From ecc6ec4d9771ee90ee4e9f22cb691f05f210fc71 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Wed, 2 Dec 2020 13:53:46 +0530 Subject: [PATCH 1/8] support TNGTLS certificate loading for Harmony3 Changes to atmel.c file that lets a user to 1. Use Harmony3 generated configurations to initialize the device in atmel_init(). 2. Read the device certificate chain from ECC608 TNGTLS and initialize the ctx with it to use as device certificate. - This is the true purpose of going with TNGTLS --- wolfcrypt/src/port/atmel/atmel.c | 88 +++++++++++++++++++++++++++++++- 1 file changed, 86 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index cb287b124..0ae79c8cb 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -33,6 +33,10 @@ #include #include +#ifdef WOLFSSL_ATECC_TNGTLS +#include "tng/tng_atcacert_client.h" +#endif + #ifdef NO_INLINE #include #else @@ -89,7 +93,6 @@ static int ateccx08a_cfg_initialized = 0; static ATCAIfaceCfg cfg_ateccx08a_i2c_pi; #endif /* WOLFSSL_ATECC508A */ - /** * \brief Generate random number to be used for hash. */ @@ -468,6 +471,12 @@ int atmel_init(void) int ret = 0; #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) + +/*Harmony3 will generate configuration based on user inputs*/ +#ifdef MICROCHIP_MPLAB_HARMONY_3 + extern ATCAIfaceCfg atecc608_0_init_data; +#endif + if (!mAtcaInitDone) { ATCA_STATUS status; int i; @@ -490,7 +499,11 @@ int atmel_init(void) mSlotList[i] = ATECC_INVALID_SLOT; } } - +#ifdef MICROCHIP_MPLAB_HARMONY_3 + atcab_release(); + atcab_wakeup(); + wolfCrypt_ATECC_SetConfig(&atecc608_0_init_data); +#endif if (ateccx08a_cfg_initialized == 0) { /* Setup the hardware interface using defaults */ XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi)); @@ -896,12 +909,83 @@ exit: return ret; } +static int atcatls_set_certificates(WOLFSSL_CTX *ctx) { + int ret = 0; + ATCA_STATUS status; + + /*Read signer cert*/ + size_t signerCertSize = 0; + status = tng_atcacert_max_signer_cert_size(&signerCertSize); + if (ATCA_SUCCESS != status) { + ret = atmel_ecc_translate_err(ret); + return ret; + } + uint8_t signerCert[signerCertSize]; + status = tng_atcacert_read_signer_cert((uint8_t*) & signerCert, &signerCertSize); + if (ATCA_SUCCESS != status) { + ret = atmel_ecc_translate_err(ret); + return ret; + } + + /*Read device cert signed by the signer above*/ + size_t deviceCertSize = 0; + status = tng_atcacert_max_device_cert_size(&deviceCertSize); + if (ATCA_SUCCESS != status) { + ret = atmel_ecc_translate_err(ret); + return ret; + } + uint8_t deviceCert[deviceCertSize]; + status = tng_atcacert_read_device_cert((uint8_t*) & deviceCert, &deviceCertSize, (uint8_t*) & signerCert); + if (ATCA_SUCCESS != status) { + ret = atmel_ecc_translate_err(ret); + return ret; + } + /*Generate a PEM chain for device certificate.*/ + byte devPem[1024]; + byte signerPem[1024]; + XMEMSET(devPem, 0, 1024); + XMEMSET(signerPem, 0, 1024); + int devPemSz, signerPemSz; + + devPemSz = wc_DerToPem(deviceCert, deviceCertSize, devPem, sizeof(devPem), CERT_TYPE); + if((devPemSz<=0)){ + return devPemSz; + } + + signerPemSz = wc_DerToPem(signerCert, signerCertSize, signerPem, sizeof(signerPem), CERT_TYPE); + if((signerPemSz<=0)){ + return signerPemSz; + } + + char devCertChain[devPemSz+signerPemSz]; + + strncat(devCertChain,(char*)devPem,devPemSz); + strncat(devCertChain,(char*)signerPem,signerPemSz); + + ret=wolfSSL_CTX_use_certificate_chain_buffer(ctx,(const unsigned char*)devCertChain,strlen(devCertChain)); + if (ret != SSL_SUCCESS) { + ret=-1; + } + else ret=0; + return ret; +} + int atcatls_set_callbacks(WOLFSSL_CTX* ctx) { + int ret; wolfSSL_CTX_SetEccKeyGenCb(ctx, atcatls_create_key_cb); wolfSSL_CTX_SetEccVerifyCb(ctx, atcatls_verify_signature_cb); wolfSSL_CTX_SetEccSignCb(ctx, atcatls_sign_certificate_cb); wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb); +#ifdef WOLFSSL_ATECC_TNGTLS + ret=atcatls_set_certificates(ctx); + if(0!=ret){ + #ifdef WOLFSSL_ATECC_DEBUG + printf(" atcatls_set_certificates failed. (%d) \r\n",ret); + #endif + return ret; + } +#endif return 0; } From 9e475b01be11e49d1b07e9227b96b1b23c08d50d Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Wed, 2 Dec 2020 22:15:02 +0530 Subject: [PATCH 2/8] implement review comments --- wolfcrypt/src/port/atmel/atmel.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 0ae79c8cb..91b8d58a0 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -909,12 +909,13 @@ exit: return ret; } -static int atcatls_set_certificates(WOLFSSL_CTX *ctx) { +static int atcatls_set_certificates(WOLFSSL_CTX *ctx) +{ int ret = 0; ATCA_STATUS status; - - /*Read signer cert*/ size_t signerCertSize = 0; + + /*Read signer cert*/ status = tng_atcacert_max_signer_cert_size(&signerCertSize); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); @@ -959,14 +960,16 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) { char devCertChain[devPemSz+signerPemSz]; - strncat(devCertChain,(char*)devPem,devPemSz); - strncat(devCertChain,(char*)signerPem,signerPemSz); + XSTRNCAT(devCertChain,(char*)devPem,devPemSz); + XSTRNCAT(devCertChain,(char*)signerPem,signerPemSz); - ret=wolfSSL_CTX_use_certificate_chain_buffer(ctx,(const unsigned char*)devCertChain,strlen(devCertChain)); - if (ret != SSL_SUCCESS) { + ret=wolfSSL_CTX_use_certificate_chain_buffer(ctx,(const unsigned char*)devCertChain,XSTRLEN(devCertChain)); + if (ret != WOLFSSL_SUCCESS) { ret=-1; } - else ret=0; + else { + ret=0; + } return ret; } @@ -979,7 +982,7 @@ int atcatls_set_callbacks(WOLFSSL_CTX* ctx) wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb); #ifdef WOLFSSL_ATECC_TNGTLS ret=atcatls_set_certificates(ctx); - if(0!=ret){ + if(ret != 0){ #ifdef WOLFSSL_ATECC_DEBUG printf(" atcatls_set_certificates failed. (%d) \r\n",ret); #endif From 3a2675fb63a23679d29c108647348d43cddb52ff Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Wed, 2 Dec 2020 22:30:02 +0530 Subject: [PATCH 3/8] implement additional review comments --- wolfcrypt/src/port/atmel/atmel.c | 38 ++++++++++++++------------------ 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 91b8d58a0..3fc950df3 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -914,61 +914,55 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) int ret = 0; ATCA_STATUS status; size_t signerCertSize = 0; - + uint8_t signerCert[signerCertSize]; + size_t deviceCertSize = 0; + uint8_t deviceCert[deviceCertSize]; + int devPemSz, signerPemSz; + byte devPem[1024]; + byte signerPem[1024]; + char devCertChain[devPemSz+signerPemSz]; + /*Read signer cert*/ status = tng_atcacert_max_signer_cert_size(&signerCertSize); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } - uint8_t signerCert[signerCertSize]; - status = tng_atcacert_read_signer_cert((uint8_t*) & signerCert, &signerCertSize); + status = tng_atcacert_read_signer_cert((uint8_t*)&signerCert, &signerCertSize); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } - /*Read device cert signed by the signer above*/ - size_t deviceCertSize = 0; status = tng_atcacert_max_device_cert_size(&deviceCertSize); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } - uint8_t deviceCert[deviceCertSize]; status = tng_atcacert_read_device_cert((uint8_t*) & deviceCert, &deviceCertSize, (uint8_t*) & signerCert); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } /*Generate a PEM chain for device certificate.*/ - byte devPem[1024]; - byte signerPem[1024]; XMEMSET(devPem, 0, 1024); - XMEMSET(signerPem, 0, 1024); - int devPemSz, signerPemSz; - + XMEMSET(signerPem, 0, 1024); devPemSz = wc_DerToPem(deviceCert, deviceCertSize, devPem, sizeof(devPem), CERT_TYPE); - if((devPemSz<=0)){ + if((devPemSz <= 0)){ return devPemSz; } - signerPemSz = wc_DerToPem(signerCert, signerCertSize, signerPem, sizeof(signerPem), CERT_TYPE); - if((signerPemSz<=0)){ + if((signerPemSz <= 0)){ return signerPemSz; - } - - char devCertChain[devPemSz+signerPemSz]; - + } XSTRNCAT(devCertChain,(char*)devPem,devPemSz); XSTRNCAT(devCertChain,(char*)signerPem,signerPemSz); - - ret=wolfSSL_CTX_use_certificate_chain_buffer(ctx,(const unsigned char*)devCertChain,XSTRLEN(devCertChain)); + ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx,(const unsigned char*)devCertChain,XSTRLEN(devCertChain)); if (ret != WOLFSSL_SUCCESS) { - ret=-1; + ret = -1; } else { - ret=0; + ret = 0; } return ret; } From 376cac5ab1b02e24ae7946b54e9ee0499e3273f5 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Thu, 3 Dec 2020 08:25:40 +0530 Subject: [PATCH 4/8] Implement review comments --- wolfcrypt/src/port/atmel/atmel.c | 42 ++++++++++---------------------- 1 file changed, 13 insertions(+), 29 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 3fc950df3..c8a4823e9 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -913,51 +913,36 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) { int ret = 0; ATCA_STATUS status; - size_t signerCertSize = 0; + size_t signerCertSize = 1024; uint8_t signerCert[signerCertSize]; - size_t deviceCertSize = 0; + size_t deviceCertSize = 1024; uint8_t deviceCert[deviceCertSize]; int devPemSz, signerPemSz; - byte devPem[1024]; - byte signerPem[1024]; - char devCertChain[devPemSz+signerPemSz]; + char devCertChain[2048]; /*Read signer cert*/ - status = tng_atcacert_max_signer_cert_size(&signerCertSize); - if (ATCA_SUCCESS != status) { - ret = atmel_ecc_translate_err(ret); - return ret; - } status = tng_atcacert_read_signer_cert((uint8_t*)&signerCert, &signerCertSize); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } /*Read device cert signed by the signer above*/ - status = tng_atcacert_max_device_cert_size(&deviceCertSize); + status = tng_atcacert_read_device_cert((uint8_t*)deviceCert, &deviceCertSize, (uint8_t*)signerCert); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } - status = tng_atcacert_read_device_cert((uint8_t*) & deviceCert, &deviceCertSize, (uint8_t*) & signerCert); - if (ATCA_SUCCESS != status) { - ret = atmel_ecc_translate_err(ret); - return ret; - } - /*Generate a PEM chain for device certificate.*/ - XMEMSET(devPem, 0, 1024); - XMEMSET(signerPem, 0, 1024); - devPemSz = wc_DerToPem(deviceCert, deviceCertSize, devPem, sizeof(devPem), CERT_TYPE); + /*Generate a PEM chain of device certificate.*/ + XMEMSET(devCertChain, 0, sizeof(devCertChain)); + devPemSz = wc_DerToPem(deviceCert, deviceCertSize, (byte*)&devCertChain[0], sizeof(devCertChain), CERT_TYPE); if((devPemSz <= 0)){ return devPemSz; } - signerPemSz = wc_DerToPem(signerCert, signerCertSize, signerPem, sizeof(signerPem), CERT_TYPE); + signerPemSz = wc_DerToPem(signerCert, signerCertSize, (byte*)&devCertChain[devPemSz], sizeof(devCertChain)-devPemSz, CERT_TYPE); if((signerPemSz <= 0)){ return signerPemSz; - } - XSTRNCAT(devCertChain,(char*)devPem,devPemSz); - XSTRNCAT(devCertChain,(char*)signerPem,signerPemSz); - ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx,(const unsigned char*)devCertChain,XSTRLEN(devCertChain)); + } + ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, (const unsigned char*)devCertChain, XSTRLEN(devCertChain)); if (ret != WOLFSSL_SUCCESS) { ret = -1; } @@ -969,18 +954,17 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) int atcatls_set_callbacks(WOLFSSL_CTX* ctx) { - int ret; + int ret = 0; wolfSSL_CTX_SetEccKeyGenCb(ctx, atcatls_create_key_cb); wolfSSL_CTX_SetEccVerifyCb(ctx, atcatls_verify_signature_cb); wolfSSL_CTX_SetEccSignCb(ctx, atcatls_sign_certificate_cb); wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb); #ifdef WOLFSSL_ATECC_TNGTLS - ret=atcatls_set_certificates(ctx); + ret = atcatls_set_certificates(ctx); if(ret != 0){ #ifdef WOLFSSL_ATECC_DEBUG - printf(" atcatls_set_certificates failed. (%d) \r\n",ret); + printf("atcatls_set_certificates failed. (%d) \r\n",ret); #endif - return ret; } #endif return 0; From c31f20706b0228ae197bc8d31e4d5fb089ae093b Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Thu, 3 Dec 2020 22:25:28 +0530 Subject: [PATCH 5/8] use const variable as the size for an array --- wolfcrypt/src/port/atmel/atmel.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index c8a4823e9..55021b513 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -911,12 +911,16 @@ exit: static int atcatls_set_certificates(WOLFSSL_CTX *ctx) { + #ifndef ATCATLS_MAX_CERT_SIZE + #define ATCATLS_MAX_CERT_SIZE 560 + #endif + int ret = 0; ATCA_STATUS status; - size_t signerCertSize = 1024; - uint8_t signerCert[signerCertSize]; - size_t deviceCertSize = 1024; - uint8_t deviceCert[deviceCertSize]; + size_t signerCertSize = ATCATLS_MAX_CERT_SIZE; + uint8_t signerCert[ATCATLS_MAX_CERT_SIZE]; + size_t deviceCertSize = ATCATLS_MAX_CERT_SIZE; + uint8_t deviceCert[ATCATLS_MAX_CERT_SIZE]; int devPemSz, signerPemSz; char devCertChain[2048]; @@ -934,12 +938,14 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) } /*Generate a PEM chain of device certificate.*/ XMEMSET(devCertChain, 0, sizeof(devCertChain)); - devPemSz = wc_DerToPem(deviceCert, deviceCertSize, (byte*)&devCertChain[0], sizeof(devCertChain), CERT_TYPE); - if((devPemSz <= 0)){ + devPemSz = wc_DerToPem(deviceCert, deviceCertSize, (byte*)&devCertChain[0], + sizeof(devCertChain), CERT_TYPE); + if(devPemSz <= 0){ return devPemSz; } - signerPemSz = wc_DerToPem(signerCert, signerCertSize, (byte*)&devCertChain[devPemSz], sizeof(devCertChain)-devPemSz, CERT_TYPE); - if((signerPemSz <= 0)){ + signerPemSz = wc_DerToPem(signerCert, signerCertSize, (byte*)&devCertChain[devPemSz], + sizeof(devCertChain)-devPemSz, CERT_TYPE); + if(signerPemSz <= 0){ return signerPemSz; } ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, (const unsigned char*)devCertChain, XSTRLEN(devCertChain)); @@ -967,7 +973,7 @@ int atcatls_set_callbacks(WOLFSSL_CTX* ctx) #endif } #endif - return 0; + return ret; } int atcatls_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) From aa2e02807d96a1abe7448a7132533a7e75686c86 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Tue, 15 Dec 2020 16:15:36 +0530 Subject: [PATCH 6/8] Avoid conversions to PEM and register DER certificate chain --- wolfcrypt/src/port/atmel/atmel.c | 47 +++++++++++++++++--------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 55021b513..b50c3cd84 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -911,44 +911,47 @@ exit: static int atcatls_set_certificates(WOLFSSL_CTX *ctx) { - #ifndef ATCATLS_MAX_CERT_SIZE - #define ATCATLS_MAX_CERT_SIZE 560 + #ifndef ATCATLS_TNGTLS_SIGNER_CERT_SIZE + #define ATCATLS_TNGTLS_SIGNER_CERT_SIZE 0x208 + #endif + #ifndef ATCATLS_TNGTLS_DEVICE_CERT_SIZE + #define ATCATLS_TNGTLS_DEVICE_CERT_SIZE 0x222 #endif int ret = 0; ATCA_STATUS status; - size_t signerCertSize = ATCATLS_MAX_CERT_SIZE; - uint8_t signerCert[ATCATLS_MAX_CERT_SIZE]; - size_t deviceCertSize = ATCATLS_MAX_CERT_SIZE; - uint8_t deviceCert[ATCATLS_MAX_CERT_SIZE]; - int devPemSz, signerPemSz; - char devCertChain[2048]; + size_t signerCertSize = ATCATLS_TNGTLS_SIGNER_CERT_SIZE; + size_t deviceCertSize = ATCATLS_TNGTLS_DEVICE_CERT_SIZE; + uint8_t certBuffer[ATCATLS_TNGTLS_SIGNER_CERT_SIZE+ATCATLS_TNGTLS_DEVICE_CERT_SIZE]; /*Read signer cert*/ - status = tng_atcacert_read_signer_cert((uint8_t*)&signerCert, &signerCertSize); + status = tng_atcacert_read_signer_cert(&certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE], &signerCertSize); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } + if(signerCertSize != ATCATLS_TNGTLS_SIGNER_CERT_SIZE){ + #ifdef WOLFSSL_ATECC_DEBUG + printf("tng_atcacert_read_signer_cert read size != ATCATLS_TNGTLS_SIGNER_CERT_SIZE. (%d) \r\n",signerCertSize); + #endif + return WOLFSSL_FAILURE; + } + /*Read device cert signed by the signer above*/ - status = tng_atcacert_read_device_cert((uint8_t*)deviceCert, &deviceCertSize, (uint8_t*)signerCert); + status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize, &certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE]); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } - /*Generate a PEM chain of device certificate.*/ - XMEMSET(devCertChain, 0, sizeof(devCertChain)); - devPemSz = wc_DerToPem(deviceCert, deviceCertSize, (byte*)&devCertChain[0], - sizeof(devCertChain), CERT_TYPE); - if(devPemSz <= 0){ - return devPemSz; + if(deviceCertSize != ATCATLS_TNGTLS_DEVICE_CERT_SIZE){ + #ifdef WOLFSSL_ATECC_DEBUG + printf("tng_atcacert_read_device_cert read size != ATCATLS_TNGTLS_DEVICE_CERT_SIZE. (%d) \r\n",deviceCertSize); + #endif + return WOLFSSL_FAILURE; } - signerPemSz = wc_DerToPem(signerCert, signerCertSize, (byte*)&devCertChain[devPemSz], - sizeof(devCertChain)-devPemSz, CERT_TYPE); - if(signerPemSz <= 0){ - return signerPemSz; - } - ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, (const unsigned char*)devCertChain, XSTRLEN(devCertChain)); + + ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, (const unsigned char*)certBuffer, + ATCATLS_TNGTLS_SIGNER_CERT_SIZE+ATCATLS_TNGTLS_DEVICE_CERT_SIZE, WOLFSSL_FILETYPE_ASN1); if (ret != WOLFSSL_SUCCESS) { ret = -1; } From 63f8fbe92f475e0bfe7625c5a6d830db70be19d7 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Wed, 16 Dec 2020 17:59:36 +0530 Subject: [PATCH 7/8] update formatting --- wolfcrypt/src/port/atmel/atmel.c | 40 +++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index b50c3cd84..e4628cb91 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -472,9 +472,11 @@ int atmel_init(void) #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) -/*Harmony3 will generate configuration based on user inputs*/ -#ifdef MICROCHIP_MPLAB_HARMONY_3 +#if defined(WOLFSSL_ATECC608A) + /*Harmony3 will generate configuration based on user inputs*/ + #ifdef MICROCHIP_MPLAB_HARMONY_3 extern ATCAIfaceCfg atecc608_0_init_data; + #endif #endif if (!mAtcaInitDone) { @@ -502,7 +504,9 @@ int atmel_init(void) #ifdef MICROCHIP_MPLAB_HARMONY_3 atcab_release(); atcab_wakeup(); + #ifdef WOLFSSL_ATECC608A wolfCrypt_ATECC_SetConfig(&atecc608_0_init_data); + #endif #endif if (ateccx08a_cfg_initialized == 0) { /* Setup the hardware interface using defaults */ @@ -917,41 +921,51 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) #ifndef ATCATLS_TNGTLS_DEVICE_CERT_SIZE #define ATCATLS_TNGTLS_DEVICE_CERT_SIZE 0x222 #endif + #ifndef ATCATLS_TNGTLS_CERT_BUFF_SIZE + #define ATCATLS_TNGTLS_CERT_BUFF_SIZE (ATCATLS_TNGTLS_SIGNER_CERT_SIZE +\ + ATCATLS_TNGTLS_DEVICE_CERT_SIZE) + #endif + int ret = 0; ATCA_STATUS status; size_t signerCertSize = ATCATLS_TNGTLS_SIGNER_CERT_SIZE; size_t deviceCertSize = ATCATLS_TNGTLS_DEVICE_CERT_SIZE; - uint8_t certBuffer[ATCATLS_TNGTLS_SIGNER_CERT_SIZE+ATCATLS_TNGTLS_DEVICE_CERT_SIZE]; + uint8_t certBuffer[ATCATLS_TNGTLS_CERT_BUFF_SIZE]; /*Read signer cert*/ - status = tng_atcacert_read_signer_cert(&certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE], &signerCertSize); + status = tng_atcacert_read_signer_cert(&certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE], + &signerCertSize); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } - if(signerCertSize != ATCATLS_TNGTLS_SIGNER_CERT_SIZE){ + if (signerCertSize != ATCATLS_TNGTLS_SIGNER_CERT_SIZE) { #ifdef WOLFSSL_ATECC_DEBUG - printf("tng_atcacert_read_signer_cert read size != ATCATLS_TNGTLS_SIGNER_CERT_SIZE. (%d) \r\n",signerCertSize); + printf("signer cert size != ATCATLS_TNGTLS_SIGNER_CERT_SIZE.(%d)\r\n", + signerCertSize); #endif return WOLFSSL_FAILURE; } /*Read device cert signed by the signer above*/ - status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize, &certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE]); + status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize,\ + &certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE]); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; } - if(deviceCertSize != ATCATLS_TNGTLS_DEVICE_CERT_SIZE){ + if (deviceCertSize != ATCATLS_TNGTLS_DEVICE_CERT_SIZE) { #ifdef WOLFSSL_ATECC_DEBUG - printf("tng_atcacert_read_device_cert read size != ATCATLS_TNGTLS_DEVICE_CERT_SIZE. (%d) \r\n",deviceCertSize); + printf("device cert size != ATCATLS_TNGTLS_DEVICE_CERT_SIZE.(%d)\r\n", + deviceCertSize); #endif return WOLFSSL_FAILURE; } - ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, (const unsigned char*)certBuffer, - ATCATLS_TNGTLS_SIGNER_CERT_SIZE+ATCATLS_TNGTLS_DEVICE_CERT_SIZE, WOLFSSL_FILETYPE_ASN1); + ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + (const unsigned char*)certBuffer, ATCATLS_TNGTLS_CERT_BUFF_SIZE, + WOLFSSL_FILETYPE_ASN1); if (ret != WOLFSSL_SUCCESS) { ret = -1; } @@ -970,9 +984,9 @@ int atcatls_set_callbacks(WOLFSSL_CTX* ctx) wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb); #ifdef WOLFSSL_ATECC_TNGTLS ret = atcatls_set_certificates(ctx); - if(ret != 0){ + if (ret != 0) { #ifdef WOLFSSL_ATECC_DEBUG - printf("atcatls_set_certificates failed. (%d) \r\n",ret); + printf("atcatls_set_certificates failed. (%d)\r\n",ret); #endif } #endif From 3063264f00745c9fbf9db30f11103470ae78cd51 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Wed, 16 Dec 2020 18:05:58 +0530 Subject: [PATCH 8/8] formatting updates --- wolfcrypt/src/port/atmel/atmel.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index e4628cb91..5f9f597f1 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -921,11 +921,10 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) #ifndef ATCATLS_TNGTLS_DEVICE_CERT_SIZE #define ATCATLS_TNGTLS_DEVICE_CERT_SIZE 0x222 #endif - #ifndef ATCATLS_TNGTLS_CERT_BUFF_SIZE + #ifndef ATCATLS_TNGTLS_CERT_BUFF_SIZE #define ATCATLS_TNGTLS_CERT_BUFF_SIZE (ATCATLS_TNGTLS_SIGNER_CERT_SIZE +\ - ATCATLS_TNGTLS_DEVICE_CERT_SIZE) + ATCATLS_TNGTLS_DEVICE_CERT_SIZE) #endif - int ret = 0; ATCA_STATUS status; @@ -935,7 +934,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) /*Read signer cert*/ status = tng_atcacert_read_signer_cert(&certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE], - &signerCertSize); + &signerCertSize); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; @@ -943,14 +942,14 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) if (signerCertSize != ATCATLS_TNGTLS_SIGNER_CERT_SIZE) { #ifdef WOLFSSL_ATECC_DEBUG printf("signer cert size != ATCATLS_TNGTLS_SIGNER_CERT_SIZE.(%d)\r\n", - signerCertSize); + signerCertSize); #endif return WOLFSSL_FAILURE; } /*Read device cert signed by the signer above*/ status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize,\ - &certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE]); + &certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE]); if (ATCA_SUCCESS != status) { ret = atmel_ecc_translate_err(ret); return ret; @@ -958,14 +957,14 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) if (deviceCertSize != ATCATLS_TNGTLS_DEVICE_CERT_SIZE) { #ifdef WOLFSSL_ATECC_DEBUG printf("device cert size != ATCATLS_TNGTLS_DEVICE_CERT_SIZE.(%d)\r\n", - deviceCertSize); + deviceCertSize); #endif return WOLFSSL_FAILURE; } - ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, - (const unsigned char*)certBuffer, ATCATLS_TNGTLS_CERT_BUFF_SIZE, - WOLFSSL_FILETYPE_ASN1); + ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + (const unsigned char*)certBuffer, ATCATLS_TNGTLS_CERT_BUFF_SIZE, + WOLFSSL_FILETYPE_ASN1); if (ret != WOLFSSL_SUCCESS) { ret = -1; }