

6464
*p_temp++ = ATCA_DERIVE_KEY;
6565
*p_temp++ = param1;
66-
*p_temp++ = param2 & 0xFF;
67-
*p_temp++ = (param2 >> 8) & 0xFF;
66+
*p_temp++ = (uint8_t)(param2 & 0xFFu);
67+
*p_temp++ = (uint8_t)((param2 >> 8) & 0xFFu);
6868
*p_temp++ = sn[8];
6969
*p_temp++ = sn[0];
7070
*p_temp++ = sn[1];
71-
memset(p_temp, 0, 25);
71+
(void)memset(p_temp, 0, 25);
7272
p_temp += 25;
73-
memcpy(p_temp, sn, sizeof(sn));
73+
(void)memcpy(p_temp, sn, sizeof(sn));
7474
p_temp += sizeof(sn);
75-
memset(p_temp, 0, 23);
75+
(void)memset(p_temp, 0, 23);
7676

77-
if ((status = atcac_sw_sha2_256(sha_data, sizeof(sha_data), diversified_key)) != ATCA_SUCCESS)
77+
if ((status = (ATCA_STATUS)atcac_sw_sha2_256(sha_data, sizeof(sha_data), diversified_key)) != ATCA_SUCCESS)
7878
{
7979
break;
8080
}
8181
}
82-
while (0);
82+
while (false);
8383

8484
return status;
8585
}
@@ -97,7 +97,7 @@ ATCA_STATUS sha206a_generate_derive_key(uint8_t* parent_key, uint8_t* derived_ke
9797
uint8_t* p_temp = sha_data;
9898
uint8_t sn[9];
9999

100-
if ((parent_key == NULL) || (derived_key == NULL) || (param1 == 0xFF))
100+
if ((parent_key == NULL) || (derived_key == NULL) || (param1 == 0xFFu))
101101
{
102102
return ATCA_BAD_PARAM;
103103
}
@@ -114,23 +114,23 @@ ATCA_STATUS sha206a_generate_derive_key(uint8_t* parent_key, uint8_t* derived_ke
114114
break;
115115
}
116116

117-
memcpy(p_temp, parent_key, ATCA_KEY_SIZE);
117+
(void)memcpy(p_temp, parent_key, ATCA_KEY_SIZE);
118118
p_temp += ATCA_KEY_SIZE;
119119
*p_temp++ = ATCA_DERIVE_KEY;
120120
*p_temp++ = param1;
121-
*p_temp++ = param2 & 0xFF;
122-
*p_temp++ = (param2 >> 8) & 0xFF;
121+
*p_temp++ = (uint8_t)(param2 & 0xFFu);
122+
*p_temp++ = (uint8_t)((param2 >> 8) & 0xFFu);
123123
*p_temp++ = sn[8];
124124
*p_temp++ = sn[0];
125125
*p_temp++ = sn[1];
126-
memset(p_temp, 0, (25 + 32));
126+
(void)memset(p_temp, 0, (25 + 32));
127127

128-
if ((status = atcac_sw_sha2_256(sha_data, sizeof(sha_data), derived_key)) != ATCA_SUCCESS)
128+
if ((status = (ATCA_STATUS)atcac_sw_sha2_256(sha_data, sizeof(sha_data), derived_key)) != ATCA_SUCCESS)
129129
{
130130
break;
131131
}
132132
}
133-
while (0);
133+
while (false);
134134

135135
return status;
136136
}
@@ -161,30 +161,30 @@ ATCA_STATUS sha206a_generate_challenge_response_pair(uint8_t* key, uint8_t* chal
161161
break;
162162
}
163163

164-
memcpy(p_temp, key, ATCA_KEY_SIZE);
164+
(void)memcpy(p_temp, key, ATCA_KEY_SIZE);
165165
p_temp += ATCA_KEY_SIZE;
166-
memcpy(p_temp, challenge, ATCA_KEY_SIZE);
166+
(void)memcpy(p_temp, challenge, ATCA_KEY_SIZE);
167167
p_temp += ATCA_KEY_SIZE;
168168
*p_temp++ = ATCA_MAC;
169169
*p_temp++ = param1;
170-
*p_temp++ = param2 & 0xFF;
171-
*p_temp++ = (param2 >> 8) & 0xFF;
172-
memset(p_temp, 0, (8 + 3));
170+
*p_temp++ = (uint8_t)(param2 & 0xFFu);
171+
*p_temp++ = (uint8_t)((param2 >> 8) & 0xFFu);
172+
(void)memset(p_temp, 0, (8 + 3));
173173
p_temp += (8 + 3);
174174
*p_temp++ = sn[8];
175-
memset(p_temp, 0, 4);
175+
(void)memset(p_temp, 0, 4);
176176
p_temp += 4;
177177
*p_temp++ = sn[0];
178178
*p_temp++ = sn[1];
179-
memset(p_temp, 0, 2);
179+
(void)memset(p_temp, 0, 2);
180180

181-
if ((status = atcac_sw_sha2_256(sha_data, sizeof(sha_data), response)) != ATCA_SUCCESS)
181+
if ((status = (ATCA_STATUS)atcac_sw_sha2_256(sha_data, sizeof(sha_data), response)) != ATCA_SUCCESS)
182182
{
183183
break;
184184
}
185185

186186
}
187-
while (0);
187+
while (false);
188188

189189
return status;
190190
}
@@ -224,18 +224,22 @@ ATCA_STATUS sha206a_authenticate(uint8_t* challenge, uint8_t* expected_response,
224224
break;
225225
}
226226
}
227+
else
228+
{
229+
/* do nothing */
230+
}
227231

228232
if ((status = atcab_mac(0x00, ATCA_SHA206A_SYMMETRIC_KEY_ID_SLOT, challenge, digest)) != ATCA_SUCCESS)
229233
{
230234
break;
231235
}
232236
}
233-
while (0);
237+
while (false);
234238

235-
*is_authenticated = false;
239+
*is_authenticated = (uint8_t)false;
236240
if ((status == ATCA_SUCCESS) && (memcmp(digest, expected_response, ATCA_KEY_SIZE) == 0))
237241
{
238-
*is_authenticated = true;
242+
*is_authenticated = (uint8_t)true;
239243
}
240244

241245
return status;
@@ -248,7 +252,7 @@ ATCA_STATUS sha206a_verify_device_consumption(uint8_t* is_consumed)
248252
{
249253
ATCA_STATUS status;
250254
uint8_t is_dk_valid;
251-
uint8_t is_pk_valid = false;
255+
uint8_t is_pk_valid = (uint8_t)false;
252256

253257
if (is_consumed == NULL)
254258
{
@@ -263,7 +267,7 @@ ATCA_STATUS sha206a_verify_device_consumption(uint8_t* is_consumed)
263267
break;
264268
}
265269

266-
if (is_dk_valid)
270+
if (is_dk_valid != 0u)
267271
{
268272
*is_consumed = 0;
269273
}
@@ -274,13 +278,13 @@ ATCA_STATUS sha206a_verify_device_consumption(uint8_t* is_consumed)
274278
break;
275279
}
276280

277-
if (is_pk_valid)
281+
if (is_pk_valid == (uint8_t)true)
278282
{
279-
*is_consumed &= ~ATCA_SHA206A_PKEY_CONSUMPTION_MASK;
283+
*is_consumed &= (uint8_t)(~ATCA_SHA206A_PKEY_CONSUMPTION_MASK);
280284
}
281285
}
282286
}
283-
while (0);
287+
while (false);
284288

285289
return status;
286290
}
@@ -298,15 +302,15 @@ ATCA_STATUS sha206a_check_dk_useflag_validity(uint8_t* is_consumed)
298302
return ATCA_BAD_PARAM;
299303
}
300304

301-
*is_consumed = true;
305+
*is_consumed = (uint8_t)true;
302306
if ((status = sha206a_get_dk_useflag_count(&dk_available_count)) != ATCA_SUCCESS)
303307
{
304308
return status;
305309
}
306310

307-
if (!dk_available_count)
311+
if (dk_available_count == 0u)
308312
{
309-
*is_consumed = false;
313+
*is_consumed = (uint8_t)false;
310314
}
311315

312316
return status;
@@ -325,15 +329,15 @@ ATCA_STATUS sha206a_check_pk_useflag_validity(uint8_t* is_consumed)
325329
return ATCA_BAD_PARAM;
326330
}
327331

328-
*is_consumed = true;
332+
*is_consumed = (uint8_t)true;
329333
if ((status = sha206a_get_pk_useflag_count(&pk_available_count)) != ATCA_SUCCESS)
330334
{
331335
return status;
332336
}
333337

334-
if (!pk_available_count)
338+
if (pk_available_count == 0u)
335339
{
336-
*is_consumed = false;
340+
*is_consumed = (uint8_t)false;
337341
}
338342

339343
return status;
@@ -353,15 +357,15 @@ ATCA_STATUS sha206a_get_dk_useflag_count(uint8_t* dk_available_count)
353357
return ATCA_BAD_PARAM;
354358
}
355359

356-
*dk_available_count = 0;
360+
*dk_available_count = 0u;
357361
if ((status = atcab_read_bytes_zone(ATCA_ZONE_CONFIG, 0, 64, read_buf, sizeof(read_buf))) != ATCA_SUCCESS)
358362
{
359363
return status;
360364
}
361365

362-
for (bit_count = 0; bit_count < 8; bit_count++)
366+
for (bit_count = 0u; bit_count < 8u; bit_count++)
363367
{
364-
if (!(read_buf[2] & 0x01))
368+
if ((read_buf[2] & 0x01u) != 0x01u)
365369
{
366370
break;
367371
}
@@ -381,28 +385,28 @@ ATCA_STATUS sha206a_get_pk_useflag_count(uint8_t* pk_available_count)
381385
{
382386
ATCA_STATUS status;
383387
uint8_t read_buf[16];
384-
uint8_t byte_count;
388+
uint8_t byte_count = 16u;
385389
uint8_t bit_count;
386390

387391
if (pk_available_count == NULL)
388392
{
389393
return ATCA_BAD_PARAM;
390394
}
391395

392-
*pk_available_count = 0;
396+
*pk_available_count = 0u;
393397
if ((status = atcab_read_bytes_zone(ATCA_ZONE_CONFIG, 0, 68, read_buf, sizeof(read_buf))) != ATCA_SUCCESS)
394398
{
395399
return status;
396400
}
397401

398-
for (bit_count = 0, byte_count = 16; bit_count < sizeof(read_buf) * 8; bit_count++)
402+
for (bit_count = 0u; bit_count < sizeof(read_buf) * 8u; bit_count++)
399403
{
400-
if (bit_count % 8 == 0)
404+
if (bit_count % 8u == 0u)
401405
{
402406
byte_count--;
403407
}
404408

405-
if (!(read_buf[byte_count] & 0x01))
409+
if ((read_buf[byte_count] & 0x01u) != 0x01u)
406410
{
407411
break;
408412
}
@@ -428,7 +432,7 @@ ATCA_STATUS sha206a_get_dk_update_count(uint8_t* dk_update_count)
428432
return ATCA_BAD_PARAM;
429433
}
430434

431-
*dk_update_count = 0;
435+
*dk_update_count = 0u;
432436
if ((status = atcab_read_bytes_zone(ATCA_ZONE_CONFIG, 0, 64, read_buf, sizeof(read_buf))) != ATCA_SUCCESS)
433437
{
434438
return status;
@@ -454,8 +458,8 @@ ATCA_STATUS sha206a_write_data_store(uint8_t slot, uint8_t* data, uint8_t block,
454458
ATCA_STATUS status;
455459
uint8_t zone = ATCA_ZONE_DATA;
456460

457-
if ((slot < SHA206A_DATA_STORE0) || (slot > SHA206A_DATA_STORE2) ||
458-
(slot == SHA206A_DATA_STORE0 && lock_after_write == true) || (data == NULL))
461+
if ((slot < (uint8_t)SHA206A_DATA_STORE0) || (slot > (uint8_t)SHA206A_DATA_STORE2) ||
462+
(slot == (uint8_t)SHA206A_DATA_STORE0 && lock_after_write == true) || (data == NULL))
459463
{
460464
return ATCA_BAD_PARAM;
461465
}
@@ -481,7 +485,7 @@ ATCA_STATUS sha206a_read_data_store(uint8_t slot, uint8_t* data, uint8_t offset,
481485
ATCA_STATUS status;
482486
uint8_t zone = ATCA_ZONE_DATA;
483487

484-
if ((slot < SHA206A_DATA_STORE0) || (slot > SHA206A_DATA_STORE2) || (data == NULL))
488+
if ((slot < (uint8_t)SHA206A_DATA_STORE0) || (slot > (uint8_t)SHA206A_DATA_STORE2) || (data == NULL))
485489
{
486490
return ATCA_BAD_PARAM;
487491
}
@@ -500,25 +504,25 @@ ATCA_STATUS sha206a_get_data_store_lock_status(uint8_t slot, uint8_t* is_locked)
500504
ATCA_STATUS status;
501505
uint8_t read_buf[4];
502506

503-
if ((is_locked == NULL) || (slot < SHA206A_DATA_STORE1) || (slot > SHA206A_DATA_STORE2))
507+
if ((is_locked == NULL) || (slot < (uint8_t)SHA206A_DATA_STORE1) || (slot > (uint8_t)SHA206A_DATA_STORE2))
504508
{
505509
return ATCA_BAD_PARAM;
506510
}
507511

508-
*is_locked = true;
512+
*is_locked = (uint8_t)true;
509513

510514
if ((status = atcab_read_bytes_zone(ATCA_ZONE_CONFIG, 0, 4, &read_buf[0], sizeof(read_buf))) != ATCA_SUCCESS)
511515
{
512516
return status;
513517
}
514518

515-
if (slot == SHA206A_DATA_STORE1)
519+
if (slot == (uint8_t)SHA206A_DATA_STORE1)
516520
{
517-
*is_locked = ((read_buf[0] == 0x55) && (read_buf[1] == 0x55)) ? false : true;
521+
*is_locked = (uint8_t)(((read_buf[0] == 0x55u) && (read_buf[1] == 0x55u)) ? (uint8_t)false : (uint8_t)true);
518522
}
519523
else
520524
{
521-
*is_locked = ((read_buf[2] == 0x55) && (read_buf[3] == 0x55)) ? false : true;
525+
*is_locked = ((read_buf[2] == 0x55u) && (read_buf[3] == 0x55u)) ? (uint8_t)false : (uint8_t)true;
522526
}
523527

524528
return status;

app/api_206a/api_206a.h

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,10 @@ extern "C" {
3434

3535
#include "atca_status.h"
3636

37-
#define ATCA_SHA206A_ZONE_WRITE_LOCK 0x20
38-
#define ATCA_SHA206A_DKEY_CONSUMPTION_MASK 0x01
39-
#define ATCA_SHA206A_PKEY_CONSUMPTION_MASK 0x02
40-
#define ATCA_SHA206A_SYMMETRIC_KEY_ID_SLOT 0X07
37+
#define ATCA_SHA206A_ZONE_WRITE_LOCK 0x20u
38+
#define ATCA_SHA206A_DKEY_CONSUMPTION_MASK 0x01u
39+
#define ATCA_SHA206A_PKEY_CONSUMPTION_MASK 0x02u
40+
#define ATCA_SHA206A_SYMMETRIC_KEY_ID_SLOT 0X07u
4141

4242
enum
4343
{
@@ -53,8 +53,8 @@ ATCA_STATUS sha206a_generate_challenge_response_pair(uint8_t* key, uint8_t* chal
5353
ATCA_STATUS sha206a_authenticate(uint8_t* challenge, uint8_t* expected_response, uint8_t* is_authenticated);
5454
ATCA_STATUS sha206a_verify_device_consumption(uint8_t* is_consumed);
5555

56-
ATCA_STATUS sha206a_check_dk_useflag_validity(uint8_t* is_valid);
57-
ATCA_STATUS sha206a_check_pk_useflag_validity(uint8_t* is_valid);
56+
ATCA_STATUS sha206a_check_dk_useflag_validity(uint8_t* is_consumed);
57+
ATCA_STATUS sha206a_check_pk_useflag_validity(uint8_t* is_consumed);
5858
ATCA_STATUS sha206a_get_dk_useflag_count(uint8_t* dk_available_count);
5959
ATCA_STATUS sha206a_get_pk_useflag_count(uint8_t* pk_available_count);
6060
ATCA_STATUS sha206a_get_dk_update_count(uint8_t* dk_update_count);

0 commit comments

Comments
 (0)