From 896fcd9aecb91d8dfd45299f018e1e24b3025153 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 20 Apr 2020 14:59:00 -0600 Subject: [PATCH] add WOLFSSL_ATECC6088A, Trust&GO support, PIC32 HAL compatibility, 608A expansions --- src/ssl.c | 3 +- tests/api.c | 12 ++- wolfcrypt/src/ecc.c | 94 +++++++++++--------- wolfcrypt/src/port/atmel/README.md | 27 +++--- wolfcrypt/src/port/atmel/atmel.c | 125 +++++++++++++++++++++------ wolfcrypt/src/random.c | 35 ++++---- wolfcrypt/src/wc_port.c | 6 +- wolfcrypt/test/test.c | 51 +++++++---- wolfssl/wolfcrypt/ecc.h | 13 +-- wolfssl/wolfcrypt/port/atmel/atmel.h | 21 +++-- wolfssl/wolfcrypt/settings.h | 8 ++ 11 files changed, 266 insertions(+), 129 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 9362b6bdc..6d85d2285 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -32961,7 +32961,8 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, return WOLFSSL_SUCCESS; } -#if !defined(WOLFSSL_ATECC508A) && !defined(HAVE_SELFTEST) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(HAVE_SELFTEST) /* Calculate the value: generator * n + q * m * return code compliant with OpenSSL : * 1 if success, 0 if error diff --git a/tests/api.c b/tests/api.c index 81889c5f5..0e9a59e5e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17310,7 +17310,8 @@ static int test_wc_ecc_pointFns (void) int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \ - !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) + !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) ecc_key key; WC_RNG rng; ecc_point* point = NULL; @@ -17485,7 +17486,8 @@ static int test_wc_ecc_shared_secret_ssh (void) int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \ - !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) + !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) ecc_key key, key2; WC_RNG rng; int keySz = KEY32; @@ -17572,7 +17574,8 @@ static int test_wc_ecc_verify_hash_ex (void) int ret = 0; #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \ - && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) + && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) ecc_key key; WC_RNG rng; mp_int r; @@ -17702,7 +17705,8 @@ static int test_wc_ecc_mulmod (void) int ret = 0; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \ - !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_VALIDATE_ECC_IMPORT)) + !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(WOLFSSL_VALIDATE_ECC_IMPORT)) ecc_key key1, key2, key3; WC_RNG rng; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 598733980..1d1241300 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1160,7 +1160,7 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen); #if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \ - !defined(WOLFSSL_ATECC508A) + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, mp_int* prime, mp_int* order); #endif @@ -1509,7 +1509,7 @@ static void alt_fp_init(mp_int* a) #endif /* ALT_ECC_SIZE */ -#ifndef WOLFSSL_ATECC508A +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_PUBLIC_ECC_ADD_DBL) @@ -3534,7 +3534,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outlen) { int err; -#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) +#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) CRYS_ECDH_TempData_t tempBuff; #endif if (private_key == NULL || public_key == NULL || out == NULL || @@ -3568,7 +3569,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, return ECC_BAD_ARG_E; } -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* For SECP256R1 use hardware */ if (private_key->dp->id == ECC_SECP256R1) { err = atmel_ecc_create_pms(private_key->slot, public_key->pubkey_raw, out); @@ -3599,7 +3600,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, } -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, byte* out, word32* outlen, ecc_curve_spec* curve) @@ -3882,7 +3884,8 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, #endif /* HAVE_ECC_DHE */ -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) /* return 1 if point is at infinity, 0 if not, < 0 on error */ int wc_ecc_point_is_at_infinity(ecc_point* p) { @@ -3963,7 +3966,7 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, ecc_point* pubOut) { int err = MP_OKAY; -#ifndef WOLFSSL_ATECC508A +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) #ifndef WOLFSSL_SP_MATH ecc_point* base = NULL; #endif @@ -3975,7 +3978,7 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, return BAD_FUNC_ARG; } -#ifndef WOLFSSL_ATECC508A +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) /* if ecc_point passed in then use it as output for public key point */ if (pubOut != NULL) { @@ -4126,12 +4129,14 @@ WOLFSSL_ABI int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) { int err; -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) #ifndef WOLFSSL_SP_MATH DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT); #endif #endif /* !WOLFSSL_ATECC508A */ -#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) +#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) const CRYS_ECPKI_Domain_t* pDomain; CRYS_ECPKI_KG_TempData_t tempBuff; CRYS_ECPKI_KG_FipsContext_t fipsCtx; @@ -4178,7 +4183,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */ -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) if (key->dp->id == ECC_SECP256R1) { key->type = ECC_PRIVATEKEY; key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE); @@ -4451,7 +4456,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) (void)devId; #endif -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) key->slot = ATECC_INVALID_SLOT; #else #ifdef ALT_ECC_SIZE @@ -4553,8 +4558,8 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp) #ifndef NO_ASN -#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || \ - defined(WOLFSSL_CRYPTOCELL) +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, mp_int* r, mp_int* s, byte* out, word32 *outlen, WC_RNG* rng, ecc_key* key) @@ -4564,26 +4569,24 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, if (key->devId != INVALID_DEVID) /* use hardware */ #endif { - #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) + #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) CRYS_ECDSA_SignUserContext_t sigCtxTemp; word32 raw_sig_size = *outlen; word32 msgLenInBytes = inlen; CRYS_ECPKI_HASH_OpMode_t hash_mode; #endif word32 keysize = (word32)key->dp->size; + #ifdef PLUTON_CRYPTO_ECC word32 orderBits = wc_ecc_get_curve_order_bit_count(key->dp); + #endif /* Check args */ if (keysize > ECC_MAX_CRYPTO_HW_SIZE || *outlen < keysize*2) { return ECC_BAD_ARG_E; } - #if defined(WOLFSSL_ATECC508A) - key->slot = atmel_ecc_alloc(ATMEL_SLOT_DEVICE); - if (key->slot == ATECC_INVALID_SLOT) { - return ECC_BAD_ARG_E; - } - + #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* Sign: Result is 32-bytes of R then 32-bytes of S */ err = atmel_ecc_sign(key->slot, in, out); if (err != 0) { @@ -4799,7 +4802,8 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, } /* hardware crypto */ -#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) err = wc_ecc_sign_hash_hw(in, inlen, r, s, out, outlen, rng, key); #else err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s); @@ -4835,7 +4839,8 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, { return stm32_ecc_sign_hash_ex(in, inlen, rng, key, r, s); } -#elif !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#elif !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) /** Sign a message digest in The message digest to sign @@ -5330,7 +5335,7 @@ int wc_ecc_free(ecc_key* key) wc_ecc_free_async(key); #endif -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) atmel_ecc_free(key->slot); key->slot = ATECC_INVALID_SLOT; #endif /* WOLFSSL_ATECC508A */ @@ -5349,7 +5354,8 @@ int wc_ecc_free(ecc_key* key) return 0; } -#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_CRYPTOCELL) #ifdef ECC_SHAMIR /** Computes kA*A + kB*B = C using Shamir's Trick @@ -5842,7 +5848,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, { int err; word32 keySz; -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) byte sigRS[ATECC_KEY_SIZE*2]; #elif defined(WOLFSSL_CRYPTOCELL) byte sigRS[ECC_MAX_CRYPTO_HW_SIZE*2]; @@ -5902,7 +5908,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, } #endif -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* Extract R and S */ err = mp_to_unsigned_bin(r, &sigRS[0]); if (err != MP_OKAY) { @@ -6702,7 +6708,8 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, #endif /* HAVE_ECC_KEY_EXPORT */ -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) /* is ecc point on curve described by dp ? */ int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) @@ -6910,14 +6917,14 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) static int ecc_check_privkey_gen_helper(ecc_key* key) { int err; -#ifndef WOLFSSL_ATECC508A +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) DECLARE_CURVE_SPECS(curve, 2); #endif if (key == NULL) return BAD_FUNC_ARG; -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* Hardware based private key, so this operation is not supported */ err = MP_OKAY; /* just report success */ @@ -7023,7 +7030,8 @@ int wc_ecc_check_key(ecc_key* key) { int err; #ifndef WOLFSSL_SP_MATH -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) mp_int* b = NULL; #ifdef USE_ECC_B_PARAM DECLARE_CURVE_SPECS(curve, 4); @@ -7038,9 +7046,10 @@ int wc_ecc_check_key(ecc_key* key) if (key == NULL) return BAD_FUNC_ARG; -#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_CRYPTOCELL) +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(WOLFSSL_CRYPTOCELL) - err = 0; /* consider key check success on ATECC508A */ + err = 0; /* consider key check success on ATECC508/608A */ #else #ifdef USE_ECC_B_PARAM @@ -7214,7 +7223,7 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, inLen -= 1; in += 1; -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* For SECP256R1 only save raw public key for hardware */ if (curve_id == ECC_SECP256R1 && inLen <= sizeof(key->pubkey_raw)) { #ifdef HAVE_COMP_KEY @@ -7381,7 +7390,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, (key->type != ECC_PRIVATEKEY && key->type != ECC_PRIVATEKEY_ONLY)) return BAD_FUNC_ARG; - #ifdef WOLFSSL_ATECC508A + #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* Hardware cannot export private portion */ return NOT_COMPILED_IN; #else @@ -7459,7 +7468,8 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, int curve_id) { int ret; -#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) +#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) const CRYS_ECPKI_Domain_t* pDomain; CRYS_ECPKI_BUILD_TempData_t tempBuff; #endif @@ -7490,7 +7500,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, if (ret != 0) return ret; -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* Hardware does not support loading private keys */ return NOT_COMPILED_IN; #elif defined(WOLFSSL_CRYPTOCELL) @@ -7776,7 +7786,8 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, const char* qy, const char* d, int curve_id, int encType) { int err = MP_OKAY; -#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) +#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) const CRYS_ECPKI_Domain_t* pDomain; CRYS_ECPKI_BUILD_TempData_t tempBuff; byte key_raw[ECC_MAX_CRYPTO_HW_SIZE*2 + 1]; @@ -7834,7 +7845,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, if (err == MP_OKAY) err = mp_set(key->pubkey.z, 1); -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* For SECP256R1 only save raw public key for hardware */ if (err == MP_OKAY && curve_id == ECC_SECP256R1) { word32 keySz = key->dp->size; @@ -7877,7 +7888,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, /* import private key */ if (err == MP_OKAY) { if (d != NULL && d[0] != '\0') { - #ifdef WOLFSSL_ATECC508A + #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* Hardware doesn't support loading private key */ err = NOT_COMPILED_IN; @@ -10255,7 +10266,8 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #ifdef HAVE_COMP_KEY -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) #ifndef WOLFSSL_SP_MATH int do_mp_jacobi(mp_int* a, mp_int* n, int* c); diff --git a/wolfcrypt/src/port/atmel/README.md b/wolfcrypt/src/port/atmel/README.md index 50352fcd2..e9a76d32d 100644 --- a/wolfcrypt/src/port/atmel/README.md +++ b/wolfcrypt/src/port/atmel/README.md @@ -1,13 +1,12 @@ # Microchip/Atmel ATECC508A/ATECC608A Support -Support for ATECC508A using these methods: -* TLS: Using the PK callbacks and reference ATECC508A callbacks. See Coding section below. Requires options `HAVE_PK_CALLBACKS` and `WOLFSSL_ATECC_PKCB or WOLFSSL_ATECC508A` -* wolfCrypt: Native wc_ecc_* API's using the `./configure CFLAGS="-DWOLFSSL_ATECC508A"` or `#define WOLFSSL_ATECC508A`. +wolfSSL includes support for ATECC508A and ATECC608A using these methods: +* TLS: Using the PK callbacks and reference ATECC508/608A callbacks. See Coding section below. Requires options `HAVE_PK_CALLBACKS` and `WOLFSSL_ATECC_PKCB or WOLFSSL_ATECC508A/WOLFSSL_ATECC608A` +* wolfCrypt: Native wc_ecc_* API's using the `./configure CFLAGS="-DWOLFSSL_ATECC608A"`, `#define WOLFSSL_ATECC508A`, or `#define WOLFSSL_ATECC608A`. ## Dependency -Requires the Microchip CryptoAuthLib. The examples in `wolfcrypt/src/port/atmel/atmel.c` make calls to the `atcatls_*` API's. - +Requires the Microchip CryptoAuthLib library. The examples in `wolfcrypt/src/port/atmel/atmel.c` make calls to the `atcatls_*` API's. ## Building @@ -15,7 +14,14 @@ Requires the Microchip CryptoAuthLib. The examples in `wolfcrypt/src/port/atmel/ * `HAVE_PK_CALLBACKS`: Option for enabling wolfSSL's PK callback support for TLS. * `WOLFSSL_ATECC508A`: Enables support for initializing the CryptoAuthLib and setting up the encryption key used for the I2C communication. +* `WOLFSSL_ATECC608A`: Same as above, but for the ATECC608A module. * `WOLFSSL_ATECC_PKCB`: Enables support for the reference PK callbacks without init. +* `WOLFSSL_ATECC_RNG`: Enables support for ATECC RNG. +* `WOLFSSL_ATECC_SHA256`: Enables support for ATECC SHA-256. +* `WOLFSSL_ATECC_ECDH_ENC`: Enable use of atcab_ecdh_enc() for encrypted ECDH. +* `WOLFSSL_ATECC_ECDH_IOENC`: Enable use of atcab_ecdh_ioenc() for encrypted ECDH. +* `WOLFSSL_ATECC_TNGTLS`: Enable support for Microchip Trust&GO module configuration. +* `WOLFSSL_ATECC_DEBUG`: Enable wolfSSL ATECC debug messages. * `WOLFSSL_ATMEL`: Enables ASF hooks seeding random data using the `atmel_get_random_number` function. * `WOLFSSL_ATMEL_TIME`: Enables the built-in `atmel_get_curr_time_and_date` function get getting time from ASF RTC. * `ATECC_GET_ENC_KEY`: Macro to define your own function for getting the encryption key. @@ -30,16 +36,15 @@ Requires the Microchip CryptoAuthLib. The examples in `wolfcrypt/src/port/atmel/ or -`./configure CFLAGS="-DWOLFSSL_ATECC508A"` -`#define WOLFSSL_ATECC508A` - +`./configure CFLAGS="-DWOLFSSL_ATECC608A"` +`#define WOLFSSL_ATECC608A` ## Coding Setup the PK callbacks for TLS using: ``` -/* Setup PK Callbacks for ATECC508A */ +/* Setup PK Callbacks for ATECC508/608A */ WOLFSSL_CTX* ctx; wolfSSL_CTX_SetEccKeyGenCb(ctx, atcatls_create_key_cb); wolfSSL_CTX_SetEccVerifyCb(ctx, atcatls_verify_signature_cb); @@ -47,7 +52,7 @@ wolfSSL_CTX_SetEccSignCb(ctx, atcatls_sign_certificate_cb); wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb); ``` -The reference ATECC508A PK callback functions are located in the `wolfcrypt/src/port/atmel/atmel.c` file. +The reference ATECC508/608A PK callback functions are located in the `wolfcrypt/src/port/atmel/atmel.c` file. Adding a custom context to the callbacks: @@ -91,4 +96,4 @@ ATECC508A HW accelerated implementation: `EC-DSA verify time 208.400 milliseconds, avg over 5 iterations, 24.038 ops/sec` -For details see our [wolfSSL Atmel ATECC508A](https://wolfssl.com/wolfSSL/wolfssl-atmel.html) page. +For details see our [wolfSSL Atmel ATECC508/608A](https://wolfssl.com/wolfSSL/wolfssl-atmel.html) page. diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 04d2aeb3d..27da811a1 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -25,7 +25,8 @@ #include -#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC_PKCB) +#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \ + defined(WOLFSSL_ATECC608A) || defined(WOLFSSL_ATECC_PKCB) #include #include @@ -50,7 +51,7 @@ #include -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) #ifdef WOLFSSL_ATECC508A_TLS extern ATCA_STATUS device_init_default(void); @@ -68,14 +69,23 @@ static wolfSSL_Mutex mSlotMutex; /* Raspberry Pi uses /dev/i2c-1 */ #ifndef ATECC_I2C_ADDR -#define ATECC_I2C_ADDR 0xC0 + #ifdef WOLFSSL_ATECC_TNGTLS + #define ATECC_I2C_ADDR 0x6A + #else + #define ATECC_I2C_ADDR 0xC0 + #endif #endif #ifndef ATECC_I2C_BUS #define ATECC_I2C_BUS 1 #endif #ifndef ATECC_DEV_TYPE -#define ATECC_DEV_TYPE ATECC508A + #ifdef WOLFSSL_ATECC508A + #define ATECC_DEV_TYPE ATECC508A + #else + #define ATECC_DEV_TYPE ATECC608A + #endif #endif +static int ateccx08a_cfg_initialized = 0; static ATCAIfaceCfg cfg_ateccx08a_i2c_pi; #endif /* WOLFSSL_ATECC508A */ @@ -86,7 +96,7 @@ static ATCAIfaceCfg cfg_ateccx08a_i2c_pi; int atmel_get_random_number(uint32_t count, uint8_t* rand_out) { int ret = 0; -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) uint8_t i = 0; uint32_t copy_count = 0; uint8_t rng_buffer[RANDOM_NUM_SIZE]; @@ -161,7 +171,33 @@ long atmel_get_curr_time_and_date(long* tm) #endif -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) + +/* Set the ATECC configuration for wolfSSL to use. + * + * Return 0 on success, negative upon error */ +int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg) +{ + WOLFSSL_MSG("Setting ATECC ATCAIfaceCfg configuration"); + if (cfg == NULL) { + return -1; + } + + /* copy configuration into our local struct */ + XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi)); + cfg_ateccx08a_i2c_pi.iface_type = cfg->iface_type; + cfg_ateccx08a_i2c_pi.devtype = cfg->devtype; + cfg_ateccx08a_i2c_pi.atcai2c.slave_address = cfg->atcai2c.slave_address; + cfg_ateccx08a_i2c_pi.atcai2c.bus = cfg->atcai2c.bus; + cfg_ateccx08a_i2c_pi.atcai2c.baud = cfg->atcai2c.baud; + cfg_ateccx08a_i2c_pi.wake_delay = cfg->wake_delay; + cfg_ateccx08a_i2c_pi.rx_retries = cfg->rx_retries; + cfg_ateccx08a_i2c_pi.cfg_data = cfg->cfg_data; + + ateccx08a_cfg_initialized = 1; + + return 0; +} int atmel_ecc_translate_err(int status) { @@ -173,7 +209,7 @@ int atmel_ecc_translate_err(int status) case ATCA_ALLOC_FAILURE: return MEMORY_E; default: - #ifdef WOLFSSL_ATECC508A_DEBUG + #ifdef WOLFSSL_ATECC_DEBUG printf("ATECC Failure: %x\n", (word32)status); #endif break; @@ -223,7 +259,12 @@ int atmel_ecc_alloc(int slotType) break; case ATMEL_SLOT_ECDHE_ENC: slotId = ATECC_SLOT_ENC_PARENT; + #ifdef WOLFSSL_ATECC_TNGTLS + /* not reserved in mSlotList, so return */ + goto exit; + #else break; + #endif case ATMEL_SLOT_ANY: for (i=0; i < ATECC_MAX_SLOT; i++) { /* Find free slotId */ @@ -263,7 +304,11 @@ void atmel_ecc_free(int slotId) mSlotDealloc(slotId); } else if (slotId >= 0 && slotId < ATECC_MAX_SLOT) { - if (slotId != ATECC_SLOT_AUTH_PRIV && slotId != ATECC_SLOT_I2C_ENC) { + if (slotId != ATECC_SLOT_AUTH_PRIV && slotId != ATECC_SLOT_I2C_ENC +#ifdef WOLFSSL_ATECC_TNGTLS + && slotId != ATMEL_SLOT_ECDHE_ENC +#endif + ) { /* Mark slotId free */ mSlotList[slotId] = ATECC_INVALID_SLOT; } @@ -298,6 +343,7 @@ static int atmel_init_enc_key(void) uint8_t writeBlock = 0; uint8_t writeOffset = 0; int slotId; + bool isLocked = false; slotId = atmel_ecc_alloc(ATMEL_SLOT_ENCKEY); @@ -305,6 +351,15 @@ static int atmel_init_enc_key(void) if (slotId == ATECC_INVALID_SLOT) return BAD_FUNC_ARG; + /* skip if slot has already been locked */ + ret = atcab_is_slot_locked(slotId, &isLocked); + if (ret != ATCA_SUCCESS) { + return atmel_ecc_translate_err(ret); + + } else if (isLocked) { + return 0; + } + /* get encryption key */ ATECC_GET_ENC_KEY(read_key, sizeof(read_key)); @@ -326,7 +381,7 @@ int atmel_get_rev_info(word32* revision) void atmel_show_rev_info(void) { -#ifdef WOLFSSL_ATECC508A_DEBUG +#ifdef WOLFSSL_ATECC_DEBUG word32 revision = 0; atmel_get_rev_info(&revision); printf("ATECC508A Revision: %x\n", (word32)revision); @@ -337,21 +392,33 @@ int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms) { int ret; uint8_t read_key[ATECC_KEY_SIZE]; +#ifdef WOLFSSL_ATECC_ECDH_ENC int slotIdEnc; slotIdEnc = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_ENC); if (slotIdEnc == ATECC_INVALID_SLOT) return BAD_FUNC_ARG; +#endif /* get encryption key */ ATECC_GET_ENC_KEY(read_key, sizeof(read_key)); +#ifdef WOLFSSL_ATECC_ECDH_ENC /* send the encrypted version of the ECDH command */ ret = atcab_ecdh_enc(slotId, peerKey, pms, read_key, slotIdEnc); - ret = atmel_ecc_translate_err(ret); +#elif defined(WOLFSSL_ATECC_ECDH_IOENC) + /* encrypted ECDH command, using I/O protection key */ + ret = atcab_ecdh_ioenc(slotId, peerKey, pms, read_key); +#else + ret = atcab_ecdh(slotId, peerKey, pms); +#endif + ret = atmel_ecc_translate_err(ret); + ForceZero(read_key, sizeof(read_key)); +#ifdef WOLFSSL_ATECC_ECDH_ENC /* free the ECDHE slot */ atmel_ecc_free(slotIdEnc); +#endif return ret; } @@ -398,7 +465,7 @@ int atmel_init(void) { int ret = 0; -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) if (!mAtcaInitDone) { ATCA_STATUS status; int i; @@ -409,7 +476,11 @@ int atmel_init(void) /* Init the free slotId list */ for (i=0; i + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int ret = 0; + + (void)os; + if (output == NULL) { + return BUFFER_E; + } + + ret = atmel_get_random_number(sz, output); + + return ret; + } #elif defined(MICROCHIP_PIC32) @@ -2116,23 +2134,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } -#elif defined(WOLFSSL_ATMEL) - #include - - int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) - { - int ret = 0; - - (void)os; - if (output == NULL) { - return BUFFER_E; - } - - ret = atmel_get_random_number(sz, output); - - return ret; - } - #elif defined(INTIME_RTOS) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index bb847fe94..cc2572953 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -46,7 +46,8 @@ #include #endif -#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) +#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \ + defined(WOLFSSL_ATECC608A) #include #endif #if defined(WOLFSSL_RENESAS_TSIP) @@ -180,7 +181,8 @@ int wolfCrypt_Init(void) } #endif - #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) + #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \ + defined(WOLFSSL_ATECC608A) ret = atmel_init(); if (ret != 0) { WOLFSSL_MSG("CryptoAuthLib init failed"); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 25d0cf24c..420a269f5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -343,7 +343,9 @@ int scrypt_test(void); #ifdef HAVE_ECC_ENCRYPT int ecc_encrypt_test(void); #endif - #ifdef USE_CERT_BUFFERS_256 + #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) + /* skip for ATECC508/608A, cannot import private key buffers */ int ecc_test_buffers(void); #endif #endif @@ -1013,7 +1015,9 @@ initDefaultName(); else test_pass("ECC Enc test passed!\n"); #endif - #ifdef USE_CERT_BUFFERS_256 + #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) + /* skip for ATECC508/608A, cannot import private key buffers */ if ( (ret = ecc_test_buffers()) != 0) return err_sys("ECC buffer test failed!\n", ret); else @@ -18535,7 +18539,8 @@ done: static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, int curve_id, const ecc_set_type* dp) { -#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) +#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); #endif @@ -18543,7 +18548,8 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, byte exportBuf[MAX_ECC_BYTES * 2 + 32]; #endif word32 x = 0; -#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) +#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) word32 y; #endif #ifdef HAVE_ECC_SIGN @@ -18608,6 +18614,9 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, goto done; TEST_SLEEP(); +/* ATECC508/608 configuration may not support more than one ECDH key */ +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) + ret = wc_ecc_make_key_ex(rng, keySize, &userB, curve_id); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); @@ -18695,6 +18704,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, wc_ecc_set_flags(&userA, 0); wc_ecc_set_flags(&userB, 0); #endif /* HAVE_ECC_CDH */ +#endif /* WOLFSSL_ATECC508A */ #ifdef HAVE_ECC_KEY_EXPORT x = sizeof(exportBuf); @@ -18713,6 +18723,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, if (ret != 0) goto done; +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) #ifdef HAVE_ECC_DHE y = ECC_SHARED_SIZE; do { @@ -18768,6 +18779,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, TEST_SLEEP(); #endif /* HAVE_ECC_DHE */ #endif /* HAVE_COMP_KEY */ +#endif /* WOLFSSL_ATECC508A */ #endif /* HAVE_ECC_KEY_IMPORT */ #endif /* HAVE_ECC_KEY_EXPORT */ @@ -18852,7 +18864,8 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, #endif /* HAVE_ECC_VERIFY */ #endif /* HAVE_ECC_SIGN */ -#ifdef HAVE_ECC_KEY_EXPORT +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WOLFSSL_ATECC508) && \ + !defined(WOLFSSL_ATECC608A) x = sizeof(exportBuf); ret = wc_ecc_export_private_only(&userA, exportBuf, &x); if (ret != 0) @@ -18931,8 +18944,8 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) } #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) -#if !defined(WOLFSSL_ATECC508A) && defined(HAVE_ECC_KEY_IMPORT) && \ - defined(HAVE_ECC_KEY_EXPORT) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) static int ecc_point_test(void) { int ret; @@ -19225,7 +19238,8 @@ static int ecc_sig_test(WC_RNG* rng, ecc_key* key) } #endif -#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) static int ecc_exp_imp_test(ecc_key* key) { int ret; @@ -19336,7 +19350,8 @@ done: } #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) static int ecc_mulmod_test(ecc_key* key1) { @@ -19450,12 +19465,14 @@ static int ecc_def_curve_test(WC_RNG *rng) if (ret < 0) goto done; #endif -#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) ret = ecc_exp_imp_test(&key); if (ret < 0) goto done; #endif -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) ret = ecc_mulmod_test(&key); if (ret < 0) @@ -20024,8 +20041,8 @@ int ecc_test(void) if (ret < 0) { goto done; } -#if !defined(WOLFSSL_ATECC508A) && defined(HAVE_ECC_KEY_IMPORT) && \ - defined(HAVE_ECC_KEY_EXPORT) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) ret = ecc_point_test(); if (ret < 0) { goto done; @@ -20082,13 +20099,14 @@ int ecc_test(void) goto done; } #endif -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_STM32_PKA) +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_STM32_PKA) ret = ecc_test_make_pub(&rng); if (ret != 0) { printf("ecc_test_make_pub failed!: %d\n", ret); goto done; } -#else +#elif defined(HAVE_ECC_KEY_IMPORT) (void) ecc_test_make_pub;/* for compiler warning */ #endif #ifdef WOLFSSL_CERT_GEN @@ -20275,7 +20293,8 @@ done: #endif /* HAVE_ECC_ENCRYPT */ -#ifdef USE_CERT_BUFFERS_256 +#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) int ecc_test_buffers(void) { size_t bytes; ecc_key cliKey; diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index f67a3930b..4d9eb2c01 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -50,7 +50,7 @@ #endif #endif -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) #include #endif /* WOLFSSL_ATECC508A */ @@ -127,7 +127,7 @@ enum { ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ), /* max crypto hardware size */ -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), #elif defined(PLUTON_CRYPTO_ECC) @@ -369,7 +369,7 @@ struct ecc_key { void* heap; /* heap hint */ ecc_point pubkey; /* public key */ mp_int k; /* private key */ -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) int slot; /* Key Slot Number (-1 unknown) */ byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; #endif @@ -427,7 +427,7 @@ extern const size_t ecc_sets_count; WOLFSSL_API const char* wc_ecc_get_name(int curve_id); -#ifndef WOLFSSL_ATECC508A +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) #ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL #define ECC_API WOLFSSL_API @@ -472,7 +472,8 @@ WOLFSSL_API int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen); -#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret #else #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */ @@ -571,7 +572,7 @@ int wc_ecc_cmp_point(ecc_point* a, ecc_point *b); WOLFSSL_API int wc_ecc_point_is_at_infinity(ecc_point *p); -#ifndef WOLFSSL_ATECC508A +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) WOLFSSL_API int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map); diff --git a/wolfssl/wolfcrypt/port/atmel/atmel.h b/wolfssl/wolfcrypt/port/atmel/atmel.h index 70035130c..9b891f025 100644 --- a/wolfssl/wolfcrypt/port/atmel/atmel.h +++ b/wolfssl/wolfcrypt/port/atmel/atmel.h @@ -27,14 +27,15 @@ #include #include -#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC_PKCB) +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(WOLFSSL_ATECC_PKCB) #undef SHA_BLOCK_SIZE #define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP #include #undef SHA_BLOCK_SIZE #endif -/* ATECC508A only supports ECC P-256 */ +/* ATECC508A/608A only supports ECC P-256 */ #define ATECC_KEY_SIZE (32) #define ATECC_PUBKEY_SIZE (ATECC_KEY_SIZE*2) /* X and Y */ #define ATECC_SIG_SIZE (ATECC_KEY_SIZE*2) /* R and S */ @@ -53,11 +54,19 @@ #endif /* Symmetric encryption key */ #ifndef ATECC_SLOT_I2C_ENC -#define ATECC_SLOT_I2C_ENC (0x04) + #ifdef WOLFSSL_ATECC_TNGTLS + #define ATECC_SLOT_I2C_ENC (0x06) + #else + #define ATECC_SLOT_I2C_ENC (0x04) + #endif #endif /* Parent encryption key */ #ifndef ATECC_SLOT_ENC_PARENT -#define ATECC_SLOT_ENC_PARENT (0x7) + #ifdef WOLFSSL_ATECC_TNGTLS + #define ATECC_SLOT_ENC_PARENT (0x6) + #else + #define ATECC_SLOT_ENC_PARENT (0x7) + #endif #endif /* ATECC_KEY_SIZE required for ecc.h */ @@ -78,7 +87,7 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out); #endif long atmel_get_curr_time_and_date(long* tm); -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) enum atmelSlotType { ATMEL_SLOT_ANY, @@ -100,6 +109,8 @@ int atmel_ecc_translate_err(int status); int atmel_get_rev_info(word32* revision); void atmel_show_rev_info(void); +WOLFSSL_API int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg); + /* The macro ATECC_GET_ENC_KEY can be set to override the default encryption key with your own at build-time */ #ifndef ATECC_GET_ENC_KEY diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 917027971..32bf31eb3 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -383,6 +383,14 @@ #endif #endif +#ifdef WOLFSSL_ATECC508A + /* backwards compatibility */ + #define WOLFSSL_ATECC_ECDH_ENC + #ifdef WOLFSSL_ATECC508A_DEBUG + #define WOLFSSL_ATECC_DEBUG + #endif +#endif + #ifdef MBED #define WOLFSSL_USER_IO #define NO_FILESYSTEM