Implement atcab_write_pubkey and atcab_priv_write commands

adafruit / Adafruit_CircuitPython_ATECC

Driver for Microchip ATECCx08 cryptographic co-processors with secure hardware-based key storage

Other

18 stars 19 forks source link

Implement atcab_write_pubkey and atcab_priv_write commands #7

Open brentru opened 5 years ago

brentru commented 5 years ago

atcab_write_pubkey: Uses the write command to write a public key to a slot in the proper format.

https://microchiptech.github.io/cryptoauthlib/a06481.html#ga47cbedeb3c3e9f7cbf2b9433cd60d1aa

atcab_priv_write: Executes PrivWrite command, to write externally generated ECC private keys into the device.

https://microchiptech.github.io/cryptoauthlib/a06481.html#gad01e8e785073d8655de9116e7df8e7b5

uCryptoAuthLib Implementation for pubkey (priv_write is not implemented): https://github.com/dmazzella/ucryptoauthlib/blob/master/cryptoauthlib/basic.py#L852

Discussion about these commands: https://github.com/MicrochipTech/cryptoauthlib/issues/44

tannewt commented 4 years ago

I'd suggest splitting this library into more modules so folks can import just the bits they need to use.

brentru commented 4 years ago

@tannewt I have some of this library split, but would like some advice on what to split out further. Here's my start:

adafruit_atecc: Driver module
adafruit_atecc_random: Wrapper for random methods commands, we could mock random methods.
adafruit_atecc_hashlib: Wrapper similar to https://github.com/adafruit/Adafruit_CircuitPython_hashlib, but for hardware-accelerated SHA-256

tannewt commented 4 years ago

I like the idea of having modules for random and hashlib! What functions are left in the regular atecc module?

brentru commented 4 years ago

Random would contain the following from the atecc module:

nonce
random

hashlib would contain:

sha_start,sha_digest, and sha_update

Which leave us with a few public, non-driver-specific methods like: ecdsa_sign, sign, write_config, gen_key.

These could be moved to a class within atecc_cert_util since they're related to certificate generation and STORAGE. I feel adafruit_atecc_asn1 could be its own class, contained within cert_util as well.

tannewt commented 4 years ago

I like the hashlib idea and please ensure the API matches CPython's hashlib.

Looks like this would work to mimic for ECDSA: https://github.com/warner/python-ecdsa

Can you find similar analogs for sign and gen_key?

brentru commented 4 years ago

That lib is promising. I'd need to adapt sign and gen_key to work properly with .generate and .sign.


sk = SigningKey.generate(curve=NIST384p)
vk = sk.verifying_key
signature = sk.sign(b"message")```