MicrochipTech
diff --git a/‎cryptoauthlib/lib/hal/hal_linux_i2c_userspace.c‎
Lines changed: 6 additions & 7 deletions b/‎cryptoauthlib/lib/hal/hal_linux_i2c_userspace.c‎
Lines changed: 6 additions & 7 deletions
diff --git a/‎cryptoauthlib/lib/hal/hal_win_kit_cdc.c‎
Lines changed: 5 additions & 1 deletion b/‎cryptoauthlib/lib/hal/hal_win_kit_cdc.c‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎cryptoauthlib/lib/hal/hal_win_kit_hid.c‎
Lines changed: 4 additions & 0 deletions b/‎cryptoauthlib/lib/hal/hal_win_kit_hid.c‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎cryptoauthlib/lib/hal/kit_protocol.c‎
Lines changed: 22 additions & 5 deletions b/‎cryptoauthlib/lib/hal/kit_protocol.c‎
Lines changed: 22 additions & 5 deletions
diff --git a/‎cryptoauthlib/lib/openssl/eccx08_cmd_defns.c‎
Lines changed: 78 additions & 50 deletions b/‎cryptoauthlib/lib/openssl/eccx08_cmd_defns.c‎
Lines changed: 78 additions & 50 deletions
@@ -39,7 +39,6 @@
 #include "atca_hal.h"
 #include "hal_linux_i2c_userspace.h"
 
-#include <linux/i2c-dev.h>
 #include <unistd.h>
 #include <sys/ioctl.h>
 #include <sys/types.h>
@@ -175,7 +174,7 @@ ATCA_STATUS hal_i2c_send(ATCAIface iface, uint8_t *txdata, int txlength)
         return ATCA_COMM_FAIL;
 
     // Set Slave Address
-    if (ioctl(f_i2c, I2C_SLAVE, cfg->atcai2c.slave_address >> 1) < 0)
+    if (ioctl(f_i2c, 0x0703, cfg->atcai2c.slave_address >> 1) < 0)
     {
         close(f_i2c);
         return ATCA_COMM_FAIL;
@@ -210,7 +209,7 @@ ATCA_STATUS hal_i2c_receive(ATCAIface iface, uint8_t *rxdata, uint16_t *rxlength
         return ATCA_COMM_FAIL;
 
     // Set Slave Address
-    if (ioctl(f_i2c, I2C_SLAVE, cfg->atcai2c.slave_address >> 1) < 0)
+    if (ioctl(f_i2c, 0x0703, cfg->atcai2c.slave_address >> 1) < 0)
     {
         close(f_i2c);
         return ATCA_COMM_FAIL;
@@ -256,7 +255,7 @@ ATCA_STATUS hal_i2c_wake(ATCAIface iface)
     // Send the wake by writing to an address of 0x00
     // Create wake up pulse by sending a slave address 0f 0x00.
     // This slave address is sent to device by using a dummy write command.
-    if (ioctl(f_i2c, I2C_SLAVE, 0x00) < 0)
+    if (ioctl(f_i2c, 0x0703, 0x00) < 0)
     {
         close(f_i2c);
         return ATCA_COMM_FAIL;
@@ -272,7 +271,7 @@ ATCA_STATUS hal_i2c_wake(ATCAIface iface)
     atca_delay_us(cfg->wake_delay); // wait tWHI + tWLO which is configured based on device type and configuration structure
 
     // Set Slave Address
-    if (ioctl(f_i2c, I2C_SLAVE, cfg->atcai2c.slave_address >> 1) < 0)
+    if (ioctl(f_i2c, 0x0703, cfg->atcai2c.slave_address >> 1) < 0)
     {
         close(f_i2c);
         return ATCA_COMM_FAIL;
@@ -309,7 +308,7 @@ ATCA_STATUS hal_i2c_idle(ATCAIface iface)
         return ATCA_COMM_FAIL;
 
     // Set Slave Address
-    if (ioctl(f_i2c, I2C_SLAVE, cfg->atcai2c.slave_address >> 1) < 0)
+    if (ioctl(f_i2c, 0x0703, cfg->atcai2c.slave_address >> 1) < 0)
     {
         close(f_i2c);
         return ATCA_COMM_FAIL;
@@ -342,7 +341,7 @@ ATCA_STATUS hal_i2c_sleep(ATCAIface iface)
         return ATCA_COMM_FAIL;
 
     // Set Slave Address
-    if (ioctl(f_i2c, I2C_SLAVE, cfg->atcai2c.slave_address >> 1) < 0)
+    if (ioctl(f_i2c, 0x0703, cfg->atcai2c.slave_address >> 1) < 0)
     {
         close(f_i2c);
         return ATCA_COMM_FAIL;
 
@@ -36,6 +36,8 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+#ifdef ATCA_HAL_KIT_CDC
+
 //#include "atca_basic.h"
 #include "atca_hal.h"
 #include "kit_phy.h"
@@ -510,4 +512,6 @@ ATCA_STATUS hal_kit_cdc_discover_devices(int busNum, ATCAIfaceCfg *cfg, int *fou
     // TODO: Implement
     *found = 0;
     return ATCA_UNIMPLEMENTED;
-}
+}
+
+#endif
@@ -36,6 +36,8 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+#ifdef ATCA_HAL_KIT_HID
+
 #include "atca_hal.h"
 #include "hal_win_kit_hid.h"
 #include "kit_protocol.h"
@@ -434,4 +436,6 @@ ATCA_STATUS hal_kit_hid_release(void* hal_data)
     return ATCA_SUCCESS;
 }
 
+#endif
+
 /** @} */
@@ -50,7 +50,23 @@
  *
    @{ */
 
+static ATCA_STATUS kit_fix_send(ATCAIface iface, char *txdata, int txlength)
+{
+    if (!iface || !txdata || !txlength)
+    {
+        return ATCA_BAD_PARAM;
+    }
 
+    if (ATECC508A == atgetifacecfg(iface)->devtype)
+    {
+        if ('s' == txdata[0] && ':' == txdata[1])
+        {
+            txdata[0] = 'e';
+        }
+    }
+
+    return kit_phy_send(iface, txdata, txlength);
+}
 
 /** \brief HAL implementation of kit protocol init.  This function calls back to the physical protocol to send the bytes
  *  \param[in] iface  instance
@@ -101,7 +117,7 @@ ATCA_STATUS kit_init(ATCAIface iface)
     copysize = (sizeof(selectaddresspre) + rxsize);
     memcpy(&selectaddress[(copysize - 1)], selectaddresspost, sizeof(selectaddresspost));
     copysize = (sizeof(selectaddresspre) + rxsize + sizeof(selectaddresspost));
-    status = kit_phy_send(iface, selectaddress, copysize);
+    status = kit_fix_send(iface, selectaddress, copysize);
 
     // Receive the reply to select address "00()\n"
     memset(reply, 0, replysize);
@@ -136,8 +152,9 @@ ATCA_STATUS kit_send(ATCAIface iface, const uint8_t* txdata, int txlength)
         free(pkitbuf);
         return ATCA_GEN_FAIL;
     }
+
     // Send the bytes
-    status = kit_phy_send(iface, pkitbuf, nkitbuf);
+    status = kit_fix_send(iface, pkitbuf, nkitbuf);
 
 #ifdef KIT_DEBUG
     // Print the bytes
@@ -214,7 +231,7 @@ ATCA_STATUS kit_wake(ATCAIface iface)
     int rxsize = sizeof(rxdata);
 
     // Send the bytes
-    status = kit_phy_send(iface, wake, wakesize);
+    status = kit_fix_send(iface, wake, wakesize);
 
 #ifdef KIT_DEBUG
     // Print the bytes
@@ -255,7 +272,7 @@ ATCA_STATUS kit_idle(ATCAIface iface)
     int rxsize = sizeof(rxdata);
 
     // Send the bytes
-    status = kit_phy_send(iface, idle, idlesize);
+    status = kit_fix_send(iface, idle, idlesize);
 
 #ifdef KIT_DEBUG
     // Print the bytes
@@ -297,7 +314,7 @@ ATCA_STATUS kit_sleep(ATCAIface iface)
     int rxsize = sizeof(rxdata);
 
     // Send the bytes
-    status = kit_phy_send(iface, sleep, sleepsize);
+    status = kit_fix_send(iface, sleep, sleepsize);
 
 #ifdef KIT_DEBUG
     // Print the bytes
 
@@ -54,32 +54,31 @@
 
 #include "atcacert/atcacert_client.h"
 
-
 /* OpenSSL Engine API demands this list be in cmd number order otherwise it'll
 throw an invalid cmd number error*/
 const ENGINE_CMD_DEFN eccx08_cmd_defns[] = {
     { ECCX08_CMD_GET_VERSION,           "VERSION", 
         "Get engine version", ENGINE_CMD_FLAG_NO_INPUT },
+    { ECCX08_CMD_GET_KEY,               "GET_DEVICE_KEY", 
+        "Get engine key structure for DEVICE_KEY_SLOT and stores in the provided file", ENGINE_CMD_FLAG_STRING },
+    { ECCX08_CMD_GET_DEVICE_CERT,       "GET_DEVICE_CERT",
+        "Get device certificate from hardware and stores in the provided filename", ENGINE_CMD_FLAG_STRING },
     { ECCX08_CMD_GET_SIGNER_CERT,       "GET_SIGNER_CERT", 
-        "Get signer certificate from hardware", ENGINE_CMD_FLAG_STRING },
-    // { ECCX08_CMD_GET_PUB_KEY,           "GET_DEVICE_PUBKEY", 
-    //     "Get device public key from hardware", ENGINE_CMD_FLAG_STRING },
-    { ECCX08_CMD_GET_DEVICE_CERT,       "GET_DEVICE_CERT", 
-        "Get device certificate from hardware", ENGINE_CMD_FLAG_STRING },
-    { ECCX08_CMD_GET_DEVICE_CSR,        "GET_DEVICE_CSR",
-        "Generate a device CSR and save it", ENGINE_CMD_FLAG_STRING },
+        "Get signer certificate from hardware and stores in the provided filename", ENGINE_CMD_FLAG_STRING },
     { ECCX08_CMD_LOAD_CERT_CTRL,        "LOAD_CERT_CTRL",
         "Load the device certificate into an OpenSSL cert", ENGINE_CMD_FLAG_INTERNAL },
-    { ECCX08_CMD_DEVICE_KEY_SLOT,       "device_key_slot", 
-        "Where to find the device private key", ENGINE_CMD_FLAG_NUMERIC | ENGINE_CMD_FLAG_INTERNAL },
-    { ECCX08_CMD_ECDH_SLOT,             "ecdh_key_slot",
+    { ECCX08_CMD_KEY_SLOT,              "SET_KEY_SLOT", 
+        "Where to find the device private key", ENGINE_CMD_FLAG_NUMERIC },
+    { ECCX08_CMD_TRANSPORT_KEY,         "set_transport_key",
+        "Binary blob with the transport key secret (32 bytes)", ENGINE_CMD_FLAG_STRING | ENGINE_CMD_FLAG_INTERNAL },
+    { ECCX08_CMD_ECDH_SLOT,             "set_ecdh_slot",
         "Base slot for ecdh key(s)", ENGINE_CMD_FLAG_NUMERIC | ENGINE_CMD_FLAG_INTERNAL },
-    { ECCX08_CMD_ECDH_SLOTS,            "ecdh_slot_count",
+    { ECCX08_CMD_ECDH_SLOTS,            "set_ecdh_count",
         "Number of sequential slots to use for ecdh key(s) - e.g. ecdh_key_slot...ecdh_key_slot+ecdh_slot_count-1", 
         ENGINE_CMD_FLAG_NUMERIC | ENGINE_CMD_FLAG_INTERNAL },
-    { ECCX08_CMD_DEVICE_CERT,           "device_cert",
+    { ECCX08_CMD_DEVICE_CERT,           "set_device_cert_def",
         "Device Cert Configuration Section", ENGINE_CMD_FLAG_STRING | ENGINE_CMD_FLAG_INTERNAL },
-    { ECCX08_CMD_SIGNER_CERT,           "signer_cert",
+    { ECCX08_CMD_SIGNER_CERT,           "set_signer_cert_def",
         "Signer Cert Configuration Section", ENGINE_CMD_FLAG_STRING | ENGINE_CMD_FLAG_INTERNAL },
 
     /* Structure has to end with a null element */
@@ -186,7 +185,6 @@ static int get_cert(char *filename, atcacert_def_t * pCertDef, atcacert_def_t *
     return status;
 }
 
-
 /**
  *
  * \brief Retrieves pre-programmed certificates from ATECCX08
@@ -202,26 +200,48 @@ static int get_device_cert(char *filename)
     return get_cert(filename, g_cert_def_2_device_ptr, g_cert_def_1_signer_ptr);
 }
 
-// /**
-//  * \brief Retrieves the signer public key from ATECCX08 chip and
-//  *        saves them into a global signerPubkey buffer.
-//  *
-//  * \return ATCA_SUCCESS for success
-//  */
-// static int get_public_key(void)
-// {
-//     ATCA_STATUS status = ATCA_GEN_FAIL;
-
-//     DEBUG_ENGINE("eccx08_cmd_ctrl(ECCX08_CMD_GET_PUB_KEY)\n");
-//     // Get the signer public key from the signer certificate
-//     status = atcacert_get_subj_public_key(g_cert_def_1_signer_ptr, signerCert, signerCertSize, signerPubkey);
-//     if (status != ATCA_SUCCESS) {
-//         DEBUG_ENGINE("eccx08_cmd_ctrl(): error in atcacert_get_subj_public_key\n");
-//         goto err;
-//     }
-// err:
-//     return status;
-// }
+/**
+* \brief Retrieves key from ATECCX08 chip and builds a key structure and
+* saves it as as a private key file in PEM format
+*
+* \return ATCA_SUCCESS for success
+*/
+static int get_key(ENGINE* e, uint16_t keyid, char * filename)
+{
+    ATCA_STATUS status = ATCA_GEN_FAIL;
+    char* key_str[32];
+    EVP_PKEY* pkey;
+    
+    DEBUG_ENGINE("Entered\n");
+
+    snprintf(key_str, 32, "ATECCx08:%02x:%02x:%02x:%02x", pCfg->iface_type, 
+        pCfg->atcai2c.bus, pCfg->atcai2c.slave_address, keyid);
+    key_str[31] = '\0';
+
+    pkey = eccx08_load_pubkey(e, key_str, NULL, NULL);
+
+    if (pkey)
+    {
+        EC_KEY * ec = EVP_PKEY_get1_EC_KEY(pkey);
+        if (ec)
+        {
+            BIO * bio = BIO_new(BIO_s_file());
+            BIO_write_filename(bio, filename);
+            if (bio)
+            {
+                if (PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, NULL))
+                {
+                    status = ATCA_SUCCESS;
+                }
+                BIO_free(bio);
+            }
+            EC_KEY_free(ec);
+        }
+        EVP_PKEY_free(pkey);
+    }
+
+    return status;
+}
 
 /**
  * \brief Retrieves pre-programmed signer certificate from
@@ -253,8 +273,7 @@ static int load_device_cert(cmd_load_cert_params* p)
     }
 }
 
-
-static ATCA_STATUS set_device_key_slot(i)
+static ATCA_STATUS set_device_key_slot(uint32_t i)
 {
     if (16 > i)
     {
@@ -264,7 +283,7 @@ static ATCA_STATUS set_device_key_slot(i)
     return ATCA_BAD_PARAM;
 }
 
-static ATCA_STATUS set_ecdh_slot(i)
+static ATCA_STATUS set_ecdh_slot(uint32_t i)
 {
     if (16 > i)
     {
@@ -274,7 +293,7 @@ static ATCA_STATUS set_ecdh_slot(i)
     return ATCA_BAD_PARAM;
 }
 
-static ATCA_STATUS set_ecdh_count(i)
+static ATCA_STATUS set_ecdh_count(uint32_t i)
 {
     if (16 > i)
     {
@@ -284,6 +303,16 @@ static ATCA_STATUS set_ecdh_count(i)
     return ATCA_BAD_PARAM;
 }
 
+static ATCA_STATUS set_transport_key(uint8_t * p)
+{
+    if (p)
+    {
+        memcpy(g_eccx08_transport_key, p, sizeof(g_eccx08_transport_key));
+        return ATCA_SUCCESS;
+    }
+    return ATCA_BAD_PARAM;
+}
+
 /**
  * \brief Configure the device cert from the config file 
  * \param[in] pStr should contain the section name
@@ -338,27 +367,23 @@ int eccx08_cmd_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 
     switch (cmd) {
         case ECCX08_CMD_GET_VERSION:
-//            if (cmd_buf) {
-                //snprintf(cmd_buf, i, "The ateccx08 ENGINE version: %s", ECCX08_ENGINE_VERSION);
             DEBUG_ENGINE("ENGINE Version: %s\n", ECCX08_ENGINE_VERSION);
-//            } else {
-//                ret = 0;
-//            }
             status = ATCA_SUCCESS;
             break;
-        case ECCX08_CMD_GET_SIGNER_CERT:
-            status = get_signer_cert(p);
+
+         case ECCX08_CMD_GET_KEY:
+            status = get_key(e, eccx08_engine_config.device_key_slot, p);
             break;
-        // case ECCX08_CMD_GET_PUB_KEY:
-        //     status = get_public_key();
-        //     break;
         case ECCX08_CMD_GET_DEVICE_CERT:
             status = get_device_cert(p);
             break;
+        case ECCX08_CMD_GET_SIGNER_CERT:
+            status = get_signer_cert(p);
+            break;
         case ECCX08_CMD_LOAD_CERT_CTRL:
             status = load_device_cert(p);
             break;
-        case ECCX08_CMD_DEVICE_KEY_SLOT:
+        case ECCX08_CMD_KEY_SLOT:
             status = set_device_key_slot(i);
             break;
         case ECCX08_CMD_ECDH_SLOT:
@@ -373,6 +398,9 @@ int eccx08_cmd_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
         case ECCX08_CMD_SIGNER_CERT:
             status = config_signer_cert(p);
             break;
+        case ECCX08_CMD_TRANSPORT_KEY:
+            status = set_transport_key(p);
+            break;
         default:
             DEBUG_ENGINE("Unknown command: %d with i=%d, p=%s\n", cmd, i, p?p:"");
             break;