BitBoxSwiss
diff --git a/‎src/CMakeLists.txt
Lines changed: 11 additions & 0 deletions b/‎src/CMakeLists.txt
Lines changed: 11 additions & 0 deletions
diff --git a/‎src/atecc/atecc.c
Lines changed: 10 additions & 10 deletions b/‎src/atecc/atecc.c
Lines changed: 10 additions & 10 deletions
diff --git a/‎src/atecc/atecc.h
Lines changed: 3 additions & 85 deletions b/‎src/atecc/atecc.h
Lines changed: 3 additions & 85 deletions
diff --git a/‎src/memory/memory_shared.c
Lines changed: 10 additions & 1 deletion b/‎src/memory/memory_shared.c
Lines changed: 10 additions & 1 deletion
diff --git a/‎src/memory/memory_shared.h
Lines changed: 1 addition & 1 deletion b/‎src/memory/memory_shared.h
Lines changed: 1 addition & 1 deletion
@@ -148,6 +148,17 @@ set(PLATFORM-BITBOX02-SOURCES ${PLATFORM-BITBOX02-SOURCES} PARENT_SCOPE)
 set(SECURECHIP-SOURCES
   ${CMAKE_SOURCE_DIR}/src/atecc/atecc.c
   ${CMAKE_SOURCE_DIR}/src/securechip/securechip.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_gpio.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_i2c.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_ifx_i2c_config.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_logger.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_os_datastore.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_os_event.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_os_lock.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_os_timer.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/pal/pal_os_memory.c
+  ${CMAKE_SOURCE_DIR}/src/optiga/optiga.c
 )
 set(SECURECHIP-SOURCES ${SECURECHIP-SOURCES} PARENT_SCOPE)
 
 
@@ -234,7 +234,7 @@ static ATCA_STATUS _lock_slot(atecc_slot_t slot)
 static ATCA_STATUS _factory_setup(void)
 {
     if (_interface_functions == NULL) {
-        return (ATCA_STATUS)ATECC_ERR_IFS;
+        return (ATCA_STATUS)SC_ERR_IFS;
     }
     bool is_config_locked = false;
     ATCA_STATUS result = atcab_is_locked(LOCK_ZONE_CONFIG, &is_config_locked);
@@ -336,14 +336,14 @@ static int _verify_config(void)
         return result;
     }
     if (!is_locked) {
-        return ATECC_ERR_ZONE_UNLOCKED_CONFIG;
+        return SC_ATECC_ERR_ZONE_UNLOCKED_CONFIG;
     }
     result = atcab_is_locked(LOCK_ZONE_DATA, &is_locked);
     if (result != ATCA_SUCCESS) {
         return result;
     }
     if (!is_locked) {
-        return ATECC_ERR_ZONE_UNLOCKED_DATA;
+        return SC_ATECC_ERR_ZONE_UNLOCKED_DATA;
     }
 
     bool same_config = false;
@@ -352,7 +352,7 @@ static int _verify_config(void)
         return result;
     }
     if (!same_config) {
-        return ATECC_ERR_CONFIG_MISMATCH;
+        return SC_ERR_CONFIG_MISMATCH;
     }
 
     // Check that the slots are individually locked.
@@ -361,29 +361,29 @@ static int _verify_config(void)
         return result;
     }
     if (!is_locked) {
-        return ATECC_ERR_SLOT_UNLOCKED_IO;
+        return SC_ATECC_ERR_SLOT_UNLOCKED_IO;
     }
     result = atcab_is_slot_locked(ATECC_SLOT_AUTHKEY, &is_locked);
     if (result != ATCA_SUCCESS) {
         return result;
     }
     if (!is_locked) {
-        return ATECC_ERR_SLOT_UNLOCKED_AUTH;
+        return SC_ATECC_ERR_SLOT_UNLOCKED_AUTH;
     }
     result = atcab_is_slot_locked(ATECC_SLOT_ENCRYPTION_KEY, &is_locked);
     if (result != ATCA_SUCCESS) {
         return result;
     }
     if (!is_locked) {
-        return ATECC_ERR_SLOT_UNLOCKED_ENC;
+        return SC_ATECC_ERR_SLOT_UNLOCKED_ENC;
     }
     return ATCA_SUCCESS;
 }
 
 int atecc_setup(const securechip_interface_functions_t* ifs)
 {
     if (ifs == NULL) {
-        return ATECC_ERR_IFS;
+        return SC_ERR_IFS;
     }
     _interface_functions = ifs;
     ATCA_STATUS result = atcab_init(&cfg);
@@ -527,10 +527,10 @@ bool atecc_update_keys(void)
 static int _atecc_kdf(atecc_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out)
 {
     if (len > 127 || (slot != ATECC_SLOT_ROLLKEY && slot != ATECC_SLOT_KDF)) {
-        return ATECC_ERR_INVALID_ARGS;
+        return SC_ERR_INVALID_ARGS;
     }
     if (msg == kdf_out) {
-        return ATECC_ERR_INVALID_ARGS;
+        return SC_ERR_INVALID_ARGS;
     }
 
     ATCA_STATUS result = _authorize_key();
 
@@ -15,112 +15,30 @@
 #ifndef _ATECC_H_
 #define _ATECC_H_
 
+/* ATECC implementation of the secure chip functions. */
+/* See securechip.h for the docstrings of the individual functions. */
+
 #include "compiler_util.h"
 #include "securechip/securechip.h"
 #include <platform/platform_config.h>
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdint.h>
 
-typedef enum {
-    ATECC_ERR_ZONE_UNLOCKED_CONFIG = -1,
-    ATECC_ERR_ZONE_UNLOCKED_DATA = -2,
-    ATECC_ERR_CONFIG_MISMATCH = -3,
-    ATECC_ERR_SLOT_UNLOCKED_IO = -4,
-    ATECC_ERR_SLOT_UNLOCKED_AUTH = -5,
-    ATECC_ERR_SLOT_UNLOCKED_ENC = -6,
-    ATECC_ERR_IFS = -7,
-    ATECC_ERR_INVALID_ARGS = -8,
-} atecc_error_t;
-
-/**
- * Initializes the cryptoauthlib communication, by providing a custom i2c chip
- * communication interface/bridge to cryptoauthlib. On first call, the chip
- * is configured and locked.
- * @param[in] ifs Interface functions.
- * @return values of `atecc_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on
- * success.
- */
 USE_RESULT int atecc_setup(const securechip_interface_functions_t* ifs);
-
-/**
- * Updates the two KDF keys (rollkey and kdf key). The previous keys are lost
- * and cannot be restored. Calling this function does not increment the
- * monotonic counter Counter0.
- * @return true on success.
- */
 USE_RESULT bool atecc_update_keys(void);
-
-/**
- * Perform HMAC using the key in KDF slot with the input msg.
- * @param[in] msg Use this msg as input
- * @param[in] len Must be <= 127.
- * @param[out] kdf_out Must have size 32. Result of the kdf will be stored here.
- * Cannot be the same as `msg`.
- * @return values of `atecc_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on
- */
 USE_RESULT int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out);
-
-/**
- * Perform KDF using the key in rollkey slot with the input msg.
- * Calling this function increments the
- * monotonic counter Counter0.
- * @param[in] msg Use this msg as input
- * @param[in] len Must be <= 127.
- * @param[out] kdf_out Must have size 32. Result of the kdf will be stored here.
- * Cannot be the same as `msg`.
- * @return values of `securechip_error_t` if negative, values of `ATCA_STATUS` if positive, 0 on
- */
 USE_RESULT int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out);
-
-/**
- * Generates a new attestation device key and outputs the public key.
- * @param[out] pubkey_out
- */
 USE_RESULT bool atecc_gen_attestation_key(uint8_t* pubkey_out);
-
-/**
- * @param[in] msg 32 byte message to sign.
- * @param[out] signature_out must be 64 bytes. R/S P256 signature.
- */
 USE_RESULT bool atecc_attestation_sign(const uint8_t* challenge, uint8_t* signature_out);
-
-/**
- * Retrieves the number of remaining possible counter increments (max value - Counter0).
- * The counter is increment when using `atecc_kdf()` (see its docstring).
- * @param[out] remaining_out current value of the monotonic counter.
- * @return false if there was a communication error with the SC.
- */
 USE_RESULT bool atecc_monotonic_increments_remaining(uint32_t* remaining_out);
-
-/**
- * @param[out] rand_out must be 32 bytes.
- */
 USE_RESULT bool atecc_random(uint8_t* rand_out);
-
 #if APP_U2F == 1 || FACTORYSETUP == 1
-/**
- * Set the u2f counter to `counter`. Should only be used for initialization.
- * @param[in] counter Value to set counter to
- * @return True if success
- */
 USE_RESULT bool atecc_u2f_counter_set(uint32_t counter);
 #endif
-
 #if APP_U2F == 1
-/**
- * Monotonically increase the U2F counter and return the current value
- * @param[out] counter Next counter value
- * @return True if success
- */
 USE_RESULT bool atecc_u2f_counter_inc(uint32_t* counter);
 #endif
-
-/**
- * Output the atecc model.
- * @param[out] model_out atecc model
- * @return True if success
- */
 USE_RESULT bool atecc_model(securechip_model_t* model_out);
 
 #endif
@@ -54,5 +54,14 @@ uint8_t memory_get_screen_type(void)
 
 uint8_t memory_get_securechip_type(void)
 {
-    return MEMORY_SECURECHIP_TYPE_ATECC;
+    chunk_shared_t chunk = {0};
+    memory_read_shared_bootdata(&chunk);
+    uint8_t securechip_type = chunk.fields.securechip_type;
+    util_zero(&chunk, sizeof(chunk));
+    switch (securechip_type) {
+    case MEMORY_SECURECHIP_TYPE_OPTIGA:
+        return securechip_type;
+    default:
+        return MEMORY_SECURECHIP_TYPE_ATECC;
+    }
 }
@@ -75,8 +75,8 @@ typedef union {
         uint8_t auto_enter;
         uint8_t upside_down;
         uint8_t screen_type;
+        uint8_t securechip_type;
         // Following are used by firmware only
-        uint8_t reserved[1];
         uint8_t io_protection_key_split[32];
         uint8_t authorization_key_split[32];
         uint8_t encryption_key_split[32];
Original file line number	Diff line number	Diff line change
`@@ -234,7 +234,7 @@ static ATCA_STATUS _lock_slot(atecc_slot_t slot)`
`234`	`234`	`static ATCA_STATUS _factory_setup(void)`
`235`	`235`	`{`
`236`	`236`	`if (_interface_functions == NULL) {`
`237`		`- return (ATCA_STATUS)ATECC_ERR_IFS;`
	`237`	`+ return (ATCA_STATUS)SC_ERR_IFS;`
`238`	`238`	`}`
`239`	`239`	`bool is_config_locked = false;`
`240`	`240`	`ATCA_STATUS result = atcab_is_locked(LOCK_ZONE_CONFIG, &is_config_locked);`
`@@ -336,14 +336,14 @@ static int _verify_config(void)`
`336`	`336`	`return result;`
`337`	`337`	`}`
`338`	`338`	`if (!is_locked) {`
`339`		`- return ATECC_ERR_ZONE_UNLOCKED_CONFIG;`
	`339`	`+ return SC_ATECC_ERR_ZONE_UNLOCKED_CONFIG;`
`340`	`340`	`}`
`341`	`341`	`result = atcab_is_locked(LOCK_ZONE_DATA, &is_locked);`
`342`	`342`	`if (result != ATCA_SUCCESS) {`
`343`	`343`	`return result;`
`344`	`344`	`}`
`345`	`345`	`if (!is_locked) {`
`346`		`- return ATECC_ERR_ZONE_UNLOCKED_DATA;`
	`346`	`+ return SC_ATECC_ERR_ZONE_UNLOCKED_DATA;`
`347`	`347`	`}`
`348`	`348`
`349`	`349`	`bool same_config = false;`
`@@ -352,7 +352,7 @@ static int _verify_config(void)`
`352`	`352`	`return result;`
`353`	`353`	`}`
`354`	`354`	`if (!same_config) {`
`355`		`- return ATECC_ERR_CONFIG_MISMATCH;`
	`355`	`+ return SC_ERR_CONFIG_MISMATCH;`
`356`	`356`	`}`
`357`	`357`
`358`	`358`	`// Check that the slots are individually locked.`
`@@ -361,29 +361,29 @@ static int _verify_config(void)`
`361`	`361`	`return result;`
`362`	`362`	`}`
`363`	`363`	`if (!is_locked) {`
`364`		`- return ATECC_ERR_SLOT_UNLOCKED_IO;`
	`364`	`+ return SC_ATECC_ERR_SLOT_UNLOCKED_IO;`
`365`	`365`	`}`
`366`	`366`	`result = atcab_is_slot_locked(ATECC_SLOT_AUTHKEY, &is_locked);`
`367`	`367`	`if (result != ATCA_SUCCESS) {`
`368`	`368`	`return result;`
`369`	`369`	`}`
`370`	`370`	`if (!is_locked) {`
`371`		`- return ATECC_ERR_SLOT_UNLOCKED_AUTH;`
	`371`	`+ return SC_ATECC_ERR_SLOT_UNLOCKED_AUTH;`
`372`	`372`	`}`
`373`	`373`	`result = atcab_is_slot_locked(ATECC_SLOT_ENCRYPTION_KEY, &is_locked);`
`374`	`374`	`if (result != ATCA_SUCCESS) {`
`375`	`375`	`return result;`
`376`	`376`	`}`
`377`	`377`	`if (!is_locked) {`
`378`		`- return ATECC_ERR_SLOT_UNLOCKED_ENC;`
	`378`	`+ return SC_ATECC_ERR_SLOT_UNLOCKED_ENC;`
`379`	`379`	`}`
`380`	`380`	`return ATCA_SUCCESS;`
`381`	`381`	`}`
`382`	`382`
`383`	`383`	`int atecc_setup(const securechip_interface_functions_t* ifs)`
`384`	`384`	`{`
`385`	`385`	`if (ifs == NULL) {`
`386`		`- return ATECC_ERR_IFS;`
	`386`	`+ return SC_ERR_IFS;`
`387`	`387`	`}`
`388`	`388`	`_interface_functions = ifs;`
`389`	`389`	`ATCA_STATUS result = atcab_init(&cfg);`
`@@ -527,10 +527,10 @@ bool atecc_update_keys(void)`
`527`	`527`	`static int _atecc_kdf(atecc_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out)`
`528`	`528`	`{`
`529`	`529`	`if (len > 127 \|\| (slot != ATECC_SLOT_ROLLKEY && slot != ATECC_SLOT_KDF)) {`
`530`		`- return ATECC_ERR_INVALID_ARGS;`
	`530`	`+ return SC_ERR_INVALID_ARGS;`
`531`	`531`	`}`
`532`	`532`	`if (msg == kdf_out) {`
`533`		`- return ATECC_ERR_INVALID_ARGS;`
	`533`	`+ return SC_ERR_INVALID_ARGS;`
`534`	`534`	`}`
`535`	`535`
`536`	`536`	`ATCA_STATUS result = _authorize_key();`