From 8ea5235ba8b02e48aba5b0f269ca69add6288175 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Thu, 22 Jan 2026 21:56:52 +0100 Subject: [PATCH] [TA-100] Fixed ECC384. Adding RSA. --- wolfcrypt/src/ecc.c | 72 +++++++++-- wolfcrypt/src/port/atmel/atmel.c | 174 ++++++++++++++++++++++++++- wolfcrypt/src/rsa.c | 30 +++-- wolfcrypt/src/signature.c | 8 ++ wolfcrypt/test/test.c | 27 +++++ wolfssl/wolfcrypt/ecc.h | 7 +- wolfssl/wolfcrypt/port/atmel/atmel.h | 8 ++ 7 files changed, 307 insertions(+), 19 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 97b064cd25..80f4ee85fc 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4748,7 +4748,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(WOLFSSL_MICROCHIP_TA100) /* For SECP256R1 use hardware */ - if (private_key->dp->id == ECC_SECP256R1) { + if (private_key->dp->id == ECC_SECP256R1 && + private_key->slot != ATECC_INVALID_SLOT) { err = atmel_ecc_create_pms(private_key->slot, public_key->pubkey_raw, out); *outlen = private_key->dp->size; } @@ -5659,6 +5660,21 @@ int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng) return err; } +#if defined(WOLFSSL_MICROCHIP_TA100) +static WC_INLINE int ta100_curve_id_for_key(const ecc_key* key) +{ + if (key != NULL && key->dp != NULL) { + switch (key->dp->size) { + case 28: return ECC_SECP224R1; + case 32: return ECC_SECP256R1; + case 48: return ECC_SECP384R1; + default: return key->dp->id; + } + } + return ECC_CURVE_DEF; +} +#endif + static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id, int flags) @@ -5755,12 +5771,17 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, key->dp->id == ECC_SECP256K1 || key->dp->id == ECC_BRAINPOOLP256R1) { /* supports more than ECC256R1 curve */ #else - if (key->dp->id == ECC_SECP256R1) { + if (key->dp->id == ECC_SECP256R1 || + key->dp->id == ECC_SECP224R1 || + key->dp->id == ECC_SECP384R1 || + key->dp->id == ECC_SECP256K1 || + key->dp->id == ECC_BRAINPOOLP256R1) { #endif key->type = ECC_PRIVATEKEY; if (key->slot == ATECC_INVALID_SLOT) key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE); - err = atmel_ecc_create_key(key->slot, curve_id, key->pubkey_raw); + err = atmel_ecc_create_key(key->slot, ta100_curve_id_for_key(key), + key->pubkey_raw); /* populate key->pubkey */ if (err == 0 @@ -5769,7 +5790,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #endif ) { err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw, - ECC_MAX_CRYPTO_HW_SIZE); + (word32)key->dp->size); } if (err == 0 #ifdef ALT_ECC_SIZE @@ -5777,8 +5798,8 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #endif ) { err = mp_read_unsigned_bin(key->pubkey.y, - key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE, - ECC_MAX_CRYPTO_HW_SIZE); + key->pubkey_raw + key->dp->size, + (word32)key->dp->size); } } else { @@ -6259,6 +6280,14 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(WOLFSSL_MICROCHIP_TA100) key->slot = ATECC_INVALID_SLOT; +#ifdef WOLFSSL_MICROCHIP_TA100 + /* TA100 needs pubkey initialized to populate after genkey */ + ret = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, + NULL, NULL, NULL); + if (ret != MP_OKAY) { + return MEMORY_E; + } +#endif #else #if defined(WOLFSSL_KCAPI_ECC) key->handle = NULL; @@ -6500,9 +6529,22 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(WOLFSSL_MICROCHIP_TA100) +#if defined(WOLFSSL_MICROCHIP_TA100) + if (ta100_curve_id_for_key(key) == ECC_SECP256R1) { + (void)inlen; + /* Sign: Result is 32-bytes of R then 32-bytes of S */ + err = atmel_ecc_sign(key->slot, in, out); + } + else { + /* Sign: Result is raw R||S */ + err = atmel_ecc_sign_ex(key->slot, ta100_curve_id_for_key(key), + in, inlen, out); + } +#else (void)inlen; /* Sign: Result is 32-bytes of R then 32-bytes of S */ err = atmel_ecc_sign(key->slot, in, out); +#endif if (err != 0) { return err; @@ -9400,8 +9442,22 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, } #endif /* WOLFSSL_SE050 */ -#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ - defined(WOLFSSL_MICROCHIP_TA100) +#if defined(WOLFSSL_MICROCHIP_TA100) + if (ta100_curve_id_for_key(key) == ECC_SECP256R1) { + err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res); + if (err != 0) { + return err; + } + (void)hashlen; + } + else { + err = atmel_ecc_verify_ex(hash, hashlen, sigRS, key->pubkey_raw, + keySz * 2, ta100_curve_id_for_key(key), res); + if (err != 0) { + return err; + } + } +#elif defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res); if (err != 0) { return err; diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index b6de7b32a8..1e480c6f87 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -655,6 +655,21 @@ static uint8_t getCurveType(int curve_id) } } #endif /* WOLFSSL_MICROCHIP_TA100 */ + +#ifdef WOLFSSL_MICROCHIP_TA100 +static int getCurveSizeBytes(int curve_id) +{ + switch (curve_id) { + case ECC_SECP224R1: return 28; + case ECC_SECP256R1: return 32; + case ECC_SECP384R1: return 48; + case ECC_SECP256K1: return 32; + case ECC_BRAINPOOLP256R1: return 32; + case ECC_CURVE_DEF: return 32; + default: return -1; + } +} +#endif /* WOLFSSL_MICROCHIP_TA100 */ int atmel_ecc_create_key(int slotId, int curve_id, byte* peerKey) { int ret; @@ -672,9 +687,55 @@ int atmel_ecc_create_key(int slotId, int curve_id, byte* peerKey) #endif /* generate new ephemeral key on device */ +#ifdef WOLFSSL_MICROCHIP_TA100 + #if defined(TA100_ECC_TRACE) + printf("[TA100] atmel_ecc_create_key: slot=%d curve_id=%d curve_size=%d curve_type=%d\r\n", + slotId, curve_id, getCurveSizeBytes(curve_id), getCurveType(curve_id)); +#endif + { + ATCA_STATUS status; + ta_element_attributes_t key_attr; + uint8_t is_valid = 0; + int curve_size = getCurveSizeBytes(curve_id); + int curve_type = getCurveType(curve_id); + size_t pubkey_len = (size_t)(curve_size * 2); + + if (curve_size <= 0 || curve_type == MICROCHIP_INVALID_ECC) + return NOT_COMPILED_IN; + + status = talib_is_handle_valid(atcab_get_device(), + (uint32_t)MAP_TO_HANDLE(slotId), &is_valid); + if (status == ATCA_SUCCESS && is_valid == 0x01) { + status = talib_delete_handle(atcab_get_device(), + (uint32_t)MAP_TO_HANDLE(slotId)); + } + if (status != ATCA_SUCCESS) + return atmel_ecc_translate_err(status); + + status = talib_handle_init_private_key(&key_attr, + (uint8_t)curve_type, TA_ALG_MODE_ECC_ECDSA, + TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_KEY_AGREEMENT_OUT_BUFF); + if (status != ATCA_SUCCESS) + return atmel_ecc_translate_err(status); + + ta100_fix_property_endian(&key_attr); + status = talib_create_element_with_handle(atcab_get_device(), + (uint32_t)MAP_TO_HANDLE(slotId), &key_attr); + if (status != ATCA_SUCCESS) + return atmel_ecc_translate_err(status); + + status = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY, + (uint32_t)MAP_TO_HANDLE(slotId), peerKey, &pubkey_len); + #if defined(TA100_ECC_TRACE) + printf("[TA100] atmel_ecc_create_key: genkey status=%d pubkey_len=%u\r\n", + status, (unsigned)pubkey_len); +#endif + return atmel_ecc_translate_err(status); + } +#endif + ret = atcab_genkey(MAP_TO_HANDLE(slotId), peerKey); - ret = atmel_ecc_translate_err(ret); - return ret; + return atmel_ecc_translate_err(ret); } int atmel_ecc_sign(int slotId, const byte* message, byte* signature) @@ -709,6 +770,111 @@ int atmel_ecc_verify(const byte* message, const byte* signature, return ret; } +#ifdef WOLFSSL_MICROCHIP_TA100 +int atmel_ecc_sign_ex(int slotId, int curve_id, const byte* message, + word32 message_len, byte* signature) +{ + int ret; + int curve_size = getCurveSizeBytes(curve_id); + int curve_type = getCurveType(curve_id); + uint16_t sign_size; + const byte* msg = message; + uint16_t msg_len; + byte tmp_msg[TA_SIGN_P384_MSG_SIZE]; + byte tmp_sig[TA_SIGN_P384_SIG_SIZE]; + + if (curve_size <= 0 || curve_type == MICROCHIP_INVALID_ECC) + return NOT_COMPILED_IN; + + sign_size = (uint16_t)(curve_size * 2); + if (sign_size > sizeof(tmp_sig)) + return BAD_FUNC_ARG; + msg_len = (uint16_t)message_len; + if (msg_len != (uint16_t)curve_size) { + if (msg_len > (uint16_t)curve_size) { + msg_len = (uint16_t)curve_size; + } else { + XMEMSET(tmp_msg, 0, (word32)curve_size); + XMEMCPY(tmp_msg + (curve_size - msg_len), message, msg_len); + msg = tmp_msg; + msg_len = (uint16_t)curve_size; + } + } + #if defined(TA100_ECC_TRACE) + printf("[TA100] atmel_ecc_sign_ex: curve_size=%d msg_len=%u\r\n", + curve_size, (unsigned)msg_len); + #endif + ret = talib_sign_external(atcab_get_device(), (uint8_t)curve_type, + MAP_TO_HANDLE(slotId), TA_HANDLE_INPUT_BUFFER, msg, + msg_len, tmp_sig, &sign_size); + + if (ret != ATCA_SUCCESS) + return atmel_ecc_translate_err(ret); + + /* Always return raw R||S, each padded to curve size */ + XMEMSET(signature, 0, (word32)(curve_size * 2)); + if (sign_size == (uint16_t)(curve_size * 2)) { + XMEMCPY(signature, tmp_sig, sign_size); + } + else if ((sign_size % 2) == 0 && sign_size < (uint16_t)(curve_size * 2)) { + uint16_t half = (uint16_t)(sign_size / 2); + if (half > (uint16_t)curve_size) + return BAD_FUNC_ARG; + XMEMCPY(signature + (curve_size - half), tmp_sig, half); + XMEMCPY(signature + curve_size + (curve_size - half), + tmp_sig + half, half); + } + else { + return ASN_PARSE_E; + } + + return 0; +} + +int atmel_ecc_verify_ex(const byte* message, word32 message_len, + const byte* signature, const byte* pubkey, word32 pubkey_len, + int curve_id, int* pVerified) +{ + int ret; + int curve_size = getCurveSizeBytes(curve_id); + int curve_type = getCurveType(curve_id); + uint16_t sig_len; + const byte* msg = message; + uint16_t msg_len; + byte tmp_msg[TA_VERIFY_P384_MSG_SIZE]; + bool verified = false; + + if (curve_size <= 0 || curve_type == MICROCHIP_INVALID_ECC) + return NOT_COMPILED_IN; + + sig_len = (uint16_t)(curve_size * 2); + msg_len = (uint16_t)message_len; + if (msg_len != (uint16_t)curve_size) { + if (msg_len > (uint16_t)curve_size) { + msg_len = (uint16_t)curve_size; + } else { + XMEMSET(tmp_msg, 0, (word32)curve_size); + XMEMCPY(tmp_msg + (curve_size - msg_len), message, msg_len); + msg = tmp_msg; + msg_len = (uint16_t)curve_size; + } + } + #if defined(TA100_ECC_TRACE) + printf("[TA100] atmel_ecc_verify_ex: curve_size=%d msg_len=%u\r\n", + curve_size, (unsigned)msg_len); + #endif + ret = talib_verify(atcab_get_device(), (uint8_t)curve_type, + TA_HANDLE_INPUT_BUFFER, TA_HANDLE_INPUT_BUFFER, signature, sig_len, + msg, msg_len, pubkey, (uint16_t)pubkey_len, + &verified); + + ret = atmel_ecc_translate_err(ret); + if (pVerified) + *pVerified = (int)verified; + return ret; +} +#endif /* WOLFSSL_MICROCHIP_TA100 */ + #endif /* HAVE_ECC */ #endif /* WOLFSSL_ATECC508A || WOLFSSL_ATECC608A || WOLFSSL_MICROCHIP_TA100 */ @@ -1355,7 +1521,11 @@ int atcatls_sign_certificate_cb(WOLFSSL* ssl, const byte* in, unsigned int inSz, return WC_HW_WAIT_E; /* We can only sign with P-256 */ +#ifdef WOLFSSL_MICROCHIP_TA100 + ret = atmel_ecc_sign_ex(slotId, ECC_SECP256R1, in, inSz, sigRs); +#else ret = atmel_ecc_sign(MAP_TO_HANDLE(slotId), in, sigRs); +#endif if (ret != ATCA_SUCCESS) { ret = WC_HW_E; goto exit; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index c6223cdfa1..04f93b6c6a 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3647,12 +3647,17 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, #elif defined(WOLFSSL_MICROCHIP_TA100) if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) { - - return wc_Microchip_rsa_encrypt(in, inLen, out, outLen, key); + if (key->uKeyH != 0) { + return wc_Microchip_rsa_encrypt(in, inLen, out, outLen, key); + } + return WC_HW_E; } else if (rsa_type == RSA_PRIVATE_ENCRYPT && pad_value == RSA_BLOCK_TYPE_1) { - return wc_Microchip_rsa_sign(in, inLen, out, outLen, key); + if (key->rKeyH != 0) { + return wc_Microchip_rsa_sign(in, inLen, out, outLen, key); + } + return WC_HW_E; } #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) { @@ -3824,13 +3829,18 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, #elif defined(WOLFSSL_MICROCHIP_TA100) if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) { - - return wc_Microchip_rsa_decrypt(in, inLen, out, outLen, key); + if (key->rKeyH != 0) { + return wc_Microchip_rsa_decrypt(in, inLen, out, outLen, key); + } + return WC_HW_E; } else if (rsa_type == RSA_PUBLIC_DECRYPT && pad_value == RSA_BLOCK_TYPE_1) { - int tmp; - return wc_Microchip_rsa_verify(in, inLen, out, outLen, key, &tmp); + if (key->uKeyH != 0) { + int tmp; + return wc_Microchip_rsa_verify(in, inLen, out, outLen, key, &tmp); + } + return WC_HW_E; } #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) { @@ -4689,6 +4699,12 @@ int wc_RsaEncryptSize(const RsaKey* key) ret = mp_unsigned_bin_size(&key->n); +#if defined(WOLFSSL_MICROCHIP_TA100) + if (ret == 0 && (key->rKeyH != 0 || key->uKeyH != 0)) { + ret = 2048 / 8; + } +#endif + #ifdef WOLF_CRYPTO_CB if (ret == 0 && key->devId != INVALID_DEVID) { if (wc_CryptoCb_RsaGetSize(key, &ret) == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index 5218760b79..419a0b59ec 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -124,6 +124,14 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type, sig_len = wc_RsaEncryptSize((RsaKey*)(wc_ptr_t)key); #else sig_len = wc_RsaEncryptSize((const RsaKey*)key); +#if defined(WOLFSSL_MICROCHIP_TA100) + if (sig_len <= 0) { + const RsaKey* r = (const RsaKey*)key; + /* TA100 handles imply a 2048-bit RSA key. */ + if (r->rKeyH != 0 || r->uKeyH != 0) { + sig_len = 256; + } + } #endif } else { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 13cee878f1..62fa10325a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -24174,8 +24174,13 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG #if defined(WOLF_CRYPTO_CB_ONLY_RSA) if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) #else + #if defined(WOLFSSL_MICROCHIP_TA100) + if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E) && + ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + #else if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E)) #endif + #endif #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING) /* FIPS140 implementation does not do blinding */ if (ret != 0) @@ -24184,6 +24189,9 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG #elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050) /* RNG is handled by hardware */ if (ret != 0) +#elif defined(WOLFSSL_MICROCHIP_TA100) + /* TA100 path doesn't require RNG, but may report BAD_FUNC_ARG on NULL RNG. */ + if (ret != 0 && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) #else if (ret != WC_NO_ERR_TRACE(MISSING_RNG_E)) #endif @@ -26713,6 +26721,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif +#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_MICROCHIP_TA100) + /* Use TA100-generated key handles for RSA HW tests. */ + wc_FreeRsaKey(key); + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + ret = wc_MakeRsaKey(key, 2048, WC_RSA_EXPONENT, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#ifndef NO_SIG_WRAPPER + modLen = wc_RsaEncryptSize(key); +#if defined(WOLFSSL_MICROCHIP_TA100) + if (modLen <= 0 && (key->rKeyH != 0 || key->uKeyH != 0)) { + modLen = 256; + } +#endif +#endif +#endif /* WOLFSSL_KEY_GEN && WOLFSSL_MICROCHIP_TA100 */ + #ifndef NO_SIG_WRAPPER #ifndef NO_SHA256 ret = rsa_sig_test(key, sizeof *key, modLen, &rng); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 2e18b74777..bfb4ba8679 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -166,8 +166,11 @@ enum { ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ), /* max crypto hardware size */ -#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ - defined(WOLFSSL_MICROCHIP_TA100) +#if defined(WOLFSSL_MICROCHIP_TA100) + /* TA100 supports up to P-384 */ + ECC_MAX_CRYPTO_HW_SIZE = 48, + ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ECC_MAX_CRYPTO_HW_SIZE*2), +#elif defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), #elif defined(PLUTON_CRYPTO_ECC) diff --git a/wolfssl/wolfcrypt/port/atmel/atmel.h b/wolfssl/wolfcrypt/port/atmel/atmel.h index aa06560e8a..54f0445db8 100644 --- a/wolfssl/wolfcrypt/port/atmel/atmel.h +++ b/wolfssl/wolfcrypt/port/atmel/atmel.h @@ -137,6 +137,13 @@ int atmel_ecc_create_key(int slotId, int curve_id, byte* peerKey); int atmel_ecc_sign(int slotId, const byte* message, byte* signature); int atmel_ecc_verify(const byte* message, const byte* signature, const byte* pubkey, int* pVerified); +#if defined(WOLFSSL_MICROCHIP_TA100) +int atmel_ecc_sign_ex(int slotId, int curve_id, const byte* message, + word32 message_len, byte* signature); +int atmel_ecc_verify_ex(const byte* message, word32 message_len, + const byte* signature, const byte* pubkey, word32 pubkey_len, + int curve_id, int* pVerified); +#endif #endif /* HAVE_ECC */ #endif /* WOLFSSL_ATECC508A */ @@ -162,6 +169,7 @@ WOLFSSL_LOCAL int wc_Microchip_aes_set_key(Aes* aes, const byte* key, WOLFSSL_LOCAL void wc_Microchip_aes_free(Aes* aes); #endif /* !NO_AES && HAVE_AESGCM */ #ifndef NO_RSA +typedef struct RsaKey RsaKey; WOLFSSL_LOCAL int wc_Microchip_rsa_create_key(RsaKey* key, int size, long e); WOLFSSL_LOCAL void wc_Microchip_rsa_free(RsaKey* key); WOLFSSL_LOCAL int wc_Microchip_rsa_sign(const byte* in, word32 inLen, byte* out,