Open rrottmann opened 3 years ago
Could you please try the following patch:
diff --git a/atecc.c b/atecc.c
index 37312df..184d3ab 100644
--- a/atecc.c
+++ b/atecc.c
@@ -135,6 +135,7 @@ int main(int argc, char *argv[])
ATCAIfaceCfg cfg = cfg_ateccx08a_i2c_default;
cfg.atcai2c.bus = DEFAULT_I2C_BUS;
cfg.atcai2c.slave_address = DEFAULT_I2C_SLAVE;
+ cfg.devtype = ATECC608A;
while ((c = getopt(argc, argv, "h::c:b:s:vr:")) != -1) {
switch (c) {
Is KeyType 7 [SHA or other] correct?
Yes
It works for me with the following slot config:
========================= Slot: 7 ==================
Decoding SlotConfig value = 0x4AC9
Read key (except ECC private keys): 9
If slot contains ECC private keys:
External signatures of arbitrary messages are enabled: 1
Internal signatures are enabled: 0
ECDH operation is permitted for this key: 0
ECDH master secret output mode: 1
NoMac bit: 0
LimitedUse bit: 0
EncryptRead bit: 1
IsSecret bit: 1
Write key: 10
Write config: 0x4 (hex) = 0100 (bin)
Write cmd: Encrypt
DeriveKey cmd: Can't be used
GenKey cmd: may NOT be used
PrivWrite cmd: Encrypt
-------------
Decoding KeyConfig value = 0x003C
Private bit: 0
PubInfo bit: 0
KeyType: 7 [SHA or other]
Lockable bit: 1
ReqRandom bit: 0
ReqAuth bit: 0
AuthKey: 0
IntrusionDisable bit: 0
X509id: 0
Thanks for the quick response. Just tested this with current master. It still fails. Please note that my ATECC608A is using i2c 0x35 and I set DEFAULT_I2C_SLAVE to 0x6A in config.h in order to talk to the device.
$ ./atecc -c serial
0123*********
$ head -c 16 /dev/urandom > hmac.key
$ atecc -b1 -c "hmac-write-key 6 0 hmac.key"
read key from file: Success
$ echo "This is a test" > message
$ touch hmac.digest
$ atecc -b1 -c "hmac-dgst 6 message hmac.digest"
Command atcab_sha_hmac_init is failed with status 0xf4
$ git diff
diff --git a/atecc.c b/atecc.c
index 744c322..d1514fe 100644
--- a/atecc.c
+++ b/atecc.c
@@ -136,6 +136,7 @@ int main(int argc, char *argv[])
ATCAIfaceCfg cfg = cfg_ateccx08a_i2c_default;
cfg.atcai2c.bus = DEFAULT_I2C_BUS;
cfg.atcai2c.slave_address = DEFAULT_I2C_SLAVE;
+ cfg.devtype = ATECC608A;
while ((c = getopt(argc, argv, "h::c:b:s:vr:")) != -1) {
switch (c) {
diff --git a/config.h b/config.h
index 6fa7f00..6d4153e 100644
--- a/config.h
+++ b/config.h
@@ -1,6 +1,7 @@
#pragma once
-#define DEFAULT_I2C_BUS 9
-#define DEFAULT_I2C_SLAVE 0xC0
+#define DEFAULT_I2C_BUS 1
+//#define DEFAULT_I2C_SLAVE 0xC0
+#define DEFAULT_I2C_SLAVE 0x6A
#define MAX_CMDS 32
Hello,
Is that on purpose that ReqRandom bit is set to 1? As far as I remember, in this case ATECC chip requires nonce to be generated by internal RNG and this may be the reason for sha_hmac_init to fail.
Thanks for pointing me out the ReqRandom bit!
My first steps with ATECC608A were done with sample configs as it was difficult for a hobbyist without access to the complete datasheet to find a proper configuration.
The sample configures the device for multiple scenarios and there is another key slot without ReqRandom that I could use:
========================= Slot: 8 ==================
Decoding SlotConfig value = 0x0F0F
Read key (except ECC private keys): 15
If slot contains ECC private keys:
External signatures of arbitrary messages are enabled: 1
Internal signatures are enabled: 1
ECDH operation is permitted for this key: 1
ECDH master secret output mode: 1
NoMac bit: 0
LimitedUse bit: 0
EncryptRead bit: 0
IsSecret bit: 0
Write key: 15
Write config: 0x0 (hex) = 0000 (bin)
Write cmd: Always
DeriveKey cmd: Can't be used
GenKey cmd: may NOT be used
PrivWrite cmd: Forbidden
-------------
Decoding KeyConfig value = 0x003C
Private bit: 0
PubInfo bit: 0
KeyType: 7 [SHA or other]
Lockable bit: 1
ReqRandom bit: 0
ReqAuth bit: 0
AuthKey: 0
IntrusionDisable bit: 0
X509id: 0
Then I still needed Evgeny Bogers suggested patch to make it work. Without it, the following error occurs:
head -c 16 /dev/urandom > hmac.key
atecc -b1 -c "hmac-write-key 8 0 hmac.key"
#read key from file: Success
echo "This is a test" > message
touch hmac.digest
atecc -b1 -c "hmac-dgst 8 message hmac.digest"
#Command atcab_sha_hmac_finish is failed with status 210
Got it, thanks!
without access to the complete datasheet
I've been told that you can literally type "atecc608a complete datasheet" in Google to find one.
Then I still needed Evgeny Bogers suggested patch to make it work. Without it, the following error occurs:
head -c 16 /dev/urandom > hmac.key atecc -b1 -c "hmac-write-key 8 0 hmac.key" #read key from file: Success echo "This is a test" > message touch hmac.digest atecc -b1 -c "hmac-dgst 8 message hmac.digest" #Command atcab_sha_hmac_finish is failed with status 210
This issue will be fixed in PR #9.
@webconn Thanks for the fix. As my setup is still available, I've tested with a fresh clone of current master and it does not work for me. Crosschecked with previous commit and suggested hardcoded devtype and this still works.
$ git diff
diff --git a/config.h b/config.h
index 6fa7f00..5d1e24e 100644
--- a/config.h
+++ b/config.h
@@ -1,6 +1,6 @@
#pragma once
#define DEFAULT_I2C_BUS 9
-#define DEFAULT_I2C_SLAVE 0xC0
+#define DEFAULT_I2C_SLAVE 0x6A
#define MAX_CMDS 32
$ ./atecc -b1 -c "hmac-dgst 8 message hmac.digest"
Command atcab_info is failed with status e7
$ ./atecc -b1 -c serial
Command atcab_info is failed with status e7
$ git checkout d13c10ab1952ddd682429a77fcea39fa4d61d1ac
$ git diff
diff --git a/atecc.c b/atecc.c
index 744c322..d1514fe 100644
--- a/atecc.c
+++ b/atecc.c
@@ -136,6 +136,7 @@ int main(int argc, char *argv[])
ATCAIfaceCfg cfg = cfg_ateccx08a_i2c_default;
cfg.atcai2c.bus = DEFAULT_I2C_BUS;
cfg.atcai2c.slave_address = DEFAULT_I2C_SLAVE;
+ cfg.devtype = ATECC608A;
while ((c = getopt(argc, argv, "h::c:b:s:vr:")) != -1) {
switch (c) {
diff --git a/config.h b/config.h
index 6fa7f00..5d1e24e 100644
--- a/config.h
+++ b/config.h
@@ -1,6 +1,6 @@
#pragma once
#define DEFAULT_I2C_BUS 9
-#define DEFAULT_I2C_SLAVE 0xC0
+#define DEFAULT_I2C_SLAVE 0x6A
#define MAX_CMDS 32
$ make clean && make
$ ./atecc -b1 -c "hmac-dgst 8 message hmac.digest"
$ xxd hmac.digest
#00000000: 2df4 f379 838b 30fc 27fb 5946 524f 87f2 -..y..0.'.YFRO..
#00000010: 1430 f9ce 47c4 d9da 2df1 5321 5837 8876 .0..G...-.S!X7.v
@rrottmann Thank you for the report.
Could you please post the output of
atecc -c info
(only available in fresh master)
and
atecc -c 'dump-config -'
Used latest master and set my i2c slave id:
$ git rev-parse HEAD
1f08f086209788fdf8c0851f6dbd371918cf0f20
$ git diff
diff --git a/config.h b/config.h
index 6fa7f00..5d1e24e 100644
--- a/config.h
+++ b/config.h
@@ -1,6 +1,6 @@
#pragma once
#define DEFAULT_I2C_BUS 9
-#define DEFAULT_I2C_SLAVE 0xC0
+#define DEFAULT_I2C_SLAVE 0x6A
#define MAX_CMDS 32
atecc -c info
$ ./atecc -b1 -c info
Found ATECC608A
atecc -c 'dump-config -'
I'm trying to generate a hmac digest. I am using slot 6 for this which is configured like this:
The configuration zone is locked and I can interact with the i2c device.
Then I create a random key:
I can write the key (works only with less than 32 bytes):
Then I try to digest a message:
Do I miss something? Is it necessary to lock the slot 6 before calculating the hmac? Is KeyType 7 [SHA or other] correct?
Thanks in advance for any pointers to get more familiar with atecc-util!