In [None]:
%%HTML
<p id = 'heading1_p'> Secure Public Key Rotation – PIC32CMLS60-TFLXTLS </p>
<hr id = 'hline'> </hr> 
<p id = 'heading1_p' style='font-size: 20px; font-weight: bold;'>Introduction</p>
<div id='div_element'>
<p>Cryptographic best practices discourage extensive reuse of encryption keys. In situations like Secure Boot or OTA firmware authentication, it’s important to have ability to update the public key that is used for verifying firmware. </p>
<p>Slot validation and invalidation is the process in which authenticity of the slot will be verified using its digest and signature provided by validation authority. Once its authenticated, slot can be marked as validated or invalidated. Only validated slot allows to use it for Verify operations and invalidated slot allows to overwrite the slot content.</p>
<p>The public keys that are intended to rotate securely should be stored in slots marked as PubInvalid.</p>
</div>

<button class="collapsible" style='font-size: 20px; font-weight: bold;'>Cryptographic Asset list & Use Case implementation</button>
<div class="content">
<div id='content_element'>
<hr id = 'h_content'> </hr> 
<p style="float: left; font-size: 9pt; text-align: center; width: 30%; margin-right: 1%;"><img src="assets/crypto-assets.png" style="height: 35em; width: 100%"><b>Cryptographic Asset list</b></p>
<p style="float: left; font-size: 9pt; text-align: center; 20em; width: 35%; margin-right: 1%;"><img src="assets/usecase_steps.png" style="height: 25em; width: 100%"><b>Use Case implementation</b></p>
<p style="clear: both;">
</div>
</div>

<p id = 'heading1_p' style='margin-top:40px; font-size: 20px; font-weight: bold;'>Use Case information</p>
<hr id = 'hline'> </hr> 
<div id='div_element'>
<p> The Transaction Diagram represent all steps to be performed to successfully implement the given Use Case, 
during development and after product delivery to the end-user. </p>
<p><strong> For the ease of the execution, when steps are executed from transaction diagram, these are emulated in the Host-PC 
rather than executed in the Host-Microcontroller/Processor from the evaluation kit.</strong> The MPLAB-X project/C Source code includes software code to be executed in your Host-Microcontroller/Processor 
in your embedded project. </p>

<p>Select your Evaluation kit and then click on each step to execute the Use Case. Click on Usecase Help button in 
transaction diagram for additional details.</p>
</div>

In [None]:
import os
from tpds.usecase_diagram import ProtoBoard, UsecaseDiagram
from tpds.tp_utils.tp_settings import TPSettings
from IPython.display import display

curr_path = os.path.abspath('')
os.sys.path.extend([os.path.join(curr_path, 'assets', 'python', 'pubkey_rotation')])
import pubkey_rotation

tp_settings = TPSettings()
usecase_working_dir = os.path.join(tp_settings.get_base_folder(), 'pic32cmls60_public_key_rotation')
os.makedirs(usecase_working_dir, exist_ok=True)
boards = ProtoBoard(max_width=400)
boards.add_board(
            'PIC32CMLS60 CPro', 
            os.path.join(curr_path, '..', '..', 'assets', 'EV76R77A', 'PIC32CMLS60.png'), 
            os.path.join(curr_path, '..', '..', 'assets', 'EV76R77A', 'PIC32CMLS60.hex'), 
            os.path.join(curr_path, 'firmware', 'LS60', 'NonSecure', 'firmware', 'pub_key_rotation_NonSecure.X')
)
boards.render_boards(0)

key_rotation = pubkey_rotation.PubKeyRotation(boards, 13, 14)
usecase_td = UsecaseDiagram(os.path.join(curr_path, 'assets', 'td_pubkey_rotation.png'), working_dir=usecase_working_dir)

generate_resources = usecase_td.add_script(235,79,35,30, key_rotation.generate_resources)
generate_new_key = usecase_td.add_script(242,258,35,30, key_rotation.generate_and_authorize_newpublic_key, prereq_scripts = [generate_resources])
invalidate_key = usecase_td.add_script(512,274,35,30, key_rotation.invalidate_existing_public_key, prereq_scripts = [generate_new_key])
validate_key = usecase_td.add_script(511,327,35,30, key_rotation.write_and_validate_public_key, prereq_scripts = [invalidate_key])
verify_key = usecase_td.add_script(511,381,35,30, key_rotation.verify_newpublic_key, prereq_scripts = [validate_key])

usecase_td.add_firmware(boards.get_firmware_project, tp_settings.get_mplab_paths().get('ide_path'))
usecase_td.add_image(726,242,140,25, os.path.join(curr_path, 'assets', 'c-snippet.png'), 'Code Snippet')
usecase_td.add_link(730,276,125,11,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/af8187776cd3f3faf8bed412eaf6ff7221862e19/lib/basic/atca_basic_verify.c#L476')
usecase_td.add_link(740,312,126,10,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/af8187776cd3f3faf8bed412eaf6ff7221862e19/lib/basic/atca_basic_write.c#L356')
usecase_td.add_link(747,342,112,10,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/af8187776cd3f3faf8bed412eaf6ff7221862e19/lib/basic/atca_basic_verify.c#L439')
usecase_td.add_link(771,373,66,10,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/af8187776cd3f3faf8bed412eaf6ff7221862e19/lib/basic/atca_basic_verify.c#L69')
usecase_td.add_usecase_help(os.path.join(curr_path, 'assets', 'PIC32CMLS60-Public Key Rotation.md'))

display(boards.canvas)
usecase_td.display_canvas()

In [None]:
%%HTML
<button class="collapsible" style='font-size: 20px; font-weight: bold;'>Conclusion</button>
<div class="content">
<div id='content_element'>
<hr id = 'h_content'> </hr> 
<p>Please navigate back to the TrustFlex Secret Exchange page to finalize your Secure Public Key Rotation Use Case.</p>
<ul><li>You will need to populate slot 13 and slot 14</li>
<li>Slot 13 will need to be locked for this Use Case</li></ul>
</div>
</div>