下面我们就以PIC18F47Q10和ATSHA204为例,来实现一个简单的IP保护测试例程。PIC18F47Q10是一款高端的8位单片机,该单片机的时钟最高可以跑到64MHz,具有两个外部中断入口地址,也就是说具有两个硬件中断优先级(中断8位单片机只有一个),当然51或者ARM架构的单片机是有很多硬件中断优先级,有好处也有坏处。ATSHA204是一款,本次使用的ATSHA204支持SHA256加密算法,具有IIC或者单总线通信接口,用户可以选择ACES软件(如下图所示)配置ATSHA204,也可以使用Python脚本配置ATSHA204,主要是配置密钥和防止需要保护的加密数据。
#include "mcc_generated_files/mcc.h"
#include "cryptoauthlib.h"
const uint8_t nonce_in[20] = {
0x01, 0x23, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
};
const uint8_t key0[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
uint8_t mac_bytes[24] = {
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xEE,
0x00, 0x00, 0x00, 0x00, 0x01, 0x23, 0x00, 0x00,
};
// Section: Main Entry Point
void main(void)
{
ATCA_STATUS status;
uint8_t sn[9];
uint8_t challenge[32];
uint8_t digest[32];
uint8_t sha2_input[88];
uint8_t mac_sw[32];
// Initialize the device
SYSTEM_Initialize();
// Enable the Global Interrupts
INTERRUPT_GlobalInterruptEnable();
// Disable the Global Interrupts
//INTERRUPT_GlobalInterruptDisable();
// Enable the Peripheral Interrupts
INTERRUPT_PeripheralInterruptEnable();
// Disable the Peripheral Interrupts
//INTERRUPT_PeripheralInterruptDisable();
printf ("\r\nInitial CryptoAuthLib: \r\n");
status = atcab_init (&cfg_atsha204a_i2c_default);
if (status != ATCA_SUCCESS)
{
printf ("\tFail\r\n");
LED_SetHigh();
}
printf ("\tSuccess\r\n");
status = atcab_read_serial_number (sn);
if (status == ATCA_SUCCESS)
{
atcab_printbin_label ("Seriel Number:\r\n", sn, 9);
}
status = atcab_nonce_rand (nonce_in, challenge);
if (status != ATCA_SUCCESS) {
printf ("Nonce Fail\n");
}
challenge[0] ^= 0x21;
atcab_printbin_label ("Challenge:\r\n", challenge, 32);
//digest是加密IC返回的哈希运算结果(加密IC将随机数challenge与加密IC内部密钥进行哈希运算)
status = atcab_mac (0x00, 0, challenge, digest);
if (status != ATCA_SUCCESS) {
printf ("Slot 0 GetMac Fail\n");
}
atcab_printbin_label ("Digest:\r\n", digest, 32);
// MCU将共享密钥与随机数进行哈希运算,这里需要按照数据手册将密钥与一段数据组合
memcpy (sha2_input, key0, 32);
memcpy (sha2_input + 32, challenge, 32);
memcpy (sha2_input + 64, mac_bytes, 24);
status = atcac_sw_sha2_256 (sha2_input, 88, mac_sw);
if (status != ATCA_SUCCESS) {
printf ("Get SW Mac Fail\n");
}
atcab_printbin_label ("SW Digest:\r\n", mac_sw, 32);
// 将MCU哈希运算值和加密IC哈希运算值进行比较,如果相同,则运行核心程序
if (memcmp (mac_sw, digest, 32) == 0) {
printf ("Slot 0 CheckMac PASS\n");
}
atcab_release();
while (1)
{
}
}
楼主
标题置顶
标题高亮
使用ATSHA204加密芯片,为MCU安全保驾护航。