wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 00:29:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

add WOLFSSL_ATECC6088A, Trust&GO support, PIC32 HAL compatibility, 608A expansions

Browse Source
This commit is contained in:
Chris Conlon
2020-04-20 14:59:00 -06:00
parent 8ebd121cac
commit 896fcd9aec
11 changed files with 266 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
wolfcrypt/src/ecc.c
View File

@@ -1160,7 +1160,7 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
#if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \
!defined(WOLFSSL_ATECC508A)
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order);
#endif
@@ -1509,7 +1509,7 @@ static void alt_fp_init(mp_int* a)
#endif /* ALT_ECC_SIZE */
#ifndef WOLFSSL_ATECC508A
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_PUBLIC_ECC_ADD_DBL)
@@ -3534,7 +3534,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
word32* outlen)
{
int err;
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
CRYS_ECDH_TempData_t tempBuff;
#endif
if (private_key == NULL || public_key == NULL || out == NULL ||
@@ -3568,7 +3569,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
return ECC_BAD_ARG_E;
}
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* For SECP256R1 use hardware */
if (private_key->dp->id == ECC_SECP256R1) {
err = atmel_ecc_create_pms(private_key->slot, public_key->pubkey_raw, out);
@@ -3599,7 +3600,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
byte* out, word32* outlen, ecc_curve_spec* curve)
@@ -3882,7 +3884,8 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
#endif /* HAVE_ECC_DHE */
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
/* return 1 if point is at infinity, 0 if not, < 0 on error */
int wc_ecc_point_is_at_infinity(ecc_point* p)
{
@@ -3963,7 +3966,7 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
ecc_point* pubOut)
{
int err = MP_OKAY;
#ifndef WOLFSSL_ATECC508A
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
#ifndef WOLFSSL_SP_MATH
ecc_point* base = NULL;
#endif
@@ -3975,7 +3978,7 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
return BAD_FUNC_ARG;
}
#ifndef WOLFSSL_ATECC508A
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
/* if ecc_point passed in then use it as output for public key point */
if (pubOut != NULL) {
@@ -4126,12 +4129,14 @@ WOLFSSL_ABI
int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
{
int err;
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
#ifndef WOLFSSL_SP_MATH
DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT);
#endif
#endif /* !WOLFSSL_ATECC508A */
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_KG_TempData_t tempBuff;
CRYS_ECPKI_KG_FipsContext_t fipsCtx;
@@ -4178,7 +4183,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
}
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
if (key->dp->id == ECC_SECP256R1) {
key->type = ECC_PRIVATEKEY;
key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE);
@@ -4451,7 +4456,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
(void)devId;
#endif
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
key->slot = ATECC_INVALID_SLOT;
#else
#ifdef ALT_ECC_SIZE
@@ -4553,8 +4558,8 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp)
#ifndef NO_ASN
#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || \
defined(WOLFSSL_CRYPTOCELL)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
mp_int* r, mp_int* s, byte* out, word32 *outlen, WC_RNG* rng,
ecc_key* key)
@@ -4564,26 +4569,24 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
if (key->devId != INVALID_DEVID) /* use hardware */
#endif
{
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
CRYS_ECDSA_SignUserContext_t sigCtxTemp;
word32 raw_sig_size = *outlen;
word32 msgLenInBytes = inlen;
CRYS_ECPKI_HASH_OpMode_t hash_mode;
#endif
word32 keysize = (word32)key->dp->size;
#ifdef PLUTON_CRYPTO_ECC
word32 orderBits = wc_ecc_get_curve_order_bit_count(key->dp);
#endif
/* Check args */
if (keysize > ECC_MAX_CRYPTO_HW_SIZE || *outlen < keysize*2) {
return ECC_BAD_ARG_E;
}
#if defined(WOLFSSL_ATECC508A)
key->slot = atmel_ecc_alloc(ATMEL_SLOT_DEVICE);
if (key->slot == ATECC_INVALID_SLOT) {
return ECC_BAD_ARG_E;
}
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* Sign: Result is 32-bytes of R then 32-bytes of S */
err = atmel_ecc_sign(key->slot, in, out);
if (err != 0) {
@@ -4799,7 +4802,8 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
}
/* hardware crypto */
#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
err = wc_ecc_sign_hash_hw(in, inlen, r, s, out, outlen, rng, key);
#else
err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
@@ -4835,7 +4839,8 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
{
return stm32_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
}
#elif !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL)
#elif !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
/**
Sign a message digest
in The message digest to sign
@@ -5330,7 +5335,7 @@ int wc_ecc_free(ecc_key* key)
wc_ecc_free_async(key);
#endif
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
atmel_ecc_free(key->slot);
key->slot = ATECC_INVALID_SLOT;
#endif /* WOLFSSL_ATECC508A */
@@ -5349,7 +5354,8 @@ int wc_ecc_free(ecc_key* key)
return 0;
}
#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL)
#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_CRYPTOCELL)
#ifdef ECC_SHAMIR
/** Computes kA*A + kB*B = C using Shamir's Trick
@@ -5842,7 +5848,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
{
int err;
word32 keySz;
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
byte sigRS[ATECC_KEY_SIZE*2];
#elif defined(WOLFSSL_CRYPTOCELL)
byte sigRS[ECC_MAX_CRYPTO_HW_SIZE*2];
@@ -5902,7 +5908,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
}
#endif
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* Extract R and S */
err = mp_to_unsigned_bin(r, &sigRS[0]);
if (err != MP_OKAY) {
@@ -6702,7 +6708,8 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
#endif /* HAVE_ECC_KEY_EXPORT */
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
/* is ecc point on curve described by dp ? */
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@@ -6910,14 +6917,14 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
static int ecc_check_privkey_gen_helper(ecc_key* key)
{
int err;
#ifndef WOLFSSL_ATECC508A
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
DECLARE_CURVE_SPECS(curve, 2);
#endif
if (key == NULL)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* Hardware based private key, so this operation is not supported */
err = MP_OKAY; /* just report success */
@@ -7023,7 +7030,8 @@ int wc_ecc_check_key(ecc_key* key)
{
int err;
#ifndef WOLFSSL_SP_MATH
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
mp_int* b = NULL;
#ifdef USE_ECC_B_PARAM
DECLARE_CURVE_SPECS(curve, 4);
@@ -7038,9 +7046,10 @@ int wc_ecc_check_key(ecc_key* key)
if (key == NULL)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_CRYPTOCELL)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL)
err = 0; /* consider key check success on ATECC508A */
err = 0; /* consider key check success on ATECC508/608A */
#else
#ifdef USE_ECC_B_PARAM
@@ -7214,7 +7223,7 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
inLen -= 1;
in += 1;
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* For SECP256R1 only save raw public key for hardware */
if (curve_id == ECC_SECP256R1 && inLen <= sizeof(key->pubkey_raw)) {
#ifdef HAVE_COMP_KEY
@@ -7381,7 +7390,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
(key->type != ECC_PRIVATEKEY && key->type != ECC_PRIVATEKEY_ONLY))
return BAD_FUNC_ARG;
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* Hardware cannot export private portion */
return NOT_COMPILED_IN;
#else
@@ -7459,7 +7468,8 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
int curve_id)
{
int ret;
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_BUILD_TempData_t tempBuff;
#endif
@@ -7490,7 +7500,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
if (ret != 0)
return ret;
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* Hardware does not support loading private keys */
return NOT_COMPILED_IN;
#elif defined(WOLFSSL_CRYPTOCELL)
@@ -7776,7 +7786,8 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
const char* qy, const char* d, int curve_id, int encType)
{
int err = MP_OKAY;
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_BUILD_TempData_t tempBuff;
byte key_raw[ECC_MAX_CRYPTO_HW_SIZE*2 + 1];
@@ -7834,7 +7845,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
if (err == MP_OKAY)
err = mp_set(key->pubkey.z, 1);
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* For SECP256R1 only save raw public key for hardware */
if (err == MP_OKAY && curve_id == ECC_SECP256R1) {
word32 keySz = key->dp->size;
@@ -7877,7 +7888,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
/* import private key */
if (err == MP_OKAY) {
if (d != NULL && d[0] != '\0') {
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* Hardware doesn't support loading private key */
err = NOT_COMPILED_IN;
@@ -10255,7 +10266,8 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
#ifdef HAVE_COMP_KEY
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
#ifndef WOLFSSL_SP_MATH
int do_mp_jacobi(mp_int* a, mp_int* n, int* c);

27
wolfcrypt/src/port/atmel/README.md
View File

@@ -1,13 +1,12 @@
# Microchip/Atmel ATECC508A/ATECC608A Support
Support for ATECC508A using these methods:
* TLS: Using the PK callbacks and reference ATECC508A callbacks. See Coding section below. Requires options `HAVE_PK_CALLBACKS` and `WOLFSSL_ATECC_PKCB or WOLFSSL_ATECC508A`
* wolfCrypt: Native wc_ecc_* API's using the `./configure CFLAGS="-DWOLFSSL_ATECC508A"` or `#define WOLFSSL_ATECC508A`.
wolfSSL includes support for ATECC508A and ATECC608A using these methods:
* TLS: Using the PK callbacks and reference ATECC508/608A callbacks. See Coding section below. Requires options `HAVE_PK_CALLBACKS` and `WOLFSSL_ATECC_PKCB or WOLFSSL_ATECC508A/WOLFSSL_ATECC608A`
* wolfCrypt: Native wc_ecc_* API's using the `./configure CFLAGS="-DWOLFSSL_ATECC608A"`, `#define WOLFSSL_ATECC508A`, or `#define WOLFSSL_ATECC608A`.
## Dependency
Requires the Microchip CryptoAuthLib. The examples in `wolfcrypt/src/port/atmel/atmel.c` make calls to the `atcatls_*` API's.
Requires the Microchip CryptoAuthLib library. The examples in `wolfcrypt/src/port/atmel/atmel.c` make calls to the `atcatls_*` API's.
## Building
@@ -15,7 +14,14 @@ Requires the Microchip CryptoAuthLib. The examples in `wolfcrypt/src/port/atmel/
* `HAVE_PK_CALLBACKS`: Option for enabling wolfSSL's PK callback support for TLS.
* `WOLFSSL_ATECC508A`: Enables support for initializing the CryptoAuthLib and setting up the encryption key used for the I2C communication.
* `WOLFSSL_ATECC608A`: Same as above, but for the ATECC608A module.
* `WOLFSSL_ATECC_PKCB`: Enables support for the reference PK callbacks without init.
* `WOLFSSL_ATECC_RNG`: Enables support for ATECC RNG.
* `WOLFSSL_ATECC_SHA256`: Enables support for ATECC SHA-256.
* `WOLFSSL_ATECC_ECDH_ENC`: Enable use of atcab_ecdh_enc() for encrypted ECDH.
* `WOLFSSL_ATECC_ECDH_IOENC`: Enable use of atcab_ecdh_ioenc() for encrypted ECDH.
* `WOLFSSL_ATECC_TNGTLS`: Enable support for Microchip Trust&GO module configuration.
* `WOLFSSL_ATECC_DEBUG`: Enable wolfSSL ATECC debug messages.
* `WOLFSSL_ATMEL`: Enables ASF hooks seeding random data using the `atmel_get_random_number` function.
* `WOLFSSL_ATMEL_TIME`: Enables the built-in `atmel_get_curr_time_and_date` function get getting time from ASF RTC.
* `ATECC_GET_ENC_KEY`: Macro to define your own function for getting the encryption key.
@@ -30,16 +36,15 @@ Requires the Microchip CryptoAuthLib. The examples in `wolfcrypt/src/port/atmel/
or
`./configure CFLAGS="-DWOLFSSL_ATECC508A"`
`#define WOLFSSL_ATECC508A`
`./configure CFLAGS="-DWOLFSSL_ATECC608A"`
`#define WOLFSSL_ATECC608A`
## Coding
Setup the PK callbacks for TLS using:
```
/* Setup PK Callbacks for ATECC508A */
/* Setup PK Callbacks for ATECC508/608A */
WOLFSSL_CTX* ctx;
wolfSSL_CTX_SetEccKeyGenCb(ctx, atcatls_create_key_cb);
wolfSSL_CTX_SetEccVerifyCb(ctx, atcatls_verify_signature_cb);
@@ -47,7 +52,7 @@ wolfSSL_CTX_SetEccSignCb(ctx, atcatls_sign_certificate_cb);
wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb);
```
The reference ATECC508A PK callback functions are located in the `wolfcrypt/src/port/atmel/atmel.c` file.
The reference ATECC508/608A PK callback functions are located in the `wolfcrypt/src/port/atmel/atmel.c` file.
Adding a custom context to the callbacks:
@@ -91,4 +96,4 @@ ATECC508A HW accelerated implementation:
`EC-DSA verify time 208.400 milliseconds, avg over 5 iterations, 24.038 ops/sec`
For details see our [wolfSSL Atmel ATECC508A](https://wolfssl.com/wolfSSL/wolfssl-atmel.html) page.
For details see our [wolfSSL Atmel ATECC508/608A](https://wolfssl.com/wolfSSL/wolfssl-atmel.html) page.

125
wolfcrypt/src/port/atmel/atmel.c
View File

@@ -25,7 +25,8 @@
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC_PKCB)
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A) || defined(WOLFSSL_ATECC_PKCB)
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
@@ -50,7 +51,7 @@
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#ifdef WOLFSSL_ATECC508A_TLS
extern ATCA_STATUS device_init_default(void);
@@ -68,14 +69,23 @@ static wolfSSL_Mutex mSlotMutex;
/* Raspberry Pi uses /dev/i2c-1 */
#ifndef ATECC_I2C_ADDR
#define ATECC_I2C_ADDR 0xC0
#ifdef WOLFSSL_ATECC_TNGTLS
#define ATECC_I2C_ADDR 0x6A
#else
#define ATECC_I2C_ADDR 0xC0
#endif
#endif
#ifndef ATECC_I2C_BUS
#define ATECC_I2C_BUS 1
#endif
#ifndef ATECC_DEV_TYPE
#define ATECC_DEV_TYPE ATECC508A
#ifdef WOLFSSL_ATECC508A
#define ATECC_DEV_TYPE ATECC508A
#else
#define ATECC_DEV_TYPE ATECC608A
#endif
#endif
static int ateccx08a_cfg_initialized = 0;
static ATCAIfaceCfg cfg_ateccx08a_i2c_pi;
#endif /* WOLFSSL_ATECC508A */
@@ -86,7 +96,7 @@ static ATCAIfaceCfg cfg_ateccx08a_i2c_pi;
int atmel_get_random_number(uint32_t count, uint8_t* rand_out)
{
int ret = 0;
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
uint8_t i = 0;
uint32_t copy_count = 0;
uint8_t rng_buffer[RANDOM_NUM_SIZE];
@@ -161,7 +171,33 @@ long atmel_get_curr_time_and_date(long* tm)
#endif
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
/* Set the ATECC configuration for wolfSSL to use.
*
* Return 0 on success, negative upon error */
int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg)
{
WOLFSSL_MSG("Setting ATECC ATCAIfaceCfg configuration");
if (cfg == NULL) {
return -1;
}
/* copy configuration into our local struct */
XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi));
cfg_ateccx08a_i2c_pi.iface_type = cfg->iface_type;
cfg_ateccx08a_i2c_pi.devtype = cfg->devtype;
cfg_ateccx08a_i2c_pi.atcai2c.slave_address = cfg->atcai2c.slave_address;
cfg_ateccx08a_i2c_pi.atcai2c.bus = cfg->atcai2c.bus;
cfg_ateccx08a_i2c_pi.atcai2c.baud = cfg->atcai2c.baud;
cfg_ateccx08a_i2c_pi.wake_delay = cfg->wake_delay;
cfg_ateccx08a_i2c_pi.rx_retries = cfg->rx_retries;
cfg_ateccx08a_i2c_pi.cfg_data = cfg->cfg_data;
ateccx08a_cfg_initialized = 1;
return 0;
}
int atmel_ecc_translate_err(int status)
{
@@ -173,7 +209,7 @@ int atmel_ecc_translate_err(int status)
case ATCA_ALLOC_FAILURE:
return MEMORY_E;
default:
#ifdef WOLFSSL_ATECC508A_DEBUG
#ifdef WOLFSSL_ATECC_DEBUG
printf("ATECC Failure: %x\n", (word32)status);
#endif
break;
@@ -223,7 +259,12 @@ int atmel_ecc_alloc(int slotType)
break;
case ATMEL_SLOT_ECDHE_ENC:
slotId = ATECC_SLOT_ENC_PARENT;
#ifdef WOLFSSL_ATECC_TNGTLS
/* not reserved in mSlotList, so return */
goto exit;
#else
break;
#endif
case ATMEL_SLOT_ANY:
for (i=0; i < ATECC_MAX_SLOT; i++) {
/* Find free slotId */
@@ -263,7 +304,11 @@ void atmel_ecc_free(int slotId)
mSlotDealloc(slotId);
}
else if (slotId >= 0 && slotId < ATECC_MAX_SLOT) {
if (slotId != ATECC_SLOT_AUTH_PRIV && slotId != ATECC_SLOT_I2C_ENC) {
if (slotId != ATECC_SLOT_AUTH_PRIV && slotId != ATECC_SLOT_I2C_ENC
#ifdef WOLFSSL_ATECC_TNGTLS
&& slotId != ATMEL_SLOT_ECDHE_ENC
#endif
) {
/* Mark slotId free */
mSlotList[slotId] = ATECC_INVALID_SLOT;
}
@@ -298,6 +343,7 @@ static int atmel_init_enc_key(void)
uint8_t writeBlock = 0;
uint8_t writeOffset = 0;
int slotId;
bool isLocked = false;
slotId = atmel_ecc_alloc(ATMEL_SLOT_ENCKEY);
@@ -305,6 +351,15 @@ static int atmel_init_enc_key(void)
if (slotId == ATECC_INVALID_SLOT)
return BAD_FUNC_ARG;
/* skip if slot has already been locked */
ret = atcab_is_slot_locked(slotId, &isLocked);
if (ret != ATCA_SUCCESS) {
return atmel_ecc_translate_err(ret);
} else if (isLocked) {
return 0;
}
/* get encryption key */
ATECC_GET_ENC_KEY(read_key, sizeof(read_key));
@@ -326,7 +381,7 @@ int atmel_get_rev_info(word32* revision)
void atmel_show_rev_info(void)
{
#ifdef WOLFSSL_ATECC508A_DEBUG
#ifdef WOLFSSL_ATECC_DEBUG
word32 revision = 0;
atmel_get_rev_info(&revision);
printf("ATECC508A Revision: %x\n", (word32)revision);
@@ -337,21 +392,33 @@ int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms)
{
int ret;
uint8_t read_key[ATECC_KEY_SIZE];
#ifdef WOLFSSL_ATECC_ECDH_ENC
int slotIdEnc;
slotIdEnc = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_ENC);
if (slotIdEnc == ATECC_INVALID_SLOT)
return BAD_FUNC_ARG;
#endif
/* get encryption key */
ATECC_GET_ENC_KEY(read_key, sizeof(read_key));
#ifdef WOLFSSL_ATECC_ECDH_ENC
/* send the encrypted version of the ECDH command */
ret = atcab_ecdh_enc(slotId, peerKey, pms, read_key, slotIdEnc);
ret = atmel_ecc_translate_err(ret);
#elif defined(WOLFSSL_ATECC_ECDH_IOENC)
/* encrypted ECDH command, using I/O protection key */
ret = atcab_ecdh_ioenc(slotId, peerKey, pms, read_key);
#else
ret = atcab_ecdh(slotId, peerKey, pms);
#endif
ret = atmel_ecc_translate_err(ret);
ForceZero(read_key, sizeof(read_key));
#ifdef WOLFSSL_ATECC_ECDH_ENC
/* free the ECDHE slot */
atmel_ecc_free(slotIdEnc);
#endif
return ret;
}
@@ -398,7 +465,7 @@ int atmel_init(void)
{
int ret = 0;
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
if (!mAtcaInitDone) {
ATCA_STATUS status;
int i;
@@ -409,7 +476,11 @@ int atmel_init(void)
/* Init the free slotId list */
for (i=0; i<ATECC_MAX_SLOT; i++) {
if (i == ATECC_SLOT_AUTH_PRIV || i == ATECC_SLOT_I2C_ENC) {
if (i == ATECC_SLOT_AUTH_PRIV || i == ATECC_SLOT_I2C_ENC
#ifdef WOLFSSL_ATECC_TNGTLS
|| i == ATECC_SLOT_ENC_PARENT
#endif
) {
mSlotList[i] = i;
}
else {
@@ -418,15 +489,17 @@ int atmel_init(void)
}
}
/* Setup the hardware interface */
XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi));
cfg_ateccx08a_i2c_pi.iface_type = ATCA_I2C_IFACE;
cfg_ateccx08a_i2c_pi.devtype = ATECC_DEV_TYPE;
cfg_ateccx08a_i2c_pi.atcai2c.slave_address = ATECC_I2C_ADDR;
cfg_ateccx08a_i2c_pi.atcai2c.bus = ATECC_I2C_BUS;
cfg_ateccx08a_i2c_pi.atcai2c.baud = 400000;
cfg_ateccx08a_i2c_pi.wake_delay = 1500;
cfg_ateccx08a_i2c_pi.rx_retries = 20;
if (ateccx08a_cfg_initialized == 0) {
/* Setup the hardware interface using defaults */
XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi));
cfg_ateccx08a_i2c_pi.iface_type = ATCA_I2C_IFACE;
cfg_ateccx08a_i2c_pi.devtype = ATECC_DEV_TYPE;
cfg_ateccx08a_i2c_pi.atcai2c.slave_address = ATECC_I2C_ADDR;
cfg_ateccx08a_i2c_pi.atcai2c.bus = ATECC_I2C_BUS;
cfg_ateccx08a_i2c_pi.atcai2c.baud = 400000;
cfg_ateccx08a_i2c_pi.wake_delay = 1500;
cfg_ateccx08a_i2c_pi.rx_retries = 20;
}
/* Initialize the CryptoAuthLib to communicate with ATECC508A */
status = atcab_init(&cfg_ateccx08a_i2c_pi);
@@ -460,7 +533,7 @@ int atmel_init(void)
void atmel_finish(void)
{
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
if (mAtcaInitDone) {
atcab_release();
@@ -511,7 +584,7 @@ int atcatls_create_key_cb(WOLFSSL* ssl, ecc_key* key, unsigned int keySz,
}
else {
atmel_ecc_free(slotId);
#ifdef WOLFSSL_ATECC508A_DEBUG
#ifdef WOLFSSL_ATECC_DEBUG
printf("atcatls_create_key_cb: ret %d\n", ret);
#endif
}
@@ -665,7 +738,7 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
exit:
wc_ecc_free(&tmpKey);
#ifdef WOLFSSL_ATECC508A_DEBUG
#ifdef WOLFSSL_ATECC_DEBUG
if (ret != 0) {
printf("atcab_ecdh_enc: ret %d\n", ret);
}
@@ -723,7 +796,7 @@ exit:
atmel_ecc_free(slotId);
#ifdef WOLFSSL_ATECC508A_DEBUG
#ifdef WOLFSSL_ATECC_DEBUG
if (ret != 0) {
printf("atcatls_sign_certificate_cb: ret %d\n", ret);
}
@@ -810,7 +883,7 @@ int atcatls_verify_signature_cb(WOLFSSL* ssl, const byte* sig, unsigned int sigS
exit:
#ifdef WOLFSSL_ATECC508A_DEBUG
#ifdef WOLFSSL_ATECC_DEBUG
if (ret != 0) {
printf("atcatls_verify_signature_cb: ret %d\n", ret);
}

35
wolfcrypt/src/random.c
View File

@@ -1607,6 +1607,24 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif (defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC_RNG)) && \
!defined(WOLFSSL_PIC32MZ_RNG)
/* enable ATECC RNG unless using PIC32MZ one instead */
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
(void)os;
if (output == NULL) {
return BUFFER_E;
}
ret = atmel_get_random_number(sz, output);
return ret;
}
#elif defined(MICROCHIP_PIC32)
@@ -2116,23 +2134,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_ATMEL)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
(void)os;
if (output == NULL) {
return BUFFER_E;
}
ret = atmel_get_random_number(sz, output);
return ret;
}
#elif defined(INTIME_RTOS)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{

6
wolfcrypt/src/wc_port.c
View File

@@ -46,7 +46,8 @@
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#endif
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A)
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif
#if defined(WOLFSSL_RENESAS_TSIP)
@@ -180,7 +181,8 @@ int wolfCrypt_Init(void)
}
#endif
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A)
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A)
ret = atmel_init();
if (ret != 0) {
WOLFSSL_MSG("CryptoAuthLib init failed");