WORD_ADDR = {0x00: 'RESET', 0x01: 'SLEEP', 0x02: 'IDLE', 0x03: 'COMMAND'}
+OPCODE_COUNTER = 0x24
OPCODE_DERIVE_KEY = 0x1c
OPCODE_DEV_REV = 0x30
+OPCODE_ECDH = 0x43
OPCODE_GEN_DIG = 0x15
+OPCODE_GEN_KEY = 0x40
OPCODE_HMAC = 0x11
OPCODE_CHECK_MAC = 0x28
OPCODE_LOCK = 0x17
OPCODE_MAC = 0x08
OPCODE_NONCE = 0x16
OPCODE_PAUSE = 0x01
+OPCODE_PRIVWRITE = 0x46
OPCODE_RANDOM = 0x1b
OPCODE_READ = 0x02
OPCODE_SHA = 0x47
+OPCODE_SIGN = 0x41
OPCODE_UPDATE_EXTRA = 0x20
+OPCODE_VERIFY = 0x45
OPCODE_WRITE = 0x12
OPCODES = {
0x1b: 'Random',
0x1c: 'DeriveKey',
0x20: 'UpdateExtra',
+ 0x24: 'Counter',
0x28: 'CheckMac',
0x30: 'DevRev',
+ 0x40: 'GenKey',
+ 0x41: 'Sign',
+ 0x43: 'ECDH',
+ 0x45: 'Verify',
+ 0x46: 'PrivWrite',
0x47: 'SHA',
}
id = 'atsha204a'
name = 'ATSHA204A'
longname = 'Microchip ATSHA204A'
- desc = 'Microchip ATSHA204A CryptoAuthentication device'
+ desc = 'Microchip ATSHA204A family crypto authentication protocol.'
license = 'gplv2+'
inputs = ['i2c']
- outputs = ['atsha204a']
+ outputs = []
+ tags = ['Security/crypto', 'IC', 'Memory']
annotations = (
('waddr', 'Word address'),
('count', 'Count'),
('warning', 'Warning'),
)
annotation_rows = (
- ('frame', 'Frame', (0, 1, 2, 3, 4, 5, 6)),
- ('status', 'Status', (7,)),
+ ('frame', 'Frames', (0, 1, 2, 3, 4, 5, 6)),
+ ('status-vals', 'Status', (7,)),
('warnings', 'Warnings', (8,)),
)
def __init__(self):
+ self.reset()
+
+ def reset(self):
self.state = 'IDLE'
self.waddr = self.opcode = -1
self.ss_block = self.es_block = 0
if len(b) < 1: # Ignore wakeup.
return
self.waddr = b[0][2]
- self.display_waddr(b[0])
+ self.put_waddr(b[0])
if self.waddr == WORD_ADDR_COMMAND:
count = b[1][2]
- self.display_count(b[1])
+ self.put_count(b[1])
if len(b) - 1 != count:
- self.display_warning(b[0][0], b[-1][1],
+ self.put_warning(b[0][0], b[-1][1],
'Invalid frame length: Got {}, expecting {} '.format(
- len(b) - 1, count))
+ len(b) - 1, count))
return
self.opcode = b[2][2]
- self.display_opcode(b[2])
- self.display_param1(b[3])
- self.display_param2([b[4], b[5]])
- self.display_data(b[6:-2])
- self.display_crc([b[-2], b[-1]])
+ self.put_opcode(b[2])
+ self.put_param1(b[3])
+ self.put_param2([b[4], b[5]])
+ self.put_data(b[6:-2])
+ self.put_crc([b[-2], b[-1]])
def output_rx_bytes(self):
b = self.bytes
count = b[0][2]
- self.display_count(b[0])
+ self.put_count(b[0])
if self.waddr == WORD_ADDR_RESET:
- self.display_data([b[1]])
- self.display_crc([b[2], b[3]])
- self.display_status(b[0][0], b[-1][1], b[1][2])
+ self.put_data([b[1]])
+ self.put_crc([b[2], b[3]])
+ self.put_status(b[0][0], b[-1][1], b[1][2])
elif self.waddr == WORD_ADDR_COMMAND:
if count == 4: # Status / Error.
- self.display_data([b[1]])
- self.display_crc([b[2], b[3]])
- self.display_status(b[0][0], b[-1][1], b[1][2])
+ self.put_data([b[1]])
+ self.put_crc([b[2], b[3]])
+ self.put_status(b[0][0], b[-1][1], b[1][2])
else:
- self.display_data(b[1:-2])
- self.display_crc([b[-2], b[-1]])
+ self.put_data(b[1:-2])
+ self.put_crc([b[-2], b[-1]])
+
+ def putx(self, s, data):
+ self.put(s[0], s[1], self.out_ann, data)
+
+ def puty(self, s, data):
+ self.put(s[0][0], s[1][1], self.out_ann, data)
+
+ def putz(self, ss, es, data):
+ self.put(ss, es, self.out_ann, data)
- def display_waddr(self, data):
- self.put(data[0], data[1], self.out_ann, [0, ['Word addr: %s' % WORD_ADDR[data[2]]]])
+ def put_waddr(self, s):
+ self.putx(s, [0, ['Word addr: %s' % WORD_ADDR[s[2]]]])
- def display_count(self, data):
- self.put(data[0], data[1], self.out_ann, [1, ['Count: %s' % data[2]]])
+ def put_count(self, s):
+ self.putx(s, [1, ['Count: %s' % s[2]]])
- def display_opcode(self, data):
- self.put(data[0], data[1], self.out_ann, [2, ['Opcode: %s' % OPCODES[data[2]]]])
+ def put_opcode(self, s):
+ self.putx(s, [2, ['Opcode: %s' % OPCODES[s[2]]]])
- def display_param1(self, data):
+ def put_param1(self, s):
op = self.opcode
- if op in (OPCODE_CHECK_MAC, OPCODE_DEV_REV, OPCODE_HMAC, \
- OPCODE_MAC, OPCODE_NONCE, OPCODE_RANDOM, OPCODE_SHA):
- self.put(data[0], data[1], self.out_ann, [3, ['Mode: %02X' % data[2]]])
+ if op in (OPCODE_CHECK_MAC, OPCODE_COUNTER, OPCODE_DEV_REV, \
+ OPCODE_ECDH, OPCODE_GEN_KEY, OPCODE_HMAC, OPCODE_MAC, \
+ OPCODE_NONCE, OPCODE_RANDOM, OPCODE_SHA, OPCODE_SIGN, \
+ OPCODE_VERIFY):
+ self.putx(s, [3, ['Mode: %02X' % s[2]]])
elif op == OPCODE_DERIVE_KEY:
- self.put(data[0], data[1], self.out_ann, [3, ['Random: %s' % data[2]]])
+ self.putx(s, [3, ['Random: %s' % s[2]]])
+ elif op == OPCODE_PRIVWRITE:
+ self.putx(s, [3, ['Encrypted: {}'.format('Yes' if s[2] & 0x40 else 'No')]])
elif op == OPCODE_GEN_DIG:
- self.put(data[0], data[1], self.out_ann, [3, ['Zone: %s' % ZONES[data[2]]]])
+ self.putx(s, [3, ['Zone: %s' % ZONES[s[2]]]])
elif op == OPCODE_LOCK:
- self.put(data[0], data[1], self.out_ann, [3, ['Zone: {}, Summary: {}'.format(
- 'DATA/OTP' if data[2] else 'CONFIG',
- 'Ignored' if data[2] & 0x80 else 'Used')]])
+ self.putx(s, [3, ['Zone: {}, Summary: {}'.format(
+ 'DATA/OTP' if s[2] else 'CONFIG',
+ 'Ignored' if s[2] & 0x80 else 'Used')]])
elif op == OPCODE_PAUSE:
- self.put(data[0], data[1], self.out_ann, [3, ['Selector: %02X' % data[2]]])
+ self.putx(s, [3, ['Selector: %02X' % s[2]]])
elif op == OPCODE_READ:
- self.put(data[0], data[1], self.out_ann, [3, ['Zone: {}, Length: {}'.format(ZONES[data[2] & 0x03],
- '32 bytes' if data[2] & 0x90 else '4 bytes')]])
+ self.putx(s, [3, ['Zone: {}, Length: {}'.format(ZONES[s[2] & 0x03],
+ '32 bytes' if s[2] & 0x90 else '4 bytes')]])
elif op == OPCODE_WRITE:
- self.put(data[0], data[1], self.out_ann, [3, ['Zone: {}, Encrypted: {}, Length: {}'.format(ZONES[data[2] & 0x03],
- 'Yes' if data[2] & 0x40 else 'No', '32 bytes' if data[2] & 0x90 else '4 bytes')]])
+ self.putx(s, [3, ['Zone: {}, Encrypted: {}, Length: {}'.format(ZONES[s[2] & 0x03],
+ 'Yes' if s[2] & 0x40 else 'No', '32 bytes' if s[2] & 0x90 else '4 bytes')]])
else:
- self.put(data[0], data[1], self.out_ann, [3, ['Param1: %02X' % data[2]]])
+ self.putx(s, [3, ['Param1: %02X' % s[2]]])
- def display_param2(self, data):
+ def put_param2(self, s):
op = self.opcode
if op == OPCODE_DERIVE_KEY:
- self.put(data[0][0], data[1][1], self.out_ann, [4, ['TargetKey: {:02x} {:02x}'.format(data[1][2], data[0][2])]])
+ self.puty(s, [4, ['TargetKey: {:02x} {:02x}'.format(s[1][2], s[0][2])]])
+ elif op in (OPCODE_COUNTER, OPCODE_ECDH, OPCODE_GEN_KEY, OPCODE_PRIVWRITE, \
+ OPCODE_SIGN, OPCODE_VERIFY):
+ self.puty(s, [4, ['KeyID: {:02x} {:02x}'.format(s[1][2], s[0][2])]])
elif op in (OPCODE_NONCE, OPCODE_PAUSE, OPCODE_RANDOM):
- self.put(data[0][0], data[1][1], self.out_ann, [4, ['Zero: {:02x} {:02x}'.format(data[1][2], data[0][2])]])
+ self.puty(s, [4, ['Zero: {:02x} {:02x}'.format(s[1][2], s[0][2])]])
elif op in (OPCODE_HMAC, OPCODE_MAC, OPCODE_CHECK_MAC, OPCODE_GEN_DIG):
- self.put(data[0][0], data[1][1], self.out_ann, [4, ['SlotID: {:02x} {:02x}'.format(data[1][2], data[0][2])]])
+ self.puty(s, [4, ['SlotID: {:02x} {:02x}'.format(s[1][2], s[0][2])]])
elif op == OPCODE_LOCK:
- self.put(data[0][0], data[1][1], self.out_ann, [4, ['Summary: {:02x} {:02x}'.format(data[1][2], data[0][2])]])
+ self.puty(s, [4, ['Summary: {:02x} {:02x}'.format(s[1][2], s[0][2])]])
elif op in (OPCODE_READ, OPCODE_WRITE):
- self.put(data[0][0], data[1][1], self.out_ann, [4, ['Address: {:02x} {:02x}'.format(data[1][2], data[0][2])]])
+ self.puty(s, [4, ['Address: {:02x} {:02x}'.format(s[1][2], s[0][2])]])
elif op == OPCODE_UPDATE_EXTRA:
- self.put(data[0][0], data[1][1], self.out_ann, [4, ['NewValue: {:02x}'.format(data[0][2])]])
+ self.puty(s, [4, ['NewValue: {:02x}'.format(s[0][2])]])
else:
- self.put(data[0][0], data[1][1], self.out_ann, [4, ['-']])
+ self.puty(s, [4, ['-']])
- def display_data(self, data):
- if len(data) == 0:
+ def put_data(self, s):
+ if len(s) == 0:
return
op = self.opcode
if op == OPCODE_CHECK_MAC:
- self.put(data[0][0], data[31][1], self.out_ann, [5, ['ClientChal: %s' % ' '.join(format(i[2], '02x') for i in data[0:31])]])
- self.put(data[32][0], data[63][1], self.out_ann, [5, ['ClientResp: %s' % ' '.join(format(i[2], '02x') for i in data[32:63])]])
- self.put(data[64][0], data[76][1], self.out_ann, [5, ['OtherData: %s' % ' '.join(format(i[2], '02x') for i in data[64:76])]])
+ self.putz(s[0][0], s[31][1], [5, ['ClientChal: %s' % ' '.join(format(i[2], '02x') for i in s[0:32])]])
+ self.putz(s[32][0], s[63][1], [5, ['ClientResp: %s' % ' '.join(format(i[2], '02x') for i in s[32:64])]])
+ self.putz(s[64][0], s[76][1], [5, ['OtherData: %s' % ' '.join(format(i[2], '02x') for i in s[64:77])]])
elif op == OPCODE_DERIVE_KEY:
- self.put(data[0][0], data[31][1], self.out_ann, [5, ['MAC: %s' % ' '.join(format(i[2], '02x') for i in data)]])
- elif op == OPCODE_GEN_DIG:
- self.put(data[0][0], data[3][1], self.out_ann, [5, ['OtherData: %s' % ' '.join(format(i[2], '02x') for i in data)]])
+ self.putz(s[0][0], s[31][1], [5, ['MAC: %s' % ' '.join(format(i[2], '02x') for i in s)]])
+ elif op == OPCODE_ECDH:
+ self.putz(s[0][0], s[31][1], [5, ['Pub X: %s' % ' '.join(format(i[2], '02x') for i in s[0:32])]])
+ self.putz(s[32][0], s[63][1], [5, ['Pub Y: %s' % ' '.join(format(i[2], '02x') for i in s[32:64])]])
+ elif op in (OPCODE_GEN_DIG, OPCODE_GEN_KEY):
+ self.putz(s[0][0], s[3][1], [5, ['OtherData: %s' % ' '.join(format(i[2], '02x') for i in s)]])
elif op == OPCODE_MAC:
- self.put(data[0][0], data[31][1], self.out_ann, [5, ['Challenge: %s' % ' '.join(format(i[2], '02x') for i in data)]])
+ self.putz(s[0][0], s[31][1], [5, ['Challenge: %s' % ' '.join(format(i[2], '02x') for i in s)]])
+ elif op == OPCODE_PRIVWRITE:
+ if len(s) > 36: # Key + MAC.
+ self.putz(s[0][0], s[-35][1], [5, ['Value: %s' % ' '.join(format(i[2], '02x') for i in s)]])
+ self.putz(s[-32][0], s[-1][1], [5, ['MAC: %s' % ' '.join(format(i[2], '02x') for i in s)]])
+ else: # Just value.
+ self.putz(s[0][0], s[-1][1], [5, ['Value: %s' % ' '.join(format(i[2], '02x') for i in s)]])
+ elif op == OPCODE_VERIFY:
+ if len(s) >= 64: # ECDSA components (always present)
+ self.putz(s[0][0], s[31][1], [5, ['ECDSA R: %s' % ' '.join(format(i[2], '02x') for i in s[0:32])]])
+ self.putz(s[32][0], s[63][1], [5, ['ECDSA S: %s' % ' '.join(format(i[2], '02x') for i in s[32:64])]])
+ if len(s) == 83: # OtherData (follow ECDSA components in validate / invalidate mode)
+ self.putz(s[64][0], s[82][1], [5, ['OtherData: %s' % ' '.join(format(i[2], '02x') for i in s[64:83])]])
+ if len(s) == 128: # Public key components (follow ECDSA components in external mode)
+ self.putz(s[64][0], s[95][1], [5, ['Pub X: %s' % ' '.join(format(i[2], '02x') for i in s[64:96])]])
+ self.putz(s[96][0], s[127][1], [5, ['Pub Y: %s' % ' '.join(format(i[2], '02x') for i in s[96:128])]])
elif op == OPCODE_WRITE:
- if len(data) > 32: # Value + MAC.
- self.put(data[0][0], data[-31][1], self.out_ann, [5, ['Value: %s' % ' '.join(format(i[2], '02x') for i in data)]])
- self.put(data[-32][0], data[-1][1], self.out_ann, [5, ['MAC: %s' % ' '.join(format(i[2], '02x') for i in data)]])
+ if len(s) > 32: # Value + MAC.
+ self.putz(s[0][0], s[-31][1], [5, ['Value: %s' % ' '.join(format(i[2], '02x') for i in s)]])
+ self.putz(s[-32][0], s[-1][1], [5, ['MAC: %s' % ' '.join(format(i[2], '02x') for i in s)]])
else: # Just value.
- self.put(data[0][0], data[-1][1], self.out_ann, [5, ['Value: %s' % ' '.join(format(i[2], '02x') for i in data)]])
+ self.putz(s[0][0], s[-1][1], [5, ['Value: %s' % ' '.join(format(i[2], '02x') for i in s)]])
else:
- self.put(data[0][0], data[-1][1], self.out_ann, [5, ['Data: %s' % ' '.join(format(i[2], '02x') for i in data)]])
+ self.putz(s[0][0], s[-1][1], [5, ['Data: %s' % ' '.join(format(i[2], '02x') for i in s)]])
- def display_crc(self, data):
- self.put(data[0][0], data[1][1], self.out_ann, [6, ['CRC: {:02X} {:02X}'.format(data[0][2], data[1][2])]])
+ def put_crc(self, s):
+ self.puty(s, [6, ['CRC: {:02X} {:02X}'.format(s[0][2], s[1][2])]])
- def display_status(self, start, end, status):
- self.put(start, end, self.out_ann, [7, ['Status: %s' % STATUS[status]]])
+ def put_status(self, ss, es, status):
+ self.putz(ss, es, [7, ['Status: %s' % STATUS[status]]])
- def display_warning(self, start, end, msg):
- self.put(start, end, self.out_ann, [8, ['Warning: %s' % msg]])
+ def put_warning(self, ss, es, msg):
+ self.putz(ss, es, [8, ['Warning: %s' % msg]])
def decode(self, ss, es, data):
cmd, databyte = data
-
# State machine.
if self.state == 'IDLE':
# Wait for an I²C START condition.
# Reset the opcode before received data, as this causes
# responses to be displayed incorrectly.
self.opcode = -1
- self.output_rx_bytes()
+ if len(self.bytes) > 0:
+ self.output_rx_bytes()
self.waddr = -1
self.bytes = []
self.state = 'IDLE'
self.output_tx_bytes()
self.bytes = []
self.state = 'IDLE'
-