In [None]:
%%HTML
<p id = 'heading1_p'> Symmetric Authentication for resource constrained microcontrollers– SHA104-TFLXAUTH </p>
<hr id = 'hline'> </hr> 
<p id = 'heading1_p' style='font-size: 20px; font-weight: bold;'>Introduction</p>
<div id='div_element'>
<p>Accessory/Disposable authentication is a process in which the accessory or the disposable client device generates MAC (Message Authentication Code) 
from a host device challenge. The MAC is verified (checkMAC) by the host device to authenticate the accessory/disposable device.</p>
<p>The purpose of authentication is to prevent cloning and counterfeiting and to ensure that an object is genuine and authorized to connect to a product.</p>

<p style='font-weight: bold;'>Implementation methods :</p>
<div id='div_element'>
<ul>
    <li><b>Symmetric Authentication - Diversified Key </b> - requires to integrate a Secure Element on the Device (Accessory / Disposable) and the Host side. Device Secure Element will be provisioned with a unique symmetric key (derived from a root symmetric key and the Secure Element serial number. Host Secure Element will be provisioned with the root symmetric key)</li>
    <li><b>Symmetric Authentication - Shared Key </b> - requires to integrate a Secure Element on the Device (Accessory / Disposable) and the Host side – both Secure Element will be provisioned with the same symmetric key.</li>
    <li><b>Symmetric Authentication - Stored Challenge/Response pairs for Small MCU (For resource constrained microcontrollers)</b> - requires a Secure Element on the Device (Accessory / Disposable) side only, leaving the possibility for Host cloning. Secure Element will be provisioned with a symmetric key, Host firmware will embed one or several challenge/response pair(s)</li>    
</ul>
</div>
<p>This usecase describes authenticating an accessory/disposable on resource constrained microcontroller. This usecase uses pre-generated <strong>challenge and response pairs (Symmetric Authentication - Stored Challenge/Response pairs) </strong>stored in 
the host microcontroller to perform accessory/disposable authentication. Host microcontroller in this usecase directly streams stored command bytes instead of generating the commands through Cryptoauthlib library.</p>
</div>



<button class="collapsible" style='font-size: 20px; font-weight: bold;'>Cryptographic Asset list & Use Case implementation</button>
<div class="content">
<div id='content_element'>
<hr id = 'h_content'> </hr> 
<p style="float: left; font-size: 9pt; text-align: center; width: 40%; margin-right: 1%;">
    <img src="assets/images/sha10x_cr_symm_auth_td_assets.png" alt="Cryptographic Assets"><b>Cryptographic Asset list</b></p>
<p style="float: left; font-size: 9pt; text-align: center; 20em; width: 50%; margin-right: 1%;">
    <img src="assets/images/sha10x_cr_symm_auth_td_steps.png" alt="Use Case Steps" ><b>Use Case implementation</b></p>
<p style="clear: both;">
</div>
</div>

<p id = 'heading1_p' style='margin-top:40px; font-size: 20px; font-weight: bold;'>Use Case information</p>
<hr id = 'hline'> </hr> 
<div id='div_element'>
<p> The Transaction Diagram represent all steps to be performed to successfully implement the given Use Case, during development and after product delivery to the end-user. </p>
<p><strong> Select your Evaluation kit and then click on each step to execute the Use Case. Click on “Usecase Help” button above transaction diagram to access the detailed associated user manual. </strong></p>
<p style="color:red;">[!] Before clicking on “Step 1”, make sure to go to the SHA104 configurator and actually configure the device, this is a one time step. All relevant details are available under “Usecase Help” </p>
<p> For the ease of the execution, when steps are executed from transaction diagram, these are emulated in the Host-PC rather than executed in the 
Host-Microcontroller/Processor from the evaluation kit. The MPLAB-X project/C Source code includes software code to be executed in your Host-Microcontroller/Processor 
in your embedded sproject. </p>
</div>

In [None]:
import os
from tpds.usecase_diagram import ProtoBoard, UsecaseDiagram
from tpds.tp_utils.tp_settings import TPSettings
from tpds.proto_boards import get_board_path
from IPython.display import display

curr_path = os.path.abspath('')
os.sys.path.extend([os.path.join(curr_path, 'assets', 'python')])
import cr_auth

tp_settings = TPSettings()
usecase_working_dir = os.path.join(tp_settings.get_base_folder(), 'spg_sha10x_symm_auth')
os.makedirs(usecase_working_dir, exist_ok=True)
boards = ProtoBoard(max_width=400)
boards.add_board(
            'DM320118', 
            os.path.join(curr_path, 'assets', 'images', 'usecase_hw.png'), 
            os.path.join(get_board_path(), 'DM320118', 'DM320118.hex'),
            os.path.join(curr_path, 'firmware', 'SharedKey-SmallMCU-D21', 'sha10x_dm320118_symmauth_CR.X'))
boards.render_boards(0)

usecase_steps = cr_auth.SymmetricAuthentication(boards)
usecase_td = UsecaseDiagram(os.path.join(curr_path, 'assets', 'images', 'sha10x_cr_symm_auth_td.png'), working_dir=usecase_working_dir, enable_coord=False)
usecase_td.add_firmware(boards.get_firmware_project, tp_settings.get_mplab_paths().get('ide_path'))

generate_resources = usecase_td.add_script(235,71,45,39, usecase_steps.generate_resources)
generate_challenges = usecase_td.add_script(235,121,44,39, usecase_steps.generate_cr_pairs, prereq_scripts = [generate_resources])
get_accessory_mac = usecase_td.add_script(290,230,51,46, usecase_steps.send_random_challenge, prereq_scripts = [generate_challenges])
verify_with_checkmac = usecase_td.add_script(290,290,52,46, usecase_steps.verify_accessory_response, prereq_scripts = [get_accessory_mac])

usecase_td.add_image(825,201,140,25, os.path.join(curr_path, 'assets', 'images', 'c_snippet.PNG'), 'Code Snippet')
usecase_td.add_link(600,240,140,10,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/9c99693ea7711b694acf5c71fe3f66ca0e6befd6/lib/atca_basic.c#L2224')
usecase_td.add_link(785,285,110,10,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/9c99693ea7711b694acf5c71fe3f66ca0e6befd6/lib/atca_basic.c#L1904')
usecase_td.add_link(745,330,70,10,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/9c99693ea7711b694acf5c71fe3f66ca0e6befd6/lib/atca_basic.c#L2502')
usecase_td.add_link(580,360,100,15,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/9c99693ea7711b694acf5c71fe3f66ca0e6befd6/lib/atca_basic.c#L1273')
usecase_td.add_link(580,385,100,15,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/9c99693ea7711b694acf5c71fe3f66ca0e6befd6/lib/atca_basic.c#L819')
usecase_td.add_usecase_help(os.path.join(curr_path, 'assets', 'SHA10x_SymmAuth_Challenge_Response.md'))

display(boards.canvas)
usecase_td.display_canvas()

In [None]:
%%HTML
<p id = 'heading1_p' style='font-size: 20px; font-weight: bold;'>Conclusion</p>
<div id='div_element'>
<hr id = 'h_content'> </hr> 
<p>When ready to start the Secure Exchange Process and obtain your first verification units coming out the actual Microchip 
Provisioning Service, please fill the Secure Exchange Process questionnaire and start a support ticket.</p>

In the support ticket you will:
<ul>
  <li>Attach the questionnaire output yaml file generated by TPDS and saved in your “Downloads” folder.</li>
  <li>Go back to the TPDS SHA104 TFLXTLS configurator and select the Symmetric Authentication Use Case and populate the requested fields.</li>
  <li>Once done, in the SHA104 configurator, click on “Generate Encrypted Provisioning Package”</li>
  <li>Attach the .zip file generated from the ”Generate Encrypted Provisioning Package” button. It is saved in your “Download” folder.</li>
</ul>

<p>
For Symmetric authentication based on Challenge/Response pairs, please start a support ticket for SHA104 provisioning.</br>
</div>
