crypto demonstrations help - microchip technologyww1.microchip.com/downloads/en/devicedoc/harmony...

Crypto Demonstrations Help

MPLAB Harmony Integrated Software Framework

© 2013-2018 Microchip Technology Inc. All rights reserved.

Volume I: Getting Started With MPLAB Harmony Libraries and Applications This volume introduces the MPLAB® Harmony Integrated Software Framework.

Description

MPLAB Harmony is a layered framework of modular libraries that provide flexible and interoperable software "building blocks" for developing embedded PIC32 applications. MPLAB Harmony is also part of a broad and expandable ecosystem, providing demonstration applications, third-party offerings, and convenient development tools, such as the MPLAB Harmony Configurator (MHC), which integrate with the MPLAB X IDE and MPLAB XC32 language tools.

Legal Notices

Please review the Software License Agreement prior to using MPLAB Harmony. It is the responsibility of the end-user to know and understand the software license agreement terms regarding the Microchip and third-party software that is provided in this installation. A copy of the agreement is available in the <install-dir>/doc folder of your MPLAB Harmony installation.

The OPENRTOS® demonstrations provided in MPLAB Harmony use the OPENRTOS evaluation license, which is meant for demonstration purposes only. Customers desiring development and production on OPENRTOS must procure a suitable license. Please refer to one of the following documents, which are located in the <install-dir>/third_party/rtos/OPENRTOS/Documents folder of your MPLAB Harmony installation, for information on obtaining an evaluation license for your device:

• OpenRTOS Click Thru Eval License PIC32MXxx.pdf

• OpenRTOS Click Thru Eval License PIC32MZxx.pdf

TIP!Throughout this documentation, occurrences of <install-dir> refer to the default MPLAB Harmony installation path:

• Windows: C:/microchip/harmony/<version>

• Mac OS/Linux: ~/microchip/harmony/<version>

Volume I: Getting Started With MPLAB Harmony

© 2013-2017 Microchip Technology Inc. MPLAB Harmony v2.06 2

Applications Help

This section provides information on the various application demonstrations that are included in MPLAB Harmony.

Description

Applications determine how MPLAB Harmony libraries (device drivers, middleware, and system services) are used to do something useful. In a MPLAB Harmony system, there may be one main application, there may be multiple independent applications or there may be one or more Operating System (OS) specific applications. Applications interact with MPLAB Harmony libraries through well defined interfaces. Applications may operate in a strictly polling environment, they may be interrupt driven, they may be executed in OS-specific threads, or they may be written so as to be flexible and easily configured for any of these environments. Applications generally fit into one of the following categories.

Demonstration Applications

Demonstration applications are provided (with MPLAB Harmony or in separate installations) to demonstrate typical or interesting usage models of one or more MPLAB Harmony libraries. Demonstration applications can demonstrate realistic solutions to real-life problems.

Sample Applications

Sample applications are extremely simple applications provided with MPLAB Harmony as examples of how to use individual features of a library. They will not normally accomplish anything useful on their own. They are provided primarily as documentation to show how to use a library.

Crypto Demonstrations

This section provides descriptions of the Crypto demonstrations.

MPLAB Harmony is available for download from the Microchip website by visiting: http://www.microchip.com/mplabharmony. Once you are on the site, click the Downloads tab to access the appropriate download for your operating system. For additional information on this demonstration, refer to the “Applications Help” section in the MPLAB Harmony Help.

Introduction

Crypto Library Demonstration Applications Help.

Description

This distribution package contains three Crypto-related firmware projects that demonstrate the capabilities of the MPLAB Harmony Crypto Library. This section describes the hardware requirement and procedures to run these firmware projects on Microchip demonstration and development boards.

To learn more about MPLAB Harmony stacks and libraries refer to the related documentation in Volume V: MPLAB Harmony Framework Reference.

Demonstrations

This topic provides information on how to run the Crypto Library demonstration applications included in this release.

encrypt_decrypt

This section provides information on the supported demonstration boards, how to configure the hardware (if needed), and how to run the demonstration.

Description

This demonstration exercises several cryptographic functions, including MD5, TDES, DES, AES, RSA, ECC, and Random Number Generation, to verify that the software or hardware is performing correctly. While the demonstration is running, the yellow LED on the starter kit will light to indicate processing. If all functions execute successfully, the green LED on the starter kit will illuminate.

When testing hardware encryption, the Starter Kit with Crypto Engine (DM320006-C) must be used. Software encryption can be performed on either PIC32MX795F512L or any version of PIC32MZ device.

Building the Application

This section identifies the MPLAB X IDE project name and location and lists and describes the available configurations for the Crypto Demonstration.

Volume I: Getting Started With MPLAB Harmony Applications Help Crypto Demonstrations


http://www.microchip.com/mplabharmony

Description

To build this project, you must open the encrypt_decrypt.X project in MPLAB X IDE, and then select the desired configuration.

The following tables list and describe the project and supported configurations. The parent folder for these files is <install-dir>/apps/crypto/encrypt_decrypt.

MPLAB X IDE Project

This table lists the name and location of the MPLAB X IDE project folder for the demonstration.

Project Name Location

encrypt_decrypt.X <install-dir>/apps/crypto/encrypt_decrypt/firmware

MPLAB X IDE Project Configurations

This table lists and describes the supported configurations of the demonstration, which are within ./firmware/src/system_config.

Project Configuration Name

BSP(s) Used Description

pic32mx_eth_sk pic32mx_eth_sk Demonstrates encryption, decryption, hashing, and random number generation using Software Libraries on the PIC32 Ethernet Starter Kit.

pic32mz_ec_sk_hw pic32mz_ec_sk Demonstrates encryption, decryption, hashing, and random number generation using the Hardware Encryption module on the PIC32MZ Embedded Connectivity (EC) Starter Kit with Crypto.

pic32mz_ef_sk_hw pic32mz_ef_sk Demonstrates encryption, decryption, hashing, and random number generation using the Hardware Encryption module on the PIC32MZ Embedded Connectivity with Floating Point Unit (EF) Starter Kit with Crypto.

pic32mz_ec_sk_sw pic32mz_ec_sk Demonstrates encryption, decryption, hashing, and random number generation using Software Libraries on the PIC32MZ Embedded Connectivity (EC) Starter Kit.

pic32mz_ef_sk_sw pic32mz_ef_sk Demonstrates encryption, decryption, hashing, and random number generation using Software Libraries on the PIC32MZ Embedded Connectivity with Floating Point Unit (EC) Starter Kit.

Configuring the Hardware

Describes how to configure the supported hardware.

Description

PIC32 Ethernet Starter Kit

No hardware related configuration or jumper setting changes are necessary.

PIC32MZ EC Starter Kit


PIC32MZ EF Starter Kit


Running the Demonstration

Provides instructions on how to build and run the Crypto demonstration.

Description

This demonstration exercises various encryption, decryption, hashing, and random number functions.

1. First compile and program the target device. While compiling, select the configuration for the hardware in use.

2. Observe the status of LEDs on the starter kit. The yellow LED will be illuminated while the demonstration executes. If all function passes succeed, the green LED will illuminate. If an error occurred, the red LED is illuminated.

large_hash

This section provides information on the supported demonstration boards, how to configure the hardware (if needed), and how to run the demonstration.



Description

This application demonstrates how to execute hashes on large blocks of data. In this case, the demonstration performs MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashing on a 512 * 1024 block of the letter 'a'.

On PIC32MZ devices, which have adequate Flash memory, the linker script is configured to create the 512 * 1024 block starting at physical address 0x9D08_0000.

The application runs the hashes in two ways:

• On PIC32MZ devices, the first way it runs it is by passing the entire 512 * 1024 block in one function call.

• With the second way, which is the only one that runs on PIC32MX devices, it passes a 1024 block of the letter 'a' that is allocated on the stack to the engine, doing it 512 times.

After the hashing has been performed, the application outputs via the system console the results of the hashing, and the time it took to perform each form. It then compares the generated hashes with known values for each algorithm. If all tests pass, the green LED is lit, and a message is presented through the system console. If any tests fail, the red LED is lit, and a corresponding message is presented through the system console.

When testing hardware encryption, the PIC32MZ EC Starter Kit configured with the Crypto Engine (DM320006-C) must be used. Software encryption can be performed on any version of a PIC32MX or PIC32MZ device.


This section identifies the MPLAB X IDE project name and location and lists and describes the available configurations for the Crypto Demonstration.

Description

To build this project, you must open the large_hash.X project in MPLAB X IDE, and then select the desired configuration.

The following tables list and describe the project and supported configurations. The parent folder for these files is <install-dir>/apps/crypto/large_hash.

MPLAB X IDE Project



large_hash.X <install-dir>/apps/crypto/large_hash/firmware


This table lists and describes the supported configurations of the demonstration, which are within ./firmware/src/system_config.


BSP(s) Used Description

pic32mx_eth_sk pic32mx_eth_sk Demonstrates hashing large blocks of data using Software Libraries on the PIC32 Ethernet Starter Kit.

pic32mz_ec_sk_hw pic32mz_ec_sk Demonstrates hashing large blocks of data using the Hardware Encryption module on the PIC32MZ Embedded Connectivity (EC) Starter Kit with Crypto.

pic32mz_ef_sk_hw pic32mz_ef_sk Demonstrates hashing large blocks of data using the Hardware Encryption module on the PIC32MZ Embedded Connectivity with Floating Point Unit (EF) Starter Kit with Crypto.

pic32mz_ec_sk_sw pic32mz_ec_sk Demonstrates hashing large blocks of data using Software Libraries on the PIC32MZ Embedded Connectivity (EC) Starter Kit.

pic32mz_ef_sk_sw pic32mz_ef_sk Demonstrates hashing large blocks of data using Software Libraries on the PIC32MZ Embedded Connectivity with Floating Point Unit (EF) Starter Kit.


Describes how to configure the supported hardware.

Description

PIC32 Ethernet Starter Kit

UART communication is done through the UART2 module. The U2RX and U2TX pins can be accessed through the Starter Kit I/O Expansion Board. One way to do this is with the MCP2200 Breakout Module. Connect the TX pin of the module to pin 46 on connector J11. Connect the RX pin of the module to pin 48 on connector J11. Connect GND pins together to ensure shared grounding.

Figure 1 and Figure 2 show the hardware configuration and close-ups of the jumper wire connections.

Figure 1 - Hardware Configuration



Figure 2 - Jumper Wire Connections

PIC32MZ EF Starter Kit


PIC32MZ Embedded Connectivity (EC) Starter Kit

UART communication is done through the UART1 module, routed through PPS to RPF0 and RPF1. The U1RX and U1TX pins can be accessed through the PIC32MZ Starter Kit Adapter Board. One way to do this is with the MCP2200 Breakout Module. Connect the TX pin of the module to the EBID10 pin of JP3 on the underside of the adapter. Connect the RX pin of the module to the EBID11 pin of JP1 on the underside of the adapter. Connect grounds between the module and the starter kit to ensure shared grounding.

Figure 3 and Figure 4 show the hardware configuration.

Figure 3 - Hardware Configuration (Front)



Figure 4 - Hardware Configuration (Back)


Provides instructions on how to build and run the Crypto demonstration.

Description

This demonstration exercises hashing functions on large blocks of data.

1. First, compile and program the target device. While compiling, select the configuration suitable for hardware.

2. Open a serial terminal program, such as PuTTY or TeraTerm, and connect it to the serial port for the MCP2200 Breakout Module. The serial configuration is 115200 baud, 8 data bits, no parity bit, 1 stop bit.

3. Observe the status of LEDs on the starter kit. The yellow LED will be illuminated while the demonstration executes. If all function passes succeed, the green LED will illuminate. If an error occurred, the red LED is illuminated.

4. Observe the output of the program in the serial terminal program. It will report the results of the hashes, and the cycles taken to execute. The actual cycles taken will depend on the hardware used, and the size of the buffers available to the hardware engine. The following example shows the output using the PIC32MZ EC Starter Kit configured with the Crypto Engine:

Starting the test.

MD5 from Flash: 30C2557E8302A5BEB290C71520D87F42 took 481405 clock cycles

MD5 from feed: 30C2557E8302A5BEB290C71520D87F42 took 804934 clock cycles

SHA from Flash: F7FEC128D7FCD59222BA37368D3B7210D4C7B6EF took 481151 clock cycles



SHA from feed: F7FEC128D7FCD59222BA37368D3B7210D4C7B6EF took 804901 clock cycles

SHA256 from Flash: 85A84A75886E8A526DBEC4E16E3375FAA307B4AEAD79C9ED3264C0477A6F6EBA took 702033 clock cycles

SHA256 from feed: 85A84A75886E8A526DBEC4E16E3375FAA307B4AEAD79C9ED3264C0477A6F6EBA took 806480 clock cycles

SHA384 from Flash: A550561A6330048EFE826A97E5FED843FA1CE646A9BF546CCB433C2FCB0E54821C4C945EED9A592B5BF43157E212F277 took 45452328 clock cycles

SHA384 from feed: A550561A6330048EFE826A97E5FED843FA1CE646A9BF546CCB433C2FCB0E54821C4C945EED9A592B5BF43157E212F277 took 45391039 clock cycles

SHA512 from Flash: 7F49157FB359B39EA6DA934DC9A10709FEDF8846D139D0E637A3C0FC833B6F42703858DBACEE28F4489B5E95FAB5E5655A25F838B0DC7BF3C84C7CC0264F6A4F took 45807606 clock cycles

SHA512 from feed: 7F49157FB359B39EA6DA934DC9A10709FEDF8846D139D0E637A3C0FC833B6F42703858DBACEE28F4489B5E95FAB5E5655A25F838B0DC7BF3C84C7CC0264F6A4F took 45775518 clock cycles

All tests passed.

ecc_asymmetric

This application demonstrates the authentication of a remote device with a host (The Curiosity PIC32MZ EF Development Board and the secure 4 click board using the cryptography module ATECC608A) by using an asymmetric authentication method, where the host verifies the signature from the remote through the public key of the remote.

The application allows adding information to the configuration, using the configuration data, and key data to configure a secure 4 click board. The application flow is realized through an interactive user interface through the serial terminal program (Tera term) interfaced through the USB of a computer.

For more information on the features and layout of the Curiosity PIC32MZ EF Development Board, refer to the PIC32MZ EF Curiosity Development Board User's Guide.

For more information on the features of the ATECC608A module, refer to the Product Data Sheet.

Description

This application demonstrates the use of the ATECC608A module to authenticate and verify if the device is secure or not. The authentication method used is Asymmetric.

In asymmetric authentication, a verifier checks the authenticity of remote by validating the signature.

Asymmetric authentication is based on the use of two keys. One of the keys needs to be kept secret. This key is called the Private Key. The second key is mathematically related to the Private Key and is called the Public Key. The public key is openly shared. The key owner will use the Public Key to authenticate the signature.

In this application, a secure hardware key storage device (ATECC608A on a Secure 4 click board) is used to generate a signature by the remote, and the host uses the public key of the remote, and verifies the signature.

The following figure represents the functional block diagram of the application.



http://ww1.microchip.com/downloads/en/DeviceDoc/70005282B.pdf


http://ww1.microchip.com/downloads/en/DeviceDoc/40001977A.pdf

Note:The Secure 4 click board 1 and Secure 4 click board 2 house the ATECC608A module and interface with the Curiosity PIC32MZ EF Development Board microcontroller over I2C interface.

Authentication Process

The host sends a random challenge to the remote device. The remote device responds with a signature. However, the host only needs the public key from the remote (not a secret key) to verify the signature on the challenge.



If the signature verification matches, then the remote device has successfully responded to the challenge and the host can trust the remote device.


Description

To build this project, you must open the ecc_asymmetric.X project in MPLAB X IDE, and then select the desired configuration.

The following tables list and describe the project and supported configurations. The parent folder for these files is <install-dir>/apps/crypto/ecc_asymmetric.

MPLAB X IDE Project



ecc_asymmetric.X <install-dir>/apps/crypto/ecc_asymmetric/firmware


This table lists and describes the supported configurations of the demonstration, which are located within ./firmware/src/system_config.


BSP Used Description

pic32mz_ef_curiosity pic32mz_ef_curiosity Select this MPLAB X IDE project configuration to run the demonstration application to run on the PIC32MZ EF Curiosity Development Board, with the PIC32MZ2048EFM100 microcontroller.

This configuration uses "Secure 4 click" board from MikroElektronika mounted on the mikroBUS header interfaces.




The following section describes how to configure the hardware for the demonstration.

Description

PIC32MZ EF Curiosity Development Board

Configuration: pic32mz_ef_curiosity

To configure the hardware, use the following steps:

1. For the host operation, mount a Secure 4 Click board on the mikroBUS socket J5.

2. For the remote device operation, mount a Secure 4 Click board on the mikroBUS socket J10.

3. Power the Curiosity PIC32MZ EF Development Board from the host computer through a Type-A male to Micro-B USB cable connected to the Micro-B port (J3). The cable is not included with the kit. Ensure that a jumper is placed in the J8 header (between 4 and 3) to select the supply from the debug USB connector.

4. Ensure that the jumper is not present in the J13 header to use the Curiosity board in Device mode. In Device mode, the board acts as a USB device to the computer. Plug in a USB cable with a Micro-B type connector to Micro-B port (J12), and plug the other end into the computer.


The following section describes how to run the demonstration.

Description

Important!Prior to using this demonstration, it is recommended to review the MPLAB Harmony Release Notes for any known issues. A PDF copy of the release notes is provided in the <install-dir>/doc folder of your installation.



The following steps are used to run the demonstration:

1. Open the project in MPLAB X IDE and select the pic32mz_ef_curiosity project configuration.

2. Build the code and program the device by clicking on the program button as shown below.

3. After power up, the demonstration is active. This is indicated by a yellow LED (LED3) on the board.

4. Plug in a USB cable with a Micro-B type connector to the Micro-B port (J12) of the Curiosity board, and plug the other end into the computer.

5. If this is the first time using this device with a personal computer, there may be a prompt for a .inf file.

6. Select the Install from a list or specific location (Advanced) option. Specify the path from <install-dir>/apps/crypto/ecc_asymmetric/inf directory.

Note:Optionally, to specify the driver, open the device manager and expand the Ports (COM & LPT) tab, then right click on Update Driver Software.

7. Once the device is installed, open a terminal program, such as Tera Term or HyperTerminal. Select the appropriate COM port for the terminal. The following figure shows the COM port selection for the Tera Term terminal program.



8. Once the Tera Term screen is displayed, Press the Enter key. The following modes of operation will be displayed.

9. The application demonstration offers the following two modes of operation.

• Configuration Mode: This mode is used to configure a blank ATECC608A module with the configuration data and keys to be stored. A blank ATECC608A device is in an unlocked state. This operation performs a lock on the Configuration Zone and Data Zones on the ATECC608A device. The locking operation is a one time operation and is irreversible.

• Authentication Mode: This mode performs the secured authentication of the Remote ATECC608A device.

10. Selecting Option 1 - Configuration Mode

The display prompts the user to perform an action:

When the Secure 4 click board is plugged-in, the application enters into Configuration Write mode, and prints the existing or default configuration.

Note:The existing or default configuration may be different from what is shown in the following figure.

If the plugged-in board is a brand new Secure 4 click board, the application will write the new configuration to the configuration zone and lock it. The application will display the following messages:

• Configuration Write Complete

• Locking Configuration Zone

• Configuration Zone Lock Complete

This would be followed by the writing of the new data (data slot contents and new keys) to the data zone and locking it. It would display the following messages:

• Writing Data Zone



• Data Zone Write Complete

• Locking Data Zone

• Data Zone Lock Complete

• **Host board Configuration Done**

If the plugged-in board is already configured, the application displays the following message:

• ATCA already configured

Once the host configuration is completed, the display prompts the user to choose an action:

• Plug in remote Secure 4 Click board in Mikro Bus Interface 2 and press S1.

When the Secure 4 click board is plugged-in, the application enters the configuration write mode and prints the existing or default configuration.


If the plugged-in board is a brand new Secure 4 click board, the application will write the new

configuration to the configuration zone and lock it. It will display the following messages:


• Locking Configuration Zone..


This would be followed by writing of the new data (data slot contents and new keys) to the

data zone and locking it. It would display the following messages:



• Locking Data Zone..


• **Remote board Configuration Done**


• ATCA already configured.

The application provides a user the option to return to main menu:

• Press a key followed by 'enter' key to return to Options Menu.

11. Selecting option 2 - Authentication Mode

Fail Case:

• By default, if the application fails to authenticate the Remote Secure 4 click (plugged in J10), it will be indicated by a red LED (LED1) on the board



The Remote Secure 4 click fails to authenticate when the host does not have the public key for the remote in its database. The host will verify only those remote devices whose public key it possesses.

Pass Case:

To verify the signature of the remote, place the Disposable Public Key of the remote in the database of the host. Copy the Remote Disposable Public Key from the previous figure and paste the key into the array key_store[] in ecc_asymmetric_app.c file as shown in the following figure.

Build and program the code. Repeat the user actions to select Authentication mode. The application now passes to verify the signature from the Remote Secure 4 click (plugged in J10). This is indicated by a green LED (LED2) on the board.



The signature of the Remote Secure 4 click is successfully verified as the remote had generated the signature using its private key and the random challenge from the host, while the host verified the signature by authenticating it against the public key of the remote.

The application provides the following option to return to the main menu:


ecc_symmetric

This application demonstrates the authentication of a remote device with a host (The Curiosity PIC32MZ EF Development Board and the secure 4 click board using the cryptography module ATECC608A) by using symmetric authentication method, where the host and the remote devices share the same key. The application allows adding information to the configuration, using the configuration data, and key data to configure a secure 4 click board. The application flow is realized through an interactive user interface through the serial terminal program (Tera term) interfaced through the USB of a computer.

For more information on the features and layout of the Curiosity PIC32MZ EF Development Board, refer to the PIC32MZ EF Curiosity Development Board User's Guide.

For more information on the features of the ATECC608A module, refer to the Product Data Sheet.

Description

This application demonstrates the use of the ATECC608A module to authenticate the security of the

connected device. The authentication method used is Symmetric.

Symmetric authentication uses a challenge and response process. The host challenges a remote device to assure that it is authentic and can be trusted. The challenged device responds with the expected results. This method requires that both the host and the remote devices share the same key. Additionally, the remote device can send a unique serial number so the responses are unique from other remote devices.

In this application, a secure hardware key storage device (ATECC608A on a Secure 4 click board) is used to contain the shared key and unique serial number, in the host and remote device.

The following figure represents a functional block diagram of the application.





http://ww1.microchip.com/downloads/en/DeviceDoc/40001977A.pdf

Note:The Secure 4 click board 1 and Secure 4 click board 2 house the ATECC608A module and interface with the Curiosity PIC32MZ EF Development Board microcontroller over I2C interface.

Authentication Process

The authentication begins with the host asking for the serial number of the remote device. The host sends a random number, which it expects the remote device to hash with the shared secret key. This is called a challenge because it challenges the remote device to provide a correct answer. This challenge process is shown in the following figure.

The remote device hashes the random number with the shared key and the unique serial number, then sends back the resulting output of the hash, which is referred to as a Message Authentication Code (MAC).

The host checks the returned MAC by repeating the same operation. It hashes the shared key with the random number and the unique serial number of the remote device. The host compares the two results.

A matching result indicates that the challenge has been successfully responded to by the remote device and the host can trust the external device.


The following section describes how to build the application.

Description

To build this project, you must open the ecc_symmetric.X project in MPLAB X IDE, and then select the desired configuration.

The following tables list and describe the project and supported configurations. The parent folder for these files is <install-dir>/apps/crypto/ecc_symmetric.

MPLAB X IDE Project



ecc_symmetric.X <install-dir>/apps/crypto/ecc_symmetric/firmware


This table lists and describes the supported configurations of the demonstration, which are located within ./firmware/src/system_config.


BSP Used Description

pic32mz_ef_curiosity pic32mz_ef_curiosity Select this MPLAB X IDE project configuration to run the demonstration application to run on the PIC32MZ EF Curiosity Development Board, with the PIC32MZ2048EFM100 microcontroller.

This configuration uses "Secure 4 click" board from MikroElektronika mounted on the mikroBUS header interfaces.




This section describes how to configure the hardware for the demonstration.

Description

PIC32MZ EF Curiosity Development Board

Configuration: pic32mz_ef_curiosity

To configure the hardware, use the following steps:

1. For the host operation, mount a Secure 4 click board on the mikroBUS socket J5.

2. For the remote device operation, mount a Secure 4 click board on the mikroBUS socket J10.

3. Power the Curiosity PIC32MZ EF Development Board from the host computer through a Type-A male to Micro-B USB cable connected to the Micro-B port (J3). The cable is not included with the kit. Ensure that a jumper is placed in the J8 header (between 4 and 3) to select the supply from the debug USB connector.

4. Ensure that the jumper is not present in the J13 header to use the Curiosity board in Device mode. In Device mode, the board acts as a USB device to the computer. Plug in a USB cable with a Micro-B type connector to Micro-B port (J12), and plug the other end into the computer.


The following section describes how to run the demonstration.

Description

Important!Prior to using this demonstration, it is recommended to review the MPLAB Harmony Release Notes for any known issues. A PDF copy of the release notes is provided in the <install-dir>/doc folder of your installation.



The following steps are used to run the demonstration:

1. Open the project in MPLAB X IDE and select the pic32mz_ef_curiosity project configuration.

2. Build the code and program the device by clicking on the program button as shown below.

3. After power up, the demonstration is active. This is indicated by a yellow LED (LED3) on the board.

4. Plug in a USB cable with a Micro-B type connector to the Micro-B port (J12) of the Curiosity board, and plug the other end into the computer.

5. If this is the first time using this device with a personal computer, there may be a prompt for a .inf file.

6. Select the Install from a list or specific location (Advanced) option. Specify the path from <install-dir>/apps/crypto/ecc_symmetric/inf directory.

Note:Optionally, to specify the driver, open the device manager and expand the Ports (COM & LPT) tab, then right click on Update Driver Software.

7. Once the device is installed, open a terminal program, such as Tera Term or HyperTerminal. Select the appropriate COM port for the terminal. The following figure shows the COM port selection for the Tera Term terminal program.



8. Once the Tera Term screen is displayed, Press the Enter key. The following modes of operation will be displayed.

9. The application demonstration offers the following two modes of operation.

• Configuration Mode: This mode is used to configure a blank ATECC608A module with the configuration data and keys to be stored. A blank ATECC608A device is in an unlocked state. This operation performs a lock on the Configuration Zone and Data Zones on the ATECC608A device. The locking operation is a one time operation and is irreversible.

• Authentication Mode: This mode performs the secured authentication of the Remote ATECC608A device.

10. Selecting Option 1 - Configuration Mode

• The display prompts the user to perform an action

When the Secure 4 click board is plugged-in, the application enters into Configuration Write mode, and prints the existing or default configuration.


If the plugged-in board is a brand new Secure 4 click board, the application will write the new configuration to the configuration zone and lock it. The application will display the following messages:


• Locking Configuration Zone..


This would be followed by the writing of the new data (data slot contents and new keys) to the

data zone and locking it. It would display the following messages:





• Locking Data Zone..


• **Host board Configuration Done**


• ATCA already configured.

Once the host configuration is completed, the display prompts the user to choose an action:

• Plug in remote Secure 4 Click board in Mikro Bus Interface 2 and press S1.

When the Secure 4 click board is plugged-in, the application enters the configuration write mode and prints the existing or default configuration.


If the plugged-in board is a brand new Secure 4 click board, the application will write the new configuration to the configuration zone and lock it. It will display the following messages:


• Locking Configuration Zone


This would be followed by writing of the new data (data slot contents and new keys) to the data zone and locking it. It would display the following messages:



• Locking Data Zone


• **Remote board Configuration Done**


• ATCA already configured

The application provides a user the option to return to main menu:


11. Selecting Option 2 - Authentication Mode

Pass Case:

• By default, the application performs successful authentication of the Remote Secure 4 click (plugged in J10). The successful authentication will be indicated by a green LED (LED2) on the board

• The Remote Secure 4 click successfully authenticates as it shares the secret key with the host.



Note:In configuration mode, both the host and device (ATECC608A) are programmed with four identical keys. Refer to the function, ECC_ATCA_CONFIGURE_WriteData in ecc_atca_configure.c.

• In the file ecc_symmetric_app.c the implementation of the function _ECC_SYMMETRIC_APP_Handle_Authentication, the MAC is computed and verified for Slot 0, which corresponds to Key 0 being used to compute the MAC on the remote device. The same Key 0 is used to verify the MAC on the host device. Since the key is same, the MAC verification on the host is successful.

Fail Case:

• To test the Authentication Failure case, uncomment and comment the below lines of code in the function _ECC_SYMMETRIC_APP_Handle_Authentication in the file ecc_symmetric_app.c.

• Build and program the code. Repeat the user actions to select Authentication Mode. The application will fail to authenticate the Remote Secure 4 click (plugged in J10). The failure is indicated by a red LED (LED1) on the board.

• The remote Secure 4 click failed to authenticate because the secret key used to compute the MAC by the remote, and the secret key used to verify the MAC from the remote by the host are different. The remote used the Key 0 to compute the MAC, while the host used Key 1 to verify the computed MAC. Since the Keys are not identical, the MAC verification fails, indicating that the host and the remote do not share a key.

• The application then provides the following message to return to the main menu:

• Press a key followed by 'enter' key to return to Option Menu.



Index

A

Applications Help 3

B

Building the Application 3, 5, 10, 17

C

Configuring the Hardware 4, 5, 11, 18

Crypto Demonstrations 3

D

Demonstrations 3

Crypto Library 3

E

ecc_asymmetric 8

ecc_symmetric 16

encrypt_decrypt 3

I

Introduction 3

Crypto Library Demonstrations 3

L

large_hash 4

R

Running the Demonstration 4, 7, 11, 18

V

Volume I: Getting Started With MPLAB Harmony Libraries and Applications 2

Index
