TA100: Microchip Trust Anchor support RSA/ECC

This commit is contained in:
Tesfa Mae
2025-10-15 16:43:36 -07:00
committed by Daniele Lacamera
parent 20ed869c21
commit 00cca3e25b
16 changed files with 2749 additions and 183 deletions
+38 -14
View File
@@ -2975,15 +2975,41 @@ AC_ARG_WITH([maxq10xx],
]
)
AC_ARG_ENABLE([microchip],
[AS_HELP_STRING([--enable-microchip],[Enable wolfSSL support for microchip/atmel 508/608/100 (default: disabled)])],
[ ENABLED_ATMEL=$enableval ],
[ ENABLED_ATMEL=no ]
)
if test "$ENABLED_ATMEL" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MICROCHIP"
for v in `echo $ENABLED_ATMEL | tr "," " "`
do
case $v in
508)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
;;
608)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC608A"
;;
100)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MICROCHIP_TA100 -DMICROCHIP_DEV_TYPE=TA100"
;;
esac
done
fi
# Microchip/Atmel CryptoAuthLib
ENABLED_CRYPTOAUTHLIB="no"
trylibatcadir=""
AC_ARG_WITH([cryptoauthlib],
[AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])],
[AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr)])],
[
AC_MSG_CHECKING([for cryptoauthlib])
CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A"
LIBS="$LIBS -lcryptoauth"
LIBS="$LIBS -lcryptoauth -lwolfssl -lpthread -lrt"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
@@ -2995,25 +3021,23 @@ AC_ARG_WITH([cryptoauthlib],
trylibatcadir="/usr"
fi
LDFLAGS="$LDFLAGS -L$trylibatcadir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
if test "x$libatca_linked" = "xno" ; then
AC_MSG_ERROR([cryptoauthlib isn't found.
If it's already installed, specify its path using --with-cryptoauthlib=/dir/])
if test "$host_cpu" = "aarch64" ; then
LIB_SUFFIX="/aarch64-linux-gnu"
else
LIB_SUFFIX=""
fi
AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib"
AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/lib"
LDFLAGS="$LDFLAGS -L$trylibatcadir/lib$LIB_SUFFIX"
CPPFLAGS="$CPPFLAGS -I$trylibatcadir/include/cryptoauthlib"
AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib$LIB_SUFFIX"
AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/include/cryptoauthlib"
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
ENABLED_CRYPTOAUTHLIB="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
]
)
+1750
View File
File diff suppressed because it is too large Load Diff
+8 -4
View File
@@ -1422,7 +1422,8 @@ int test_wc_ecc_pointFns(void)
EXPECT_DECLS;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
!defined(WOLFSSL_ATECC608A) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ecc_key key;
WC_RNG rng;
int ret;
@@ -1525,7 +1526,8 @@ int test_wc_ecc_shared_secret_ssh(void)
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ecc_key key;
ecc_key key2;
WC_RNG rng;
@@ -1570,7 +1572,7 @@ int test_wc_ecc_shared_secret_ssh(void)
ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0);
#endif
ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, key2.pubkey, secret,
&secretLen), 0);
/* Pass in bad args. */
ExpectIntEQ(wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret,
@@ -1605,7 +1607,8 @@ int test_wc_ecc_verify_hash_ex(void)
EXPECT_DECLS;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
&& !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC)
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ecc_key key;
WC_RNG rng;
int ret;
@@ -1699,6 +1702,7 @@ int test_wc_ecc_mulmod(void)
EXPECT_DECLS;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
!(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100) || \
defined(WOLFSSL_VALIDATE_ECC_IMPORT)) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
ecc_key key1;
+24 -4
View File
@@ -805,7 +805,6 @@ static WC_INLINE void bench_append_memory_info(char* buffer, size_t size,
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING_SZ 25
/* Bit values for each algorithm that is able to be benchmarked.
* Common grouping of algorithms also.
* Each algorithm has a unique value for its type e.g. cipher.
@@ -2109,7 +2108,8 @@ static const char* bench_result_words2[][6] = {
static volatile int g_threadCount;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_CAAM) || defined(WC_USE_DEVID)
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_CAAM) || defined(WC_USE_DEVID) || \
defined(WOLFSSL_MICROCHIP_TA100)
#ifndef NO_HW_BENCH
#define BENCH_DEVID
#endif
@@ -10571,8 +10571,12 @@ exit_rsa_sign:
1, &times, ntimes, &pending)) {
#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
#if defined(WOLFSSL_MICROCHIP_TA100)
ret = wc_RsaSSL_Verify(message, len, enc[i], rsaKeySz/8, rsaKey[i]);
#else
ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
rsaKeySz/8, rsaKey[i]);
#endif
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig));
idx = sizeof(rsa_2048_sig);
@@ -10708,6 +10712,13 @@ void bench_rsa(int useDeviceID)
#else
/* Note: To benchmark public only define WOLFSSL_PUBLIC_MP */
rsaKeySz = 0;
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
/* Create new keys since you cannot import a private key to TA100 */
ret = wc_MakeRsaKey(rsaKey[i], rsaKeySz, WC_RSA_EXPONENT, &gRng);
if (ret) {
goto exit;
}
#endif
}
@@ -12985,6 +12996,9 @@ void bench_ecc(int useDeviceID, int curveId)
deviceID)) < 0) {
goto exit;
}
#if defined(WOLFSSL_MICROCHIP_TA100)
genKey[i]->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_ALICE);
#endif
ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i], curveId);
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_AsyncWait(ret, &genKey[i]->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -12997,6 +13011,9 @@ void bench_ecc(int useDeviceID, int curveId)
if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) {
goto exit;
}
#if defined(WOLFSSL_MICROCHIP_TA100)
genKey2[i]->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_BOB);
#endif
if ((ret = wc_ecc_make_key_ex(&gRng, keySize, genKey2[i],
curveId)) > 0) {
goto exit;
@@ -13193,7 +13210,10 @@ exit:
WC_FREE_ARRAY(sig, BENCH_MAX_PENDING, HEAP_HINT);
WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
atmel_ecc_free(ATMEL_SLOT_ECDHE_ALICE);
atmel_ecc_free(ATMEL_SLOT_ECDHE_BOB);
#endif
(void)useDeviceID;
(void)pending;
(void)x;
+25 -4
View File
@@ -150,7 +150,9 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif
#ifdef WOLFSSL_MICROCHIP_TA100
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif
#ifdef WOLFSSL_CMAC
#include <wolfssl/wolfcrypt/cmac.h>
#endif
@@ -5310,7 +5312,13 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
return ret;
}
#endif
#if defined(WOLFSSL_MICROCHIP_TA100) && defined(WOLFSSL_MICROCHIP_AESGCM)
ret = wc_Microchip_aes_set_key(aes, userKey, keylen, iv, dir);
if (ret == 0) {
ret = wc_AesSetIV(aes, iv);
}
return ret;
#endif
XMEMCPY(aes->key, userKey, keylen);
#ifndef WC_AES_BITSLICED
@@ -10141,7 +10149,13 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
authTag, authTagSz,
authIn, authInSz);
#endif
#if defined(WOLFSSL_MICROCHIP_TA100) && defined(WOLFSSL_MICROCHIP_AESGCM)
return wc_Microchip_AesGcmEncrypt(
aes, out, in, sz,
iv, ivSz,
authTag, authTagSz,
authIn, authInSz);
#endif
#ifdef STM32_CRYPTO_AES_GCM
return wc_AesGcmEncrypt_STM32(
aes, out, in, sz, iv, ivSz,
@@ -10870,6 +10884,11 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
authTag, authTagSz, authIn, authInSz);
#endif
#if defined(WOLFSSL_MICROCHIP_TA100) && defined(WOLFSSL_MICROCHIP_AESGCM)
return wc_Microchip_AesGcmDecrypt(
aes, out, in, sz, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
#endif
#ifdef STM32_CRYPTO_AES_GCM
/* The STM standard peripheral library API's doesn't support partial blocks */
@@ -13852,7 +13871,9 @@ void wc_AesFree(Aes* aes)
se050_aes_free(aes);
}
#endif
#if defined(WOLFSSL_MICROCHIP_TA100) && defined(WOLFSSL_MICROCHIP_AESGCM)
wc_Microchip_aes_free(aes);
#endif
#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
wc_psa_aes_free(aes);
#endif
+67 -30
View File
@@ -284,10 +284,10 @@ ECC Curve Sizes:
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
!defined(WOLFSSL_XILINX_CRYPT_VERSAL) && !defined(WOLFSSL_STM32_PKA) && \
!defined(WOLFSSL_PSOC6_CRYPTO)
!defined(WOLFSSL_XILINX_CRYPT_VERSAL)
#undef HAVE_ECC_VERIFY_HELPER
#define HAVE_ECC_VERIFY_HELPER
#endif
@@ -296,6 +296,7 @@ ECC Curve Sizes:
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_ECC) && !defined(NO_ECC_MAKE_PUB) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
@@ -308,6 +309,7 @@ ECC Curve Sizes:
#if (!defined(NO_ECC_CHECK_PUBKEY_ORDER) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA)) || \
defined(WOLFSSL_IMXRT1170_CAAM) || defined(WOLFSSL_QNX_CAAM)
@@ -1977,6 +1979,7 @@ static void alt_fp_init(mp_int* a)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
defined(WOLFSSL_IMXRT1170_CAAM))
@@ -4700,7 +4703,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
int err = 0;
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100)
CRYS_ECDH_TempData_t tempBuff;
#endif
@@ -4743,8 +4746,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
return ECC_BAD_ARG_E;
}
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
/* For SECP256R1 use hardware */
if (private_key->dp->id == ECC_SECP256R1) {
err = atmel_ecc_create_pms(private_key->slot, public_key->pubkey_raw, out);
@@ -4782,6 +4785,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
@@ -5297,6 +5301,7 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
defined(WOLFSSL_IMXRT1170_CAAM))
@@ -5661,6 +5666,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
{
int err = 0;
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_ATECC608A)
const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_KG_TempData_t tempBuff;
@@ -5741,11 +5747,21 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
}
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
if (key->dp->id == ECC_SECP256R1) {
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
#if !defined(WOLFSSL_MICROCHIP_TA100)
if (key->dp->id == ECC_SECP256R1 ||
key->dp->id == ECC_SECP224R1 ||
key->dp->id == ECC_SECP384R1 ||
key->dp->id == ECC_SECP256K1 ||
key->dp->id == ECC_BRAINPOOLP256R1) { /* supports more than ECC256R1 curve */
#else
if (key->dp->id == ECC_SECP256R1) {
#endif
key->type = ECC_PRIVATEKEY;
key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE);
err = atmel_ecc_create_key(key->slot, key->pubkey_raw);
if (key->slot == ATECC_INVALID_SLOT)
key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE);
err = atmel_ecc_create_key(key->slot, curve_id, key->pubkey_raw);
/* populate key->pubkey */
if (err == 0
@@ -6241,7 +6257,8 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
(void)devId;
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
key->slot = ATECC_INVALID_SLOT;
#else
#if defined(WOLFSSL_KCAPI_ECC)
@@ -6437,6 +6454,7 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp)
#ifdef HAVE_ECC_SIGN
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100) || \
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \
defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_KCAPI_ECC) || \
defined(WOLFSSL_SE050) || defined(WOLFSSL_XILINX_CRYPT_VERSAL)
@@ -6450,7 +6468,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
#endif
{
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100)
CRYS_ECDSA_SignUserContext_t sigCtxTemp;
word32 raw_sig_size = *outlen;
word32 msgLenInBytes = inlen;
@@ -6481,9 +6499,12 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
}
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
(void)inlen;
/* Sign: Result is 32-bytes of R then 32-bytes of S */
err = atmel_ecc_sign(key->slot, in, out);
if (err != 0) {
return err;
}
@@ -6833,6 +6854,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
/* hardware crypto */
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100) || \
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \
defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_KCAPI_ECC) || \
defined(WOLFSSL_SE050) || defined(WOLFSSL_XILINX_CRYPT_VERSAL)
@@ -6954,6 +6976,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
return stm32_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
}
#elif !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC)
#ifndef WOLFSSL_SP_MATH
static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng,
@@ -8022,7 +8045,8 @@ int wc_ecc_free(ecc_key* key)
se050_ecc_free_key(key);
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
atmel_ecc_free(key->slot);
key->slot = ATECC_INVALID_SLOT;
#endif /* WOLFSSL_ATECC508A */
@@ -8075,6 +8099,7 @@ int wc_ecc_free(ecc_key* key)
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SP_MATH) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
defined(WOLFSSL_IMXRT1170_CAAM))
@@ -8199,7 +8224,8 @@ int ecc_projective_dbl_point_safe(ecc_point *P, ecc_point *R, mp_int* a,
*/
#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_CRYPTOCELL) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && \
!defined(WOLFSSL_KCAPI_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef ECC_SHAMIR
@@ -8795,7 +8821,7 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s)
}
#endif /* !WOLFSSL_STM32_PKA && !WOLFSSL_PSOC6_CRYPTO */
#ifdef HAVE_ECC_VERIFY_HELPER
#if defined(HAVE_ECC_VERIFY_HELPER) && !defined(WOLFSSL_MICROCHIP)
static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* res, ecc_key* key)
{
@@ -8953,7 +8979,7 @@ static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
return NOT_COMPILED_IN;
}
#if !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC)
#if !defined(WOLFSSL_MICROCHIP) && (!defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC))
static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* res, ecc_key* key, ecc_curve_spec* curve)
{
@@ -9290,7 +9316,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
byte hashIsZero = 0;
word32 zIdx;
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
byte sigRS[ATECC_KEY_SIZE*2];
#elif defined(WOLFSSL_CRYPTOCELL)
byte sigRS[ECC_MAX_CRYPTO_HW_SIZE*2];
@@ -9376,7 +9403,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
}
#endif /* WOLFSSL_SE050 */
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res);
if (err != 0) {
return err;
@@ -10402,14 +10430,16 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
static int ecc_check_privkey_gen_helper(ecc_key* key)
{
int err;
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
DECLARE_CURVE_SPECS(2);
#endif
if (key == NULL)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
/* Hardware based private key, so this operation is not supported */
err = MP_OKAY; /* just report success */
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
@@ -10620,7 +10650,7 @@ int wc_ecc_get_generator(ecc_point* ecp, int curve_idx)
static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
{
int err = MP_OKAY;
#if defined(HAVE_ECC_CHECK_PUBKEY_ORDER) && !defined(WOLFSSL_SP_MATH)
#if defined(HAVE_ECC_CHECK_PUBKEY_ORDER) && !defined(WOLFSSL_SP_MATH)
mp_int* b = NULL;
DECLARE_CURVE_SPECS(4);
#endif
@@ -10866,7 +10896,8 @@ static int _ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
inLen -= 1;
in += 1;
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
/* For SECP256R1 only save raw public key for hardware */
if (curve_id == ECC_SECP256R1 && inLen <= (word32)sizeof(key->pubkey_raw)) {
#ifdef HAVE_COMP_KEY
@@ -11293,7 +11324,8 @@ static int _ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
(key->type != ECC_PRIVATEKEY && key->type != ECC_PRIVATEKEY_ONLY))
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
/* Hardware cannot export private portion */
return NOT_COMPILED_IN;
#else
@@ -11862,13 +11894,13 @@ static int _ecc_import_raw_private(ecc_key* key, const char* qx,
{
int err = MP_OKAY;
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100)
const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_BUILD_TempData_t tempBuff;
byte keyRaw[ECC_MAX_CRYPTO_HW_SIZE*2 + 1];
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL)
defined(WOLFSSL_MICROCHIP_TA100) || defined(WOLFSSL_CRYPTOCELL)
word32 keySz = 0;
#endif
@@ -11963,7 +11995,8 @@ static int _ecc_import_raw_private(ecc_key* key, const char* qx,
if (err == MP_OKAY)
err = mp_set(key->pubkey.z, 1);
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
/* For SECP256R1 only save raw public key for hardware */
if (err == MP_OKAY && curve_id == ECC_SECP256R1) {
keySz = key->dp->size;
@@ -12048,7 +12081,8 @@ static int _ecc_import_raw_private(ecc_key* key, const char* qx,
/* import private key */
if (err == MP_OKAY) {
if (d != NULL) {
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
/* Hardware doesn't support loading private key */
err = NOT_COMPILED_IN;
@@ -12116,9 +12150,11 @@ static int _ecc_import_raw_private(ecc_key* key, const char* qx,
#endif
#endif /* #else-case of custom HW-specific implementations */
if (mp_iszero(key->k) || mp_isneg(key->k)) {
WOLFSSL_MSG("Invalid private key");
err = BAD_FUNC_ARG;
if (err == MP_OKAY) {
if (mp_iszero(key->k) || mp_isneg(key->k)) {
WOLFSSL_MSG("Invalid private key");
err = BAD_FUNC_ARG;
}
}
} else {
key->type = ECC_PUBLICKEY;
@@ -15427,6 +15463,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
#ifdef HAVE_COMP_KEY
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL)
#ifndef WOLFSSL_SP_MATH
+55
View File
@@ -96,5 +96,60 @@ ATECC508A HW accelerated implementation:
`EC-DSA sign time 293.400 milliseconds, avg over 5 iterations, 17.065 ops/sec`
`EC-DSA verify time 208.400 milliseconds, avg over 5 iterations, 24.038 ops/sec`
### Microchip Trust Anchor TA100 ECC/RSA
`./configure CFLAGS="-DWOLFSSL_CMAC -DHAVE_PK_CALLBACKS -DWOLFSSL_ATECC508A_NOIDLE -DECC_USER_CURVES -DWOLFSSL_ATECC_NO_ECDH_ENC -DWOLFSSL_ATECC_DEBUG" --enable-cmac --enable-microchip=100 --with-cryptoauthlib`
Supported Features:
RSA 2048 keygen/sign/verify
ECC-P256 keygen/sign/verify/shared secret
WOLFSSL_MICROCHIP_AESGCM can be used to enable AES-GCM but
AESGCM support is not yet available for TA100 in both
cryptauthlib-v3.3.3_397871.zip and cryptauthlib-v3.6.0_443271.zip.
```
$ lscpu -e
CPU SOCKET CORE L1d:L1i:L2 ONLINE MAXMHZ MINMHZ
0 0 0 0:0:0 yes 1800.0000 600.0000
1 0 1 1:1:0 yes 1800.0000 600.0000
2 0 2 2:2:0 yes 1800.0000 600.0000
3 0 3 3:3:0 yes 1800.0000 600.0000
$ uname -a
Linux raspberrypi 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux
Software:
------------------------------------------------------------------------------
wolfSSL version 5.6.0
------------------------------------------------------------------------------
Math: Multi-Precision: Wolf(SP) word-size=64 bits=4096 sp_int.c
wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)
Benchmarks:
RSA 2048 key gen 2 ops took 1.113 sec, avg 556.332 ms, 1.797 ops/sec
RSA 2048 sign 200 ops took 1.891 sec, avg 9.455 ms, 105.766 ops/sec
RSA 2048 verify 6900 ops took 1.011 sec, avg 0.147 ms, 6824.614 ops/sec
ECC [ SECP256R1] 256 key gen 700 ops took 1.065 sec, avg 1.522 ms, 657.067 ops/sec
ECDHE [ SECP256R1] 256 agree 700 ops took 1.016 sec, avg 1.451 ms, 689.240 ops/sec
ECDSA [ SECP256R1] 256 sign 700 ops took 1.049 sec, avg 1.499 ms, 667.097 ops/sec
ECDSA [ SECP256R1] 256 verify 1000 ops took 1.001 sec, avg 1.001 ms, 998.930 ops/sec
Hardware Microchip TA100 with SPI:
Benchmarks:
RSA 2048 key gen HW 1 ops took 12.190 sec, avg 12190.346 ms, 0.082 ops/sec
RSA 2048 sign HW 100 ops took 14.006 sec, avg 140.062 ms, 7.140 ops/sec
RSA 2048 verify HW 100 ops took 13.168 sec, avg 131.679 ms, 7.594 ops/sec
ECC [ SECP256R1] 256 key gen 100 ops took 6.790 sec, avg 67.898 ms, 14.728 ops/sec
ECDHE [ SECP256R1] 256 agree 100 ops took 2.413 sec, avg 24.126 ms, 41.449 ops/sec
ECDSA [ SECP256R1] 256 sign 100 ops took 1.832 sec, avg 18.317 ms, 54.594 ops/sec
ECDSA [ SECP256R1] 256 verify 100 ops took 2.120 sec, avg 21.198 ms, 47.175 ops/sec
```
For details see our [wolfSSL Atmel ATECC508/608A](https://wolfssl.com/wolfSSL/wolfssl-atmel.html) page.
+581 -73
View File
@@ -25,8 +25,16 @@
#include <wolfssl/wolfcrypt/settings.h>
/*
* WOLFSSL_MANUALLY_SELECT_DEVICE_CONFIG default: off (not defined)
You can define this in a user_settings.h file to specify your custom
configuration of a device
* WOLFSSL_ATCA_DEVICE_NO use first device in the list default: 0
*/
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A) || defined(WOLFSSL_ATECC_PKCB)
defined(WOLFSSL_ATECC608A) || defined(WOLFSSL_ATECC_PKCB) || \
defined(WOLFSSL_MICROCHIP_TA100)
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
@@ -61,7 +69,8 @@
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
#ifdef WOLFSSL_ATECC508A_TLS
extern ATCA_STATUS device_init_default(void);
@@ -88,15 +97,111 @@ static wolfSSL_Mutex mSlotMutex;
#ifndef ATECC_I2C_BUS
#define ATECC_I2C_BUS 1
#endif
#ifndef ATECC_DEV_TYPE
#ifdef ATECC_DEV_TYPE /* for backward compatibility */
#define MICROCHIP_DEV_TYPE ATECC_DEV_TYPE
#endif
#ifndef MICROCHIP_DEV_TYPE
#ifdef WOLFSSL_ATECC508A
#define ATECC_DEV_TYPE ATECC508A
#else
#define ATECC_DEV_TYPE ATECC608A
#define MICROCHIP_DEV_TYPE ATECC508A
#elif defined(WOLFSSL_ATECC608A)
#define MICROCHIP_DEV_TYPE ATECC608A
#elif defined(WOLFSSL_MICROCHIP_TA100)
#define MICROCHIP_DEV_TYPE TA100
#endif
#endif
static int ateccx08a_cfg_initialized = 0;
static ATCAIfaceCfg cfg_ateccx08a_i2c_pi;
#if defined(WOLFSSL_ATECC608A) && defined(MICROCHIP_MPLAB_HARMONY_3)
/* Harmony3 will generate configuration based on user inputs */
extern ATCAIfaceCfg atecc608_0_init_data;
#endif
#ifndef WOLFSSL_ATCA_DEVICE_NO
/* Default to first device in the list*/
#define WOLFSSL_ATCA_DEVICE_NO 0
#endif
static ATCAIfaceCfg config_atmel_device[] = {
/* Enable and Select user configuration of device and parameters. */
#if defined(WOLFSSL_MANUALLY_SELECT_DEVICE_CONFIG)
WOLFSSL_MANUALLY_SELECT_DEVICE_CONFIG,
/* Try detecting all available device configs */
#elif defined(WOLFSSL_ATECC608A) && defined(MICROCHIP_MPLAB_HARMONY_3)
atecc608_0_init_data,
#endif
#ifdef ATCA_HAL_SPI
{
.iface_type = ATCA_SPI_IFACE,
.devtype = MICROCHIP_DEV_TYPE,
.atcaspi = {
.bus = 0,
.select_pin = 0,
.baud = 16000000,
},
.wake_delay = 1500,
.rx_retries = 20,
},
#endif
#ifdef ATCA_HAL_I2C
{
.iface_type = ATCA_I2C_IFACE,
.devtype = MICROCHIP_DEV_TYPE,
.atcai2c = {
#ifdef ATCA_ENABLE_DEPRECATED
.slave_addressus = 1,
#else
.address = ATECC_I2C_ADDR,
#endif
.baud = 400000,
},
.wake_delay = 1500,
.rx_retries = 20,
},
#endif
};
static ATCAIfaceCfg* gCfg = &config_atmel_device[WOLFSSL_ATCA_DEVICE_NO];
#if defined(WOLFSSL_MICROCHIP_TA100)
#ifndef SHARED_DATA_ADDR
#define SHARED_DATA_ADDR 0x8006
#endif
#define MAP_TO_HANDLE(value) (SHARED_DATA_ADDR + (value))
#else
#define MAP_TO_HANDLE(value) value
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
/*
TA_ElementAttributes contains data element attributes of the handle
which is of 8 byte
typedef struct
{
uint8_t element_CKA; //!< contains class, key_type & Algorithm mode
uint16_t property; //!< properties of the element
uint8_t usage_key; //!< usage key
uint8_t write_key; //!< write key
uint8_t read_key; //!< read key
uint8_t permission; //!< permission of the element usage|write|read|
//delete perm
uint8_t byte7_settings; //!< Byte 7 attributes use_count|exportable|
// lockable|access_limit
} ATCA_PACKED ta_element_attributes_t;
See Shared Data Element Attributes in the programming specifications
*/
static ta_element_attributes_t sharedData_attr[ATECC_MAX_SLOT] = {
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
};
static ta_element_attributes_t* gSharedDataAttr = sharedData_attr;
#endif /* WOLFSSL_MICROCHIP_TA100 */
#endif /* WOLFSSL_ATECC508A */
/**
@@ -105,7 +210,8 @@ static ATCAIfaceCfg cfg_ateccx08a_i2c_pi;
int atmel_get_random_number(uint32_t count, uint8_t* rand_out)
{
int ret = 0;
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
uint32_t i = 0;
uint32_t copy_count = 0;
uint8_t rng_buffer[RANDOM_NUM_SIZE];
@@ -180,8 +286,28 @@ long atmel_get_curr_time_and_date(long* tm)
}
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
/* Set the Shared Data configuration for wolfSSL to use.
*
* Return 0 on success, negative upon error */
int wc_Microchip_SetSharedDataConfig(ta_element_attributes_t* cfg)
{
WOLFSSL_MSG("Setting Shared Data configuration");
if (cfg == NULL) {
return -1;
}
/* copy configuration into our local struct */
(void)XMEMMOVE(gSharedDataAttr, cfg,
sizeof(ta_element_attributes_t)*ATECC_MAX_SLOT);
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
ateccx08a_cfg_initialized = 0;
return 0;
}
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
/* Set the ATECC configuration for wolfSSL to use.
*
@@ -192,25 +318,12 @@ int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg)
if (cfg == NULL) {
return -1;
}
/* Copy the full configuration into the active local device slot so
* non-I2C interface unions (for example ATCA_CUSTOM_IFACE callbacks)
* remain intact. */
XMEMCPY(gCfg, cfg, sizeof(*gCfg));
/* Copy whole struct so non-I2C interface unions (e.g. atcacustom function
* pointers when iface_type == ATCA_CUSTOM_IFACE) survive. The field-by-
* field assignments below then refresh the I2C-specific fields. */
XMEMCPY(&cfg_ateccx08a_i2c_pi, cfg, sizeof(cfg_ateccx08a_i2c_pi));
cfg_ateccx08a_i2c_pi.iface_type = cfg->iface_type;
cfg_ateccx08a_i2c_pi.devtype = cfg->devtype;
#ifdef ATCA_ENABLE_DEPRECATED
cfg_ateccx08a_i2c_pi.atcai2c.slave_address = cfg->atcai2c.slave_address;
#else
cfg_ateccx08a_i2c_pi.atcai2c.address = cfg->atcai2c.address;
#endif
cfg_ateccx08a_i2c_pi.atcai2c.bus = cfg->atcai2c.bus;
cfg_ateccx08a_i2c_pi.atcai2c.baud = cfg->atcai2c.baud;
cfg_ateccx08a_i2c_pi.wake_delay = cfg->wake_delay;
cfg_ateccx08a_i2c_pi.rx_retries = cfg->rx_retries;
cfg_ateccx08a_i2c_pi.cfg_data = cfg->cfg_data;
ateccx08a_cfg_initialized = 1;
ateccx08a_cfg_initialized = 0;
return 0;
}
@@ -286,6 +399,14 @@ int atmel_ecc_alloc(int slotType)
#else
break;
#endif
case ATMEL_SLOT_ECDHE_ALICE:
/* not reserved in mSlotList, so return */
slotId = ATECC_SLOT_ECDHE_PRIV_ALICE;
goto exit;
case ATMEL_SLOT_ECDHE_BOB:
/* not reserved in mSlotList, so return */
slotId = ATECC_SLOT_ECDHE_PRIV_BOB;
goto exit;
case ATMEL_SLOT_ANY:
for (i=0; i < ATECC_MAX_SLOT; i++) {
/* Find free slotId */
@@ -303,7 +424,8 @@ int atmel_ecc_alloc(int slotType)
}
/* is slot available */
if (mSlotList[slotId] != ATECC_INVALID_SLOT) {
if (mSlotList[slotId] != ATECC_INVALID_SLOT &&
mSlotList[slotId] != slotId ) {
slotId = ATECC_INVALID_SLOT;
}
else {
@@ -416,10 +538,12 @@ void atmel_show_rev_info(void)
#endif
}
#ifdef HAVE_ECC
int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms)
{
int ret;
uint8_t read_key[ATECC_KEY_SIZE];
#ifdef WOLFSSL_ATECC_ECDH_ENC
int slotIdEnc;
@@ -432,13 +556,20 @@ int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms)
ATECC_GET_ENC_KEY(read_key, sizeof(read_key));
#ifdef WOLFSSL_ATECC_ECDH_ENC
/* send the encrypted version of the ECDH command */
ret = atcab_ecdh_enc(slotId, peerKey, pms, read_key, slotIdEnc);
#ifdef WOLFSSL_MICROCHIP_TA100
(void)slotId;
ret = talib_ecdh_compat(atcab_get_device(), MAP_TO_HANDLE(slotIdEnc),
peerKey, pms);
#else
/* send the encrypted version of the ECDH command */
ret = atcab_ecdh_enc(MAP_TO_HANDLE(slotId), peerKey, pms, read_key,
MAP_TO_HANDLE(slotIdEnc));
#endif
#elif defined(WOLFSSL_ATECC_ECDH_IOENC)
/* encrypted ECDH command, using I/O protection key */
ret = atcab_ecdh_ioenc(slotId, peerKey, pms, read_key);
ret = atcab_ecdh_ioenc(MAP_TO_HANDLE(slotId), peerKey, pms, read_key);
#else
ret = atcab_ecdh(slotId, peerKey, pms);
ret = atcab_ecdh(MAP_TO_HANDLE(slotId), peerKey, pms);
#endif
ret = atmel_ecc_translate_err(ret);
@@ -447,21 +578,42 @@ int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms)
/* free the ECDHE slot */
atmel_ecc_free(slotIdEnc);
#endif
return ret;
}
int atmel_ecc_create_key(int slotId, byte* peerKey)
#ifdef WOLFSSL_MICROCHIP_TA100
static uint8_t getCurveType(int curve_id)
{
switch(curve_id)
{
case ECC_SECP256R1: return TA_KEY_TYPE_ECCP256;
case ECC_SECP224R1: return TA_KEY_TYPE_ECCP224;
case ECC_SECP384R1: return TA_KEY_TYPE_ECCP384;
case ECC_SECP256K1: return TA_KEY_TYPE_SECP256K1;
case ECC_BRAINPOOLP256R1: return TA_KEY_TYPE_ECCBP256R1;
case ECC_CURVE_DEF: return TA_KEY_TYPE_ECCP256; /* default */
default: WOLFSSL_MSG("Curve not identified");
return MICROCHIP_INVALID_ECC;
}
}
#endif /* WOLFSSL_MICROCHIP_TA100 */
int atmel_ecc_create_key(int slotId, int curve_id, byte* peerKey)
{
int ret;
#ifndef WOLFSSL_MICROCHIP_TA100
(void)curve_id;
#endif
/* verify provided slotId */
if (slotId == ATECC_INVALID_SLOT) {
return WC_HW_WAIT_E;
}
#ifdef WOLFSSL_MICROCHIP_TA100
if (getCurveType(curve_id) == MICROCHIP_INVALID_ECC)
return NOT_COMPILED_IN;
#endif
/* generate new ephemeral key on device */
ret = atcab_genkey(slotId, peerKey);
ret = atcab_genkey(MAP_TO_HANDLE(slotId), peerKey);
ret = atmel_ecc_translate_err(ret);
return ret;
}
@@ -480,7 +632,7 @@ int atmel_ecc_sign(int slotId, const byte* message, byte* signature)
return ECC_BAD_ARG_E;
#endif
ret = atcab_sign(slotId, message, signature);
ret = atcab_sign(MAP_TO_HANDLE(slotId), message, signature);
ret = atmel_ecc_translate_err(ret);
return ret;
}
@@ -498,15 +650,263 @@ int atmel_ecc_verify(const byte* message, const byte* signature,
return ret;
}
#endif /* WOLFSSL_ATECC508A */
#endif /* HAVE_ECC */
#endif /* WOLFSSL_ATECC508A || WOLFSSL_ATECC608A || WOLFSSL_MICROCHIP_TA100 */
#ifdef WOLFSSL_MICROCHIP_TA100
#ifndef NO_RSA
int wc_Microchip_rsa_create_key(struct RsaKey* key, int size, long e)
{
ATCA_STATUS ret;
ta_element_attributes_t rKeyA, uKeyA;
size_t uKey_len = WOLFSSL_TA_KEY_TYPE_RSA_SIZE;
(void)size;
(void)e;
ret = talib_handle_init_private_key(&rKeyA, WOLFSSL_TA_KEY_TYPE_RSA,
TA_ALG_MODE_RSA_SSA_PSS,TA_PROP_SIGN_INT_EXT_DIGEST,
TA_PROP_KEY_AGREEMENT_OUT_BUFF);
if (ret != ATCA_SUCCESS) return WC_HW_E;
ret = talib_create_element(atcab_get_device(), &rKeyA, &key->rKeyH);
if (ret != ATCA_SUCCESS) return WC_HW_E;
ret = talib_handle_init_public_key(&uKeyA, WOLFSSL_TA_KEY_TYPE_RSA,
TA_ALG_MODE_RSA_SSA_PSS, TA_PROP_VAL_NO_SECURE_BOOT_SIGN,
TA_PROP_ROOT_PUB_KEY_VERIFY);
if (ret != ATCA_SUCCESS) return WC_HW_E;
ret = talib_create_element(atcab_get_device(), &uKeyA, &key->uKeyH);
if (ret != ATCA_SUCCESS) return WC_HW_E;
ret = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY,
(uint32_t)key->rKeyH, key->uKey, &uKey_len);
if (ret != ATCA_SUCCESS) return WC_HW_E;
/* Write the RSA public key to the handle. */
ret = talib_write_pub_key(atcab_get_device(), key->uKeyH, (uint16_t)uKey_len,
key->uKey);
ret = atmel_ecc_translate_err(ret);
return ret;
}
int wc_Microchip_rsa_sign(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key)
{
int ret;
uint16_t sign_size = outLen; /* WOLFSSL_TA_KEY_TYPE_RSA_SIZE */
byte hash_data[WC_SHA256_DIGEST_SIZE];
if ((ret = wc_Sha256Hash(in, inLen, hash_data)) != 0) {
return ret;
}
ret = talib_sign_external(atcab_get_device(), WOLFSSL_TA_KEY_TYPE_RSA,
key->rKeyH, TA_HANDLE_INPUT_BUFFER, hash_data,
WC_SHA256_DIGEST_SIZE, out, &sign_size);
ret = atmel_ecc_translate_err(ret);
return ret;
}
int wc_Microchip_rsa_verify(const byte* in, word32 inLen, byte* sig, word32 sigLen,
RsaKey* key, int* pVerified)
{
int ret;
bool verified = false;
byte hash_data[WC_SHA256_DIGEST_SIZE];
if ((ret = wc_Sha256Hash(in, inLen, hash_data)) != 0) {
return ret;
}
ret = talib_verify(atcab_get_device(), WOLFSSL_TA_KEY_TYPE_RSA,
TA_HANDLE_INPUT_BUFFER, key->uKeyH, sig,
sigLen, hash_data, WC_SHA256_DIGEST_SIZE, NULL,
sigLen, &verified);
ret = atmel_ecc_translate_err(ret);
if (pVerified)
*pVerified = (int)verified;
return ret;
}
int wc_Microchip_rsa_encrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key)
{
int ret;
/* Encrypt the plaintext with the rsa public key in handle */
ret = talib_rsaenc_encrypt(atcab_get_device(), key->uKeyH,
inLen, in, outLen, out);
ret = atmel_ecc_translate_err(ret);
return ret;
}
int wc_Microchip_rsa_decrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
int ret;
/* Decrypt the ciphertext with the rsa private key in handle */
ret = talib_rsaenc_decrypt(atcab_get_device(), key->rKeyH,
inLen, in, outLen, out);
ret = atmel_ecc_translate_err(ret);
return ret;
}
void wc_Microchip_rsa_free(struct RsaKey* key)
{
if (key->rKeyH)
(void)talib_delete_handle(atcab_get_device(), (uint32_t)key->rKeyH);
if (key->uKeyH)
(void)talib_delete_handle(atcab_get_device(), (uint32_t)key->uKeyH);
}
#endif /* NO_RSA */
#ifdef WOLFSSL_ATECC_DEBUG
static void atmel_print_info(ta_element_attributes_t attr)
{
printf("{0x%02x, 0x%04x, 0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x},\n",
attr.element_CKA, attr.property, attr.usage_key, attr.write_key,
attr.read_key, attr.permission , attr.byte7_settings);
}
static void atmel_Handle_Attributes(void)
{
ATCA_STATUS status;
ta_element_attributes_t attributes;
(void) status;
printf("Symmetric key AES \n"
"Symmetric key HMAC \n"
"Public key ECC \n"
"Public key RSA \n"
"Private key ECC - sign \n"
"Private key ECC - keygen \n");
status = talib_handle_init_symmetric_key(&attributes, TA_KEY_TYPE_AES128,
TA_PROP_SYMM_KEY_USAGE_ANY);
/* Symmetric key AES */
atmel_print_info(attributes);
status = talib_handle_init_symmetric_key(&attributes, TA_KEY_TYPE_HMAC,
TA_PROP_SYMM_KEY_USAGE_MAC);
/* Symmetric key HMAC */
atmel_print_info(attributes);
status = talib_handle_init_public_key(&attributes, TA_KEY_TYPE_ECCP256,
TA_ALG_MODE_ECC_ECDSA, TA_PROP_VAL_NO_SECURE_BOOT_SIGN,
TA_PROP_ROOT_PUB_KEY_VERIFY);
/* Public key ECC */
atmel_print_info(attributes);
status = talib_handle_init_public_key(&attributes, WOLFSSL_TA_KEY_TYPE_RSA,
TA_ALG_MODE_RSA_SSA_PSS, TA_PROP_VAL_NO_SECURE_BOOT_SIGN,
TA_PROP_ROOT_PUB_KEY_VERIFY);
/* Public key RSA */
atmel_print_info(attributes);
status = talib_handle_init_private_key(&attributes, TA_KEY_TYPE_ECCP256,
TA_ALG_MODE_ECC_ECDH, TA_PROP_SIGN_INT_EXT_DIGEST,
TA_PROP_KEY_AGREEMENT_OUT_BUFF);
/* Private key ECC - sign */
atmel_print_info(attributes);
/* Byte 0 Element Attribute */
attributes.element_CKA = TA_CLASS_PRIVATE_KEY |
(uint8_t)(TA_KEY_TYPE_ECCP256 << TA_HANDLE_INFO_KEY_TYPE_SHIFT) |
(uint8_t)(TA_ALG_MODE_ECC_ECDSA << TA_HANDLE_INFO_ALG_MODE_SHIFT);
attributes.property = (uint16_t)0x00 /*Public Key Handle*/ |
(uint16_t)(0x00 << TA_PROP_SESSION_KEY_SHIFT) |
(uint16_t)(0x00 << TA_PROP_KEY_GEN_SHIFT) |
(uint16_t)(TA_PROP_SIGN_INT_EXT_DIGEST << TA_PROP_SIGN_USE_SHIFT) |
(uint16_t)(TA_PROP_NO_KEY_AGREEMENT << TA_PROP_KEY_AGREEMENT_SHIFT);
/* Byte 3 Element Attribute */
attributes.usage_key = 0x00;
/* Byte 4 Element Attribute */
attributes.write_key = 0x00;
/* Byte 5 Element Attribute */
attributes.read_key = 0x00;
/* Byte 6 Element Attribute */
attributes.permission = TA_PERM_USAGE(TA_PERM_ALWAYS) |
TA_PERM_WRITE(TA_PERM_ALWAYS)| TA_PERM_READ(TA_PERM_ALWAYS) |
TA_PERM_DELETE(TA_PERM_ALWAYS);
/* Byte 7 Element Attribute */
attributes.byte7_settings = ((0x00 & 0x03) << 0) /*Use Count*/ |
TA_NOT_EXPORTABLE_FROM_CHIP_MASK | TA_PERMANENTLY_NOT_LOCKABLE_MASK |
TA_ACCESS_LIMIT_ALWAYS_MASK | (0 << 7) /*Intrusion Detection (N/A here)*/;
/* Private key ECC - keygen */
atmel_print_info(attributes);
}
#endif
#define CHECK_STATUS(s) \
if (s != ATCA_SUCCESS) \
{ \
printf("Error: Line %d in File %s\r\n", __LINE__, __FILE__); \
printf("STATUS = %X\r\n", s); \
printf("See atca_status.h for error code \r\n"); \
return atmel_ecc_translate_err(s); \
}
static int atmel_createHandles(void)
{
ATCA_STATUS status;
uint8_t is_handle_valid = 0;
uint16_t shared_handle = SHARED_DATA_ADDR;
int i;
#ifdef WOLFSSL_ATECC_DEBUG
atmel_Handle_Attributes();
printf("atmel_Handle_Attributes() finished \n\n");
#endif
for (i = 0; i < ATECC_MAX_SLOT; i++ ) {
status = talib_is_handle_valid(atcab_get_device(),
(uint32_t)shared_handle, &is_handle_valid);
CHECK_STATUS(status);
#ifdef WOLFSSL_ATECC_DEBUG
atmel_print_info(gSharedDataAttr[i]);
#endif
if(is_handle_valid == 0x01) {
/* Handle already Exists */;
#ifndef WOLFSSL_NO_DEL_HANDLE
status = talib_delete_handle(atcab_get_device(),
(uint32_t)shared_handle);
CHECK_STATUS(status);
#else
shared_handle += 1;
continue;
#endif
}
status = talib_create_element_with_handle(atcab_get_device(),
shared_handle, &gSharedDataAttr[i]);
CHECK_STATUS(status);
shared_handle += 1;
}
return 0;
}
#endif /* WOLFSSL_MICROCHIP_TA100 */
int atmel_init(void)
{
int ret = 0;
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
#if defined(WOLFSSL_ATECC608A)
/*Harmony3 will generate configuration based on user inputs*/
@@ -540,31 +940,19 @@ int atmel_init(void)
#ifdef MICROCHIP_MPLAB_HARMONY_3
atcab_release();
atcab_wakeup();
#ifdef WOLFSSL_ATECC608A
wolfCrypt_ATECC_SetConfig(&atecc608_0_init_data);
#endif
#endif
if (ateccx08a_cfg_initialized == 0) {
/* Setup the hardware interface using defaults */
XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi));
cfg_ateccx08a_i2c_pi.iface_type = ATCA_I2C_IFACE;
cfg_ateccx08a_i2c_pi.devtype = ATECC_DEV_TYPE;
#ifdef ATCA_ENABLE_DEPRECATED
cfg_ateccx08a_i2c_pi.atcai2c.slave_address = ATECC_I2C_ADDR;
#else
cfg_ateccx08a_i2c_pi.atcai2c.address = ATECC_I2C_ADDR;
#endif
cfg_ateccx08a_i2c_pi.atcai2c.bus = ATECC_I2C_BUS;
cfg_ateccx08a_i2c_pi.atcai2c.baud = 400000;
cfg_ateccx08a_i2c_pi.wake_delay = 1500;
cfg_ateccx08a_i2c_pi.rx_retries = 20;
}
/* Initialize the CryptoAuthLib to communicate with ATECC508A */
status = atcab_init(&cfg_ateccx08a_i2c_pi);
if (status != ATCA_SUCCESS) {
WOLFSSL_MSG("Failed to initialize atcab");
return WC_HW_E;
status = atcab_init(gCfg);
/* Initialize the CryptoAuthLib to communicate with */
if (status != ATCA_SUCCESS) {
WOLFSSL_MSG("Failed to initialize atcab");
return WC_HW_E;
}
#ifdef WOLFSSL_MICROCHIP_TA100
/* create handles for TA100 */
atmel_createHandles();
#endif
}
/* show revision information */
@@ -594,7 +982,8 @@ int atmel_init(void)
void atmel_finish(void)
{
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
if (mAtcaInitDone) {
atcab_release();
@@ -633,7 +1022,7 @@ int atcatls_create_key_cb(WOLFSSL* ssl, ecc_key* key, unsigned int keySz,
return WC_HW_WAIT_E;
/* generate new ephemeral key on device */
ret = atmel_ecc_create_key(slotId, peerKey);
ret = atmel_ecc_create_key(MAP_TO_HANDLE(slotId), ecc_curve, peerKey);
/* load generated ECC508A public key into key, used by wolfSSL */
if (ret == 0) {
@@ -710,7 +1099,8 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
tmpKey.slot = slotId;
/* generate new ephemeral key on device */
ret = atmel_ecc_create_key(slotId, peerKey);
ret = atmel_ecc_create_key(MAP_TO_HANDLE(slotId), otherKey->dp->id,
peerKey);
if (ret != ATCA_SUCCESS) {
atmel_ecc_free(slotId);
goto exit;
@@ -751,7 +1141,7 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
ret = atmel_ecc_create_pms(tmpKey.slot, peerKey, out);
*outlen = ATECC_KEY_SIZE;
#ifndef WOLFSSL_ATECC508A_NOIDLE
#if !defined(WOLFSSL_ATECC508A_NOIDLE) && !defined(WOLFSSL_MICROCHIP_TA100)
/* put chip into idle to prevent watchdog situation on chip */
atcab_idle();
#endif
@@ -840,12 +1230,12 @@ int atcatls_sign_certificate_cb(WOLFSSL* ssl, const byte* in, unsigned int inSz,
return WC_HW_WAIT_E;
/* We can only sign with P-256 */
ret = atmel_ecc_sign(slotId, in, sigRs);
ret = atmel_ecc_sign(MAP_TO_HANDLE(slotId), in, sigRs);
if (ret != ATCA_SUCCESS) {
ret = WC_HW_E; goto exit;
}
#ifndef WOLFSSL_ATECC508A_NOIDLE
#if !defined(WOLFSSL_ATECC508A_NOIDLE) && !defined(WOLFSSL_MICROCHIP_TA100)
/* put chip into idle to prevent watchdog situation on chip */
atcab_idle();
#endif
@@ -930,7 +1320,7 @@ int atcatls_verify_signature_cb(WOLFSSL* ssl, const byte* sig,
ret = WC_HW_E; goto exit;
}
#ifndef WOLFSSL_ATECC508A_NOIDLE
#if !defined(WOLFSSL_ATECC508A_NOIDLE) && !defined(WOLFSSL_MICROCHIP_TA100)
/* put chip into idle to prevent watchdog situation on chip */
atcab_idle();
#endif
@@ -963,6 +1353,7 @@ exit:
return ret;
}
#ifdef ATCA_TFLEX_SUPPORT
static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
{
#ifndef ATCATLS_SIGNER_CERT_MAX_SIZE
@@ -980,7 +1371,6 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
#endif
int ret = 0;
ATCA_STATUS status;
size_t signerCertSize = ATCATLS_SIGNER_CERT_MAX_SIZE;
size_t deviceCertSize = ATCATLS_DEVICE_CERT_MAX_SIZE;
uint8_t certBuffer[ATCATLS_CERT_BUFF_MAX_SIZE];
@@ -990,6 +1380,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
#endif
#ifdef WOLFSSL_ATECC_TNGTLS
ATCA_STATUS status;
ret = tng_atcacert_max_signer_cert_size(&signerCertSize);
if (ret != ATCACERT_E_SUCCESS) {
#ifdef WOLFSSL_ATECC_DEBUG
@@ -1026,8 +1417,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
#endif
return -1;
}
#endif
#endif /* WOLFSSL_ATECC_TNGTLS */
#ifdef WOLFSSL_ATECC_TFLXTLS
/* MAKE SURE TO COPY YOUR CUSTOM CERTIFICATE FILES UNDER CAL/tng
* Verify variable names, here below the code uses typical tflxtls
@@ -1099,6 +1489,8 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
return ret;
}
#endif /* ATCA_TFLEX_SUPPORT */
#endif /* ATCA_TFLEX_SUPPORT */
int atcatls_set_callbacks(WOLFSSL_CTX* ctx)
{
@@ -1107,6 +1499,8 @@ int atcatls_set_callbacks(WOLFSSL_CTX* ctx)
wolfSSL_CTX_SetEccVerifyCb(ctx, atcatls_verify_signature_cb);
wolfSSL_CTX_SetEccSignCb(ctx, atcatls_sign_certificate_cb);
wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb);
#ifdef ATCA_TFLEX_SUPPORT
#if defined(WOLFSSL_ATECC_TNGTLS) || defined(WOLFSSL_ATECC_TFLXTLS)
ret = atcatls_set_certificates(ctx);
if (ret != 0) {
@@ -1115,6 +1509,7 @@ int atcatls_set_callbacks(WOLFSSL_CTX* ctx)
#endif
}
#endif
#endif /* ATCA_TFLEX_SUPPORT */
return ret;
}
@@ -1130,4 +1525,117 @@ int atcatls_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
#endif /* HAVE_PK_CALLBACKS */
#endif /* WOLFSSL_ATMEL || WOLFSSL_ATECC508A || WOLFSSL_ATECC_PKCB */
#if defined(WOLFSSL_MICROCHIP_TA100) && !defined(NO_AES) && \
defined(HAVE_AESGCM) && defined(WOLFSSL_MICROCHIP_AESGCM)
int wc_Microchip_aes_set_key(Aes* aes, const byte* key, word32 keylen,
const byte* iv, int dir)
{
ATCA_STATUS status;
bool is_locked = false;
(void)dir;
(void)iv;
if (aes == NULL) {
return BAD_FUNC_ARG;
}
aes->key_id = atmel_ecc_alloc(ATMEL_SLOT_ENCKEY);
if (aes->key_id == ATECC_INVALID_SLOT) {
return WC_HW_WAIT_E;
}
aes->keylen = keylen;
aes->rounds = keylen/4 + 6;
XMEMCPY(aes->key, key, keylen);
status = talib_write_element(atcab_get_device(), MAP_TO_HANDLE(aes->key_id),
TA_KEY_TYPE_AES128_SIZE, (const uint8_t*)key);
/*status = talib_write_bytes_zone(atcab_get_device(), (uint8_t)ATCA_ZONE_DATA,
MAP_TO_HANDLE(aes->key_id), 0, (const uint8_t*)key,
(const size_t)keylen);
*/
CHECK_STATUS(status);
status = talib_aes_gcm_keyload(atcab_get_device(), aes->key_id, keylen);
CHECK_STATUS(status);
(void)is_locked;
/* Test if data zone is locked */
status = talib_is_setup_locked(atcab_get_device(), &is_locked);
if (!is_locked) {
status = talib_lock_setup(atcab_get_device());
CHECK_STATUS(status);
}
return atmel_ecc_translate_err(status);
}
void wc_Microchip_aes_free(Aes* aes)
{
(void)aes;
}
static int wc_Microchip_AesGcmCommon(Aes* aes, byte* out, const byte* in,
word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz, int dir)
{
ATCA_STATUS status;
atca_aes_gcm_ctx_t ctx;
(void)out;
(void)in;
(void)sz;
(void)iv;
(void)ivSz;
(void)authTag;
(void)authTagSz;
(void)authIn;
(void)authInSz;
(void)dir;
(void)ctx;
if (aes == NULL) {
return BAD_FUNC_ARG;
}
if (dir != AES_ENCRYPTION &&
dir != AES_DECRYPTION) {
return BAD_FUNC_ARG;
}
if (dir == AES_ENCRYPTION) {
status = talib_aes_gcm_encrypt(atcab_get_device(), authIn,
authInSz, iv, in, sz, out, authTag);
CHECK_STATUS(status);
}
else {
status = talib_aes_gcm_decrypt(atcab_get_device(), authIn,
authInSz, iv, authTag, in, sz, out);
/* Add cipher to gcm */
status = atcab_aes_gcm_decrypt_update(&ctx, in, sz, out);
CHECK_STATUS(status);
}
return atmel_ecc_translate_err(status);
}
int wc_Microchip_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
return wc_Microchip_AesGcmCommon(aes, out, in, sz, iv, ivSz, authTag,
authTagSz, authIn, authInSz, AES_ENCRYPTION);
}
int wc_Microchip_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
return wc_Microchip_AesGcmCommon(aes, out, in, sz, iv, ivSz, (byte*)authTag,
authTagSz, authIn, authInSz, AES_DECRYPTION);
}
#endif /* WOLFSSL_MICROCHIP_TA100 && !NO_AES && HAVE_AESGCM */
+29 -2
View File
@@ -729,7 +729,9 @@ int wc_FreeRsaKey(RsaKey* key)
#if defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
wc_fspsm_RsaKeyFree(key);
#endif
#ifdef WOLFSSL_MICROCHIP_TA100
wc_Microchip_rsa_free(key);
#endif
return ret;
}
@@ -3642,6 +3644,16 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
return cc310_RsaSSL_Sign(in, inLen, out, outLen, key,
cc310_hashModeRSA(hash, 0));
}
#elif defined(WOLFSSL_MICROCHIP_TA100)
if (rsa_type == RSA_PUBLIC_ENCRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
return wc_Microchip_rsa_encrypt(in, inLen, out, outLen, key);
}
else if (rsa_type == RSA_PRIVATE_ENCRYPT &&
pad_value == RSA_BLOCK_TYPE_1) {
return wc_Microchip_rsa_sign(in, inLen, out, outLen, key);
}
#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) {
return se050_rsa_public_encrypt(in, inLen, out, outLen, key,
@@ -3809,6 +3821,17 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
return cc310_RsaSSL_Verify(in, inLen, out, key,
cc310_hashModeRSA(hash, 0));
}
#elif defined(WOLFSSL_MICROCHIP_TA100)
if (rsa_type == RSA_PRIVATE_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
return wc_Microchip_rsa_decrypt(in, inLen, out, outLen, key);
}
else if (rsa_type == RSA_PUBLIC_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_1) {
int tmp;
return wc_Microchip_rsa_verify(in, inLen, out, outLen, key, &tmp);
}
#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) {
ret = se050_rsa_private_decrypt(in, inLen, out, outLen, key,
@@ -5239,7 +5262,8 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#ifndef WC_NO_RNG
#if !defined(WOLFSSL_CRYPTOCELL) && \
(!defined(WOLFSSL_SE050) || defined(WOLFSSL_SE050_NO_RSA)) && \
!defined(WOLF_CRYPTO_CB_ONLY_RSA)
!defined(WOLF_CRYPTO_CB_ONLY_RSA) && \
!defined(WOLFSSL_MICROCHIP_TA100)
#ifdef WOLFSSL_SMALL_STACK
mp_int *p = NULL;
mp_int *q = NULL;
@@ -5282,6 +5306,9 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#if defined(WOLFSSL_CRYPTOCELL)
err = cc310_RSA_GenerateKeyPair(key, size, e);
goto out;
#elif defined(WOLFSSL_MICROCHIP_TA100)
err = wc_Microchip_rsa_create_key(key, size, e);
goto out;
#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
err = se050_rsa_create_key(key, size, e);
goto out;
+3 -2
View File
@@ -139,7 +139,8 @@ Threading/Mutex options:
#endif
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A)
defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif
#if defined(WOLFSSL_RENESAS_TSIP)
@@ -381,7 +382,7 @@ int wolfCrypt_Init(void)
#endif
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A)
defined(WOLFSSL_ATECC608A) || defined(WOLFSSL_MICROCHIP_TA100)
ret = atmel_init();
if (ret != 0) {
WOLFSSL_MSG("CryptoAuthLib init failed");
+60 -33
View File
@@ -926,7 +926,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void);
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) && \
!defined(WOLFSSL_SE050)
@@ -3042,7 +3043,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
TEST_PASS("ECC Enc test passed!\n");
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) && \
!defined(WOLFSSL_SE050)
@@ -23109,7 +23111,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
#endif /* !NO_RSA */
#if !defined(NO_RSA) || !defined(NO_DSA)
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_MICROCHIP)
static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
#endif
@@ -26058,7 +26060,8 @@ exit_rsa:
}
#endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_MICROCHIP_TA100)
static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -26072,7 +26075,8 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
#else
byte der[1280];
#endif
#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLFSSL_MICROCHIP)
word32 idx = 0;
#endif
int derSz = 0;
@@ -26133,7 +26137,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
#else
derSz = sizeof(der);
#endif
#if !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT)
#if !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT) && !defined(WOLFSSL_MICROCHIP)
derSz = wc_RsaKeyToDer(genKey, der, derSz);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
@@ -26149,19 +26153,18 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
ret = wc_InitRsaKey(genKey, HEAP_HINT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLFSSL_MICROCHIP)
idx = 0;
/* The private key part of key pairs generated inside a secure element
* (CryptoCell, SE050) stays in hardware and isn't available to
* (CryptoCell, SE050, Microchip) stays in hardware and isn't available to
* wc_RsaKeyToDer, so the exported DER can't be parsed back as a
* complete RSAPrivateKey. */
ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, (word32)derSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif /* WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 */
#endif /* !WC_TEST_SKIP_RSA_PRIVATE_EXPORT */
#endif /* !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 && !WOLFSSL_MICROCHIP */
#endif /* !WC_TEST_SKIP_RSA_PRIVATE_EXPORT && !WOLFSSL_MICROCHIP */
exit_rsa:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -27020,7 +27023,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif /* WOLFSSL_CERT_EXT */
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ret = rsa_keygen_test(&rng);
if (ret != 0)
goto exit_rsa;
@@ -36554,7 +36558,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
int curve_id, const ecc_set_type* dp)
{
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
word32 y;
@@ -36591,7 +36596,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
word32 x = 0;
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
#endif
@@ -36607,7 +36613,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
if (sharedA == NULL || sharedB == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#endif
@@ -36662,6 +36669,9 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
#endif
#ifndef WC_NO_RNG
#if defined(WOLFSSL_MICROCHIP_TA100)
userA->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_ALICE);
#endif
ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -36691,9 +36701,13 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
TEST_SLEEP();
#endif
/* ATECC508/608 configuration may not support more than one ECDH key */
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_MICROCHIP_TA100)
userB->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_BOB);
#endif
/* ATECC508/608 configuration may not support more than one ECDH key */
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -36809,7 +36823,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
#ifdef HAVE_ECC_DHE
y = ECC_SHARED_SIZE;
do {
@@ -36978,7 +36993,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_KCAPI_ECC) && \
!defined(WC_TEST_SKIP_ECC_PRIVATE_EXPORT)
!defined(WC_TEST_SKIP_ECC_PRIVATE_EXPORT) && \
!defined(WOLFSSL_MICROCHIP_TA100)
x = ECC_KEY_EXPORT_BUF_SIZE;
ret = wc_ecc_export_private_only(userA, exportBuf, &x);
if (ret != 0)
@@ -37020,7 +37036,10 @@ done:
WC_FREE_VAR(sig, HEAP_HINT);
WC_FREE_VAR(digest, HEAP_HINT);
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
atmel_ecc_free(ATMEL_SLOT_ECDHE_ALICE);
atmel_ecc_free(ATMEL_SLOT_ECDHE_BOB);
#endif
(void)keySize;
(void)curve_id;
(void)rng;
@@ -37058,7 +37077,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
return ret;
}
}
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_MICROCHIP_TA100)
#if FIPS_VERSION3_GE(6,0,0)
skip_A:
#endif
@@ -37113,6 +37132,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static wc_test_ret_t ecc_point_test(void)
@@ -37429,7 +37449,7 @@ static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_MICROCHIP_TA100)
static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
{
@@ -37543,7 +37563,8 @@ done:
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP)
static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
{
wc_test_ret_t ret;
@@ -37627,10 +37648,11 @@ done:
}
#endif
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
#if !defined(WOLFSSL_MICROCHIP) && \
defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
!defined(WOLFSSL_CRYPTOCELL)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_MICROCHIP_TA100)
static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
{
wc_test_ret_t ret;
@@ -37728,7 +37750,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
!defined(WOLFSSL_CRYPTOCELL)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_MICROCHIP)
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
@@ -37774,14 +37796,16 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
}
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_MICROCHIP_TA100)
ret = ecc_exp_imp_test(key);
if (ret < 0)
goto done;
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP)
ret = ecc_mulmod_test(key);
if (ret < 0)
goto done;
@@ -39612,6 +39636,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
goto done;
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
ret = ecc_point_test();
@@ -39745,8 +39770,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
}
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
ret = ecc_test_make_pub(&rng);
if (ret != 0) {
printf("ecc_test_make_pub failed!\n");
@@ -40605,7 +40631,8 @@ done:
#endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) && \
!defined(WOLFSSL_SE050)
+3
View File
@@ -312,6 +312,9 @@ struct Aes {
byte keyIdSet;
byte useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */
#endif
#ifdef WOLFSSL_MICROCHIP_TA100
word16 key_id; /* use word16 instead of uint16_t for mplabx */
#endif
#ifdef HAVE_CAVIUM_OCTEON_SYNC
word32 y0;
#endif
+13 -6
View File
@@ -46,7 +46,8 @@
#include <wolfssl/wolfcrypt/async.h>
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif /* WOLFSSL_ATECC508A */
@@ -165,7 +166,8 @@ enum {
ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
/* max crypto hardware size */
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
#elif defined(PLUTON_CRYPTO_ECC)
@@ -531,7 +533,8 @@ struct ecc_key {
word32 keyId;
byte keyIdSet;
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
int slot; /* Key Slot Number (-1 unknown) */
byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
#endif
@@ -708,8 +711,11 @@ WOLFSSL_LOCAL
int wc_ecc_shared_secret_gen_sync(ecc_key* private_key,
ecc_point* point, byte* out, word32* outlen);
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(PLUTON_CRYPTO_ECC) && !defined(WOLFSSL_CRYPTOCELL)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100) || \
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret
#else
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
#endif
@@ -826,7 +832,8 @@ int wc_ecc_point_is_at_infinity(ecc_point *p);
WOLFSSL_API
int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx);
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
WOLFSSL_API
int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R,
mp_int* a, mp_int* modulus, int map);
+73 -10
View File
@@ -27,20 +27,25 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_ATECC_PKCB)
#undef SHA_BLOCK_SIZE
#include <cryptoauthlib.h>
#endif
/* ATECC508A/608A only supports ECC P-256 */
#define ATECC_KEY_SIZE (32)
#define ATECC_PUBKEY_SIZE (ATECC_KEY_SIZE*2) /* X and Y */
#define ATECC_SIG_SIZE (ATECC_KEY_SIZE*2) /* R and S */
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_ATECC_PKCB) || defined(WOLFSSL_MICROCHIP_TA100)
#undef SHA_BLOCK_SIZE
#include <cryptoauthlib.h>
#include <calib/calib_command.h>
#endif
#if defined(WOLFSSL_MICROCHIP_TA100) && defined(HAVE_AESGCM)
#include <cryptoauthlib/calib/calib_aes_gcm.h>
#endif
#ifndef ATECC_MAX_SLOT
#define ATECC_MAX_SLOT (0x8) /* Only use 0-7 */
#endif
#define ATECC_INVALID_SLOT (0xFF)
#define MICROCHIP_INVALID_ECC (0xFF)
/* Device Key for signing */
#ifndef ATECC_SLOT_AUTH_PRIV
@@ -66,6 +71,12 @@
#define ATECC_SLOT_ENC_PARENT (0x7)
#endif
#endif
#ifndef ATECC_SLOT_ECDHE_PRIV_ALICE
#define ATECC_SLOT_ECDHE_PRIV_ALICE (0x1)
#endif
#ifndef ATECC_SLOT_ECDHE_PRIV_BOB
#define ATECC_SLOT_ECDHE_PRIV_BOB (0x3)
#endif
/* ATECC_KEY_SIZE required for ecc.h */
#include <wolfssl/wolfcrypt/ecc.h>
@@ -85,7 +96,8 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out);
#endif
long atmel_get_curr_time_and_date(long* tm);
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100)
enum atmelSlotType {
ATMEL_SLOT_ANY,
@@ -93,6 +105,8 @@ enum atmelSlotType {
ATMEL_SLOT_DEVICE,
ATMEL_SLOT_ECDHE,
ATMEL_SLOT_ECDHE_ENC,
ATMEL_SLOT_ECDHE_ALICE,
ATMEL_SLOT_ECDHE_BOB,
};
int atmel_ecc_alloc(int slotType);
@@ -108,21 +122,70 @@ int atmel_get_rev_info(word32* revision);
void atmel_show_rev_info(void);
WOLFSSL_API int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg);
#if defined(WOLFSSL_MICROCHIP_TA100)
WOLFSSL_API int wc_Microchip_SetSharedDataConfig(ta_element_attributes_t* cfg);
#endif
/* The macro ATECC_GET_ENC_KEY can be set to override the default
encryption key with your own at build-time */
#ifndef ATECC_GET_ENC_KEY
#define ATECC_GET_ENC_KEY(enckey, keysize) atmel_get_enc_key_default((enckey), (keysize))
#endif
int atmel_get_enc_key_default(byte* enckey, word16 keysize);
#ifdef HAVE_ECC
int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms);
int atmel_ecc_create_key(int slotId, byte* peerKey);
int atmel_ecc_create_key(int slotId, int curve_id, byte* peerKey);
int atmel_ecc_sign(int slotId, const byte* message, byte* signature);
int atmel_ecc_verify(const byte* message, const byte* signature,
const byte* pubkey, int* pVerified);
#endif /* HAVE_ECC */
#endif /* WOLFSSL_ATECC508A */
#if defined(WOLFSSL_MICROCHIP_TA100)
#if !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_MICROCHIP_AESGCM)
#include <wolfssl/wolfcrypt/aes.h>
WOLFSSL_LOCAL int wc_Microchip_AesGcmEncrypt(Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
WOLFSSL_LOCAL int wc_Microchip_AesGcmDecrypt(Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
WOLFSSL_LOCAL int wc_Microchip_aes_set_key(Aes* aes, const byte* key,
word32 len, const byte* iv, int dir);
WOLFSSL_LOCAL void wc_Microchip_aes_free(Aes* aes);
#endif /* !NO_AES && HAVE_AESGCM */
#ifndef NO_RSA
WOLFSSL_LOCAL int wc_Microchip_rsa_create_key(RsaKey* key, int size, long e);
WOLFSSL_LOCAL void wc_Microchip_rsa_free(RsaKey* key);
WOLFSSL_LOCAL int wc_Microchip_rsa_sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
WOLFSSL_LOCAL int wc_Microchip_rsa_verify(const byte* in, word32 inLen,
byte* sig, word32 sigLen, RsaKey* key,
int* pVerified);
WOLFSSL_LOCAL int wc_Microchip_rsa_encrypt(const byte* in, word32 inLen,
byte* out, word32 outLen, RsaKey* key);
WOLFSSL_LOCAL int wc_Microchip_rsa_decrypt(const byte* in, word32 inLen,
byte* out, word32 outLen, RsaKey* key);
#ifndef WOLFSSL_SP_NO_2048
#define WOLFSSL_TA_KEY_TYPE_RSA TA_KEY_TYPE_RSA2048
#define WOLFSSL_TA_KEY_TYPE_RSA_SIZE TA_KEY_TYPE_RSA2048_SIZE
#elif WOLFSSL_SP_NO_3072
#define WOLFSSL_TA_KEY_TYPE_RSA TA_KEY_TYPE_RSA3072
#define WOLFSSL_TA_KEY_TYPE_RSA_SIZE TA_KEY_TYPE_RSA3072_SIZE
#else
#error Microchip requires enabling 2048 or 3072 RSA.*/
#endif
#endif /* NO_RSA */
#endif /* WOLFSSL_MICROCHIP_TA100 */
#ifdef HAVE_PK_CALLBACKS
int atcatls_create_key_cb(struct WOLFSSL* ssl, struct ecc_key* key, unsigned int keySz,
int ecc_curve, void* ctx);
+8
View File
@@ -141,6 +141,9 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif /* WOLFSSL_MICROCHIP_TA100 */
#if FIPS_VERSION3_GE(6,0,0)
#define WC_RSA_FIPS_GEN_MIN 2048
@@ -220,6 +223,11 @@ struct RsaKey {
word32 keyId;
byte keyIdSet;
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
uint16_t rKeyH; /* private key handle */
uint16_t uKeyH; /* public key handle */
byte uKey[TA_KEY_TYPE_RSA2048_SIZE]; /* public key */
#endif
#ifdef WOLF_CRYPTO_CB
void* devCtx;
int devId;
+12 -1
View File
@@ -1227,7 +1227,9 @@
#endif
#endif
#ifdef WOLFSSL_ATECC508A
/*#ifdef WOLFSSL_ATECC508A*/
#if defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_MICROCHIP_TA100)
/* backwards compatibility */
#ifndef WOLFSSL_ATECC_NO_ECDH_ENC
#define WOLFSSL_ATECC_ECDH_ENC
@@ -3197,6 +3199,15 @@ extern void uITRON4_free(void *p) ;
#define USE_ECC_B_PARAM
#endif
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && defined(HAVE_ECC) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
#undef USE_ECC_B_PARAM
#define USE_ECC_B_PARAM
#endif
/* Curve25519 Configs */
#ifdef HAVE_CURVE25519