wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.

Browse Source
This commit is contained in:
David Garske
2018-09-26 14:16:32 -07:00
parent d67cb9e875
commit bb737ec99d
5 changed files with 351 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
configure.ac
View File

@ -788,18 +788,43 @@ fi
AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes" ])
AC_ARG_ENABLE([cryptoauthlib],
[AS_HELP_STRING([--enable-cryptoauthlib],[Enable CryptoAuthLib (default: disabled)])],
[ ENABLED_CRYPTOAUTHLIB=$enableval ],
[ ENABLED_CRYPTOAUTHLIB=no ]
)
# Microchip/Atmel CryptoAuthLib
ENABLED_CRYPTOAUTHLIB="no"
trylibatcadir=""
AC_ARG_WITH([cryptoauthlib],
[AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])],
[
AC_MSG_CHECKING([for cryptoauthlib])
CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A"
LIBS="$LIBS -lcryptoauth"
if test "$ENABLED_CRYPTOAUTHLIB" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
fi
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB], [ test "x$ENABLED_CRYPTOAUTHLIB" = "xyes" ])
if test "x$libatca_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
trylibatcadir=$withval
fi
if test "x$withval" == "xyes" ; then
trylibatcadir="/usr"
fi
LDFLAGS="$LDFLAGS -L$trylibatcadir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
if test "x$libatca_linked" == "xno" ; then
AC_MSG_ERROR([cryptoauthlib isn't found.
If it's already installed, specify its path using --with-cryptoauthlib=/dir/])
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
ENABLED_CRYPTOAUTHLIB="yes"
]
)
AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB], [test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])
# sniffer doesn't work in maxstrength mode
@ -3542,7 +3567,7 @@ AC_ARG_WITH([libz],
trylibzdir="/usr"
fi
AM_LDFLAGS="$AM_LDFLAGS -L$trylibzdir/lib"
LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])

35
wolfcrypt/src/ecc.c
View File

@ -3383,10 +3383,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
#ifdef WOLFSSL_ATECC508A
/* For SECP256R1 use hardware */
if (private_key->dp->id == ECC_SECP256R1) {
err = atcatls_ecdh(private_key->slot, public_key->pubkey_raw, out);
if (err != ATCA_SUCCESS) {
err = BAD_COND_E;
}
err = atmel_ecc_create_pms(private_key->slot, public_key->pubkey_raw, out);
*outlen = private_key->dp->size;
}
else {
@ -3942,10 +3939,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
#ifdef WOLFSSL_ATECC508A
key->type = ECC_PRIVATEKEY;
err = atcatls_create_key(key->slot, key->pubkey_raw);
if (err != ATCA_SUCCESS) {
err = BAD_COND_E;
}
err = atmel_ecc_create_key(key->slot, key->pubkey_raw);
/* populate key->pubkey */
err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw,
@ -4101,10 +4095,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
#endif
#ifdef WOLFSSL_ATECC508A
key->slot = atmel_ecc_alloc(ATMEL_SLOT_ANY);
if (key->slot == ATECC_INVALID_SLOT) {
return ECC_BAD_ARG_E;
}
key->slot = -1;
#else
#ifdef ALT_ECC_SIZE
key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
@ -4199,10 +4190,15 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
}
#if defined(WOLFSSL_ATECC508A)
key->slot = atmel_ecc_alloc(ATMEL_SLOT_DEVICE);
if (key->slot == ATECC_INVALID_SLOT) {
return ECC_BAD_ARG_E;
}
/* Sign: Result is 32-bytes of R then 32-bytes of S */
err = atcatls_sign(key->slot, in, out);
if (err != ATCA_SUCCESS) {
return BAD_COND_E;
err = atmel_ecc_sign(key->slot, in, out);
if (err != 0) {
return err;
}
#elif defined(PLUTON_CRYPTO_ECC)
{
@ -5280,9 +5276,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
return err;
}
err = atcatls_verify(hash, sigRS, key->pubkey_raw, (bool*)res);
if (err != ATCA_SUCCESS) {
return BAD_COND_E;
err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res);
if (err != 0) {
return err;
}
(void)hashlen;
@ -6151,9 +6147,6 @@ int wc_ecc_check_key(ecc_key* key)
#ifdef WOLFSSL_ATECC508A
if (key->slot == ATECC_INVALID_SLOT)
return ECC_BAD_ARG_E;
err = 0; /* consider key check success on ATECC508A */
#else

395
wolfcrypt/src/port/atmel/atmel.c
View File

@ -50,30 +50,18 @@
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
static int mAtcaInitDone = 0;
#ifdef WOLFSSL_ATECC508A
/* Free slot handling */
static int mAtcaInitDone = 0;
/* ATECC slotId handling */
static atmel_slot_alloc_cb mSlotAlloc;
static atmel_slot_dealloc_cb mSlotDealloc;
static int mSlotList[ATECC_MAX_SLOT+1];
#ifndef ATECC_SLOT_I2C_ENC
#define ATECC_SLOT_I2C_ENC 0x04 /* Slot holding symmetric encryption key */
static byte mSlotList[ATECC_MAX_SLOT];
#ifndef SINGLE_THREADED
static wolfSSL_Mutex mSlotMutex;
#endif
/**
* \brief Structure to contain certificate information.
*/
t_atcert atcert = {
.signer_ca_size = 512,
.signer_ca = { 0 },
.signer_ca_pubkey = { 0 },
.end_user_size = 512,
.end_user = { 0 },
.end_user_pubkey = { 0 }
};
#endif /* WOLFSSL_ATECC508A */
@ -92,10 +80,9 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out)
return -1;
}
while(i < count) {
ret = atcatls_random(rng_buffer);
if (ret != 0) {
while (i < count) {
ret = atcab_random(rng_buffer);
if (ret != ATCA_SUCCESS) {
WOLFSSL_MSG("Failed to create random number!");
return -1;
}
@ -157,171 +144,290 @@ long atmel_get_curr_time_and_date(long* tm)
#ifdef WOLFSSL_ATECC508A
/* Function to set the slot allocator and deallocator */
int atmel_ecc_translate_err(int status)
{
switch (status) {
case ATCA_SUCCESS:
return 0;
case ATCA_BAD_PARAM:
return BAD_FUNC_ARG;
case ATCA_ALLOC_FAILURE:
return MEMORY_E;
default:
#ifdef WOLFSSL_ATECC508A_DEBUG
printf("ATECC Failure: %x\n", (word32)status);
#endif
break;
}
return WC_HW_E;
}
/* Function to set the slotId allocator and deallocator */
int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
atmel_slot_dealloc_cb dealloc)
{
#ifndef SINGLE_THREADED
wc_LockMutex(&mSlotMutex);
#endif
mSlotAlloc = alloc;
mSlotDealloc = dealloc;
#ifndef SINGLE_THREADED
wc_UnLockMutex(&mSlotMutex);
#endif
return 0;
}
/* Function to allocate new slot number */
/* Function to allocate new slotId number */
int atmel_ecc_alloc(int slotType)
{
int slot = ATECC_INVALID_SLOT;
int slotId = ATECC_INVALID_SLOT, i;
#ifndef SINGLE_THREADED
wc_LockMutex(&mSlotMutex);
#endif
if (mSlotAlloc) {
slot = mSlotAlloc(slotType);
slotId = mSlotAlloc(slotType);
}
else {
int i;
if (slotType == ATMEL_SLOT_ENCKEY) {
return ATECC_SLOT_I2C_ENC;
}
for (i=0; i <= ATECC_MAX_SLOT; i++) {
/* Find free slot */
if (mSlotList[i] == ATECC_INVALID_SLOT) {
mSlotList[i] = i;
slot = i;
switch (slotType) {
case ATMEL_SLOT_ENCKEY:
/* not reserved in mSlotList, so return */
slotId = ATECC_SLOT_I2C_ENC;
goto exit;
case ATMEL_SLOT_DEVICE:
/* not reserved in mSlotList, so return */
slotId = ATECC_SLOT_AUTH_PRIV;
goto exit;
case ATMEL_SLOT_ECDHE:
slotId = ATECC_SLOT_ECDHE_PRIV;
break;
case ATMEL_SLOT_ECDHE_ENC:
slotId = ATECC_SLOT_ENC_PARENT;
break;
case ATMEL_SLOT_ANY:
for (i=0; i < ATECC_MAX_SLOT; i++) {
/* Find free slotId */
if (mSlotList[i] == ATECC_INVALID_SLOT) {
slotId = i;
break;
}
}
break;
}
}
}
return slot;
}
/* Function to return slot number to available list */
void atmel_ecc_free(int slot)
{
if (mSlotDealloc) {
mSlotDealloc(slot);
}
else if (slot >= 0 && slot <= ATECC_MAX_SLOT) {
/* Mark slot free */
mSlotList[slot] = ATECC_INVALID_SLOT;
}
}
/* The macros ATECC_GET_ENC_KEY can be set to override the default
encryption key with your own at build-time */
#ifndef ATECC_GET_ENC_KEY
#define ATECC_GET_ENC_KEY atmel_get_enc_key
/**
* \brief Callback function for getting the current encryption key
*/
static ATCA_STATUS atmel_get_enc_key(uint8_t* enckey, int16_t keysize)
{
if (enckey == NULL || keysize != ATECC_KEY_SIZE) {
return ATCA_BAD_PARAM;
}
XMEMSET(enckey, 0xFF, keysize); /* use default value */
return ATCA_SUCCESS;
/* is slot available */
if (mSlotList[slotId] != ATECC_INVALID_SLOT) {
slotId = ATECC_INVALID_SLOT;
}
else {
mSlotList[slotId] = slotId;
}
}
exit:
#ifndef SINGLE_THREADED
wc_UnLockMutex(&mSlotMutex);
#endif
return slotId;
}
/* Function to return slotId number to available list */
void atmel_ecc_free(int slotId)
{
#ifndef SINGLE_THREADED
wc_LockMutex(&mSlotMutex);
#endif
if (mSlotDealloc) {
mSlotDealloc(slotId);
}
else if (slotId >= 0 && slotId < ATECC_MAX_SLOT) {
if (slotId != ATECC_SLOT_AUTH_PRIV && slotId != ATECC_SLOT_I2C_ENC) {
/* Mark slotId free */
mSlotList[slotId] = ATECC_INVALID_SLOT;
}
}
#ifndef SINGLE_THREADED
wc_UnLockMutex(&mSlotMutex);
#endif
}
/**
* \brief Callback function for getting the current encryption key
*/
int atmel_get_enc_key_default(byte* enckey, word16 keysize)
{
if (enckey == NULL || keysize != ATECC_KEY_SIZE) {
return BAD_FUNC_ARG;
}
XMEMSET(enckey, 0xFF, keysize); /* use default value */
return 0;
}
/**
* \brief Write enc key before.
*/
static int atmel_init_enc_key(void)
{
uint8_t ret = 0;
int ret;
uint8_t read_key[ATECC_KEY_SIZE];
int slot = atmel_ecc_alloc(ATMEL_SLOT_ENCKEY);
uint8_t writeBlock = 0;
uint8_t writeOffset = 0;
int slotId;
/* check for encryption key slot */
if (slot == ATECC_INVALID_SLOT)
return -1;
slotId = atmel_ecc_alloc(ATMEL_SLOT_ENCKEY);
/* check for encryption key slotId */
if (slotId == ATECC_INVALID_SLOT)
return BAD_FUNC_ARG;
/* get encryption key */
ATECC_GET_ENC_KEY(read_key, sizeof(read_key));
ret = atcatls_set_enckey(read_key, slot, 0);
ForceZero(read_key, sizeof(read_key));
if (ret != ATCA_SUCCESS) {
WOLFSSL_MSG("Failed to write key");
return -1;
}
ret = atcatlsfn_set_get_enckey(ATECC_GET_ENC_KEY);
if (ret != ATCA_SUCCESS) {
WOLFSSL_MSG("Failed to set enckey cb");
return -1;
}
ret = atcab_write_zone(ATCA_ZONE_DATA, slotId, writeBlock, writeOffset,
read_key, ATCA_BLOCK_SIZE);
ForceZero(read_key, sizeof(read_key));
ret = atmel_ecc_translate_err(ret);
return ret;
}
static void atmel_show_rev_info(void)
int atmel_get_rev_info(byte* revision)
{
int ret;
ret = atcab_info((uint8_t*)revision);
ret = atmel_ecc_translate_err(ret);
return ret;
}
void atmel_show_rev_info(void)
{
#ifdef WOLFSSL_ATECC508A_DEBUG
uint32_t revision = 0;
atcab_info((uint8_t*)&revision);
printf("ATECC508A Revision: %x\n", (unsigned int)revision);
byte revision = 0;
atmel_get_rev_info(&revision);
printf("ATECC508A Revision: %x\n", (word32)revision);
#endif
}
int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms)
{
int ret;
uint8_t read_key[ATECC_KEY_SIZE];
int slotIdEnc;
slotIdEnc = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_ENC);
if (slotIdEnc != ATECC_INVALID_SLOT)
return BAD_FUNC_ARG;
/* get encryption key */
ATECC_GET_ENC_KEY(read_key, sizeof(read_key));
/* send the encrypted version of the ECDH command */
ret = atcab_ecdh_enc(slotId, peerKey, pms, read_key, slotIdEnc);
ret = atmel_ecc_translate_err(ret);
return ret;
}
int atmel_ecc_create_key(int slotId, byte* peerKey)
{
int ret;
/* generate new ephemeral key on device */
ret = atcab_genkey(slotId, peerKey);
ret = atmel_ecc_translate_err(ret);
return ret;
}
int atmel_ecc_sign(int slotId, const byte* message, byte* signature)
{
int ret;
ret = atcab_sign(slotId, message, signature);
ret = atmel_ecc_translate_err(ret);
return ret;
}
int atmel_ecc_verify(const byte* message, const byte* signature,
const byte* pubkey, int* verified)
{
int ret;
ret = atcab_verify_extern(message, signature, pubkey, (bool*)verified);
ret = atmel_ecc_translate_err(ret);
return ret;
}
#endif /* WOLFSSL_ATECC508A */
void atmel_init(void)
int atmel_init(void)
{
if (!mAtcaInitDone) {
int ret = 0;
#ifdef WOLFSSL_ATECC508A
if (!mAtcaInitDone) {
ATCA_STATUS status;
int i;
/* Init the free slot list */
#ifndef SINGLE_THREADED
wc_InitMutex(&mSlotMutex);
#endif
/* Init the free slotId list */
for (i=0; i<=ATECC_MAX_SLOT; i++) {
if (i == 0 || i == 2 || i == 7) {
/* ECC Slots (mark avail) */
mSlotList[i] = ATECC_INVALID_SLOT;
if (i == ATECC_SLOT_AUTH_PRIV || i == ATECC_SLOT_I2C_ENC) {
mSlotList[i] = i;
}
else {
mSlotList[i] = i;
/* ECC Slots (mark avail) */
mSlotList[i] = ATECC_INVALID_SLOT;
}
}
/* Initialize the CryptoAuthLib to communicate with ATECC508A */
atcatls_init(&cfg_ateccx08a_i2c_default);
status = atcab_init(&cfg_ateccx08a_i2c_default);
if (status != ATCA_SUCCESS) {
WOLFSSL_MSG("Failed to initialize atcab");
return WC_HW_E;
}
/* Init the I2C pipe encryption key. */
/* Value is generated/stored during pair for the ATECC508A and stored
on micro flash */
/* For this example its a fixed value */
if (atmel_init_enc_key() != ATCA_SUCCESS) {
if (atmel_init_enc_key() != 0) {
WOLFSSL_MSG("Failed to initialize transport key");
return WC_HW_E;
}
/* show revision information */
atmel_show_rev_info();
/* Configure the ECC508 for use with TLS API functions */
#if 0
atcatls_device_provision();
#else
atcatls_config_default();
#endif
#endif /* WOLFSSL_ATECC508A */
mAtcaInitDone = 1;
}
#endif /* WOLFSSL_ATECC508A */
return ret;
}
void atmel_finish(void)
{
if (mAtcaInitDone) {
#ifdef WOLFSSL_ATECC508A
atcatls_finish();
#endif
if (mAtcaInitDone) {
atcab_release();
#ifndef SINGLE_THREADED
wc_FreeMutex(&mSlotMutex);
#endif
mAtcaInitDone = 0;
}
#endif
}
@ -335,6 +441,7 @@ int atcatls_create_key_cb(WOLFSSL* ssl, ecc_key* key, word32 keySz,
uint8_t peerKey[ATECC_PUBKEY_SIZE];
uint8_t* qx = &peerKey[0];
uint8_t* qy = &peerKey[ATECC_PUBKEY_SIZE/2];
int slotId;
(void)ssl;
(void)ctx;
@ -344,22 +451,27 @@ int atcatls_create_key_cb(WOLFSSL* ssl, ecc_key* key, word32 keySz,
return BAD_FUNC_ARG;
}
slotId = atmel_ecc_alloc(ATMEL_SLOT_ECDHE);
if (slotId == ATECC_INVALID_SLOT)
return WC_HW_WAIT_E;
/* generate new ephemeral key on device */
ret = atcatls_create_key(TLS_SLOT_ECDHE_PRIV, peerKey);
if (ret != ATCA_SUCCESS) {
ret = WC_HW_E; goto exit;
}
ret = atmel_ecc_create_key(slotId, peerKey);
/* load generated ECC508A public key into key, used by wolfSSL */
ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ECC_SECP256R1);
exit:
#ifdef WOLFSSL_ATECC508A_DEBUG
if (ret != 0) {
printf("atcatls_create_key_cb: ret %d\n", ret);
if (ret == 0) {
ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ECC_SECP256R1);
}
if (ret == 0) {
key->slot = slotId;
}
else {
atmel_ecc_free(slotId);
#ifdef WOLFSSL_ATECC508A_DEBUG
printf("atcatls_create_key_cb: ret %d\n", ret);
#endif
}
#endif
return ret;
}
@ -394,10 +506,15 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
/* for client: create and export public key */
if (side == WOLFSSL_CLIENT_END) {
int slotId = atmel_ecc_alloc(ATMEL_SLOT_ECDHE);
if (slotId == ATECC_INVALID_SLOT)
return WC_HW_WAIT_E;
tmpKey.slot = slotId;
/* generate new ephemeral key on device */
ret = atcatls_create_key(TLS_SLOT_ECDHE_PRIV, peerKey);
ret = atmel_ecc_create_key(slotId, peerKey);
if (ret != ATCA_SUCCESS) {
ret = WC_HW_E; goto exit;
goto exit;
}
/* convert raw unsigned public key to X.963 format for TLS */
@ -409,6 +526,8 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
/* for server: import public key */
else if (side == WOLFSSL_SERVER_END) {
tmpKey.slot = otherKey->slot;
/* import peer's key and export as raw unsigned for hardware */
ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, &tmpKey, ECC_SECP256R1);
if (ret == 0) {
@ -425,16 +544,7 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
goto exit;
}
#if 1
ret = atcatls_ecdh(TLS_SLOT_ECDHE_PRIV, peerKey, out);
#else
/* other syntax for encrypted ECDH using key in another slot */
ret = atcatls_ecdh_enc(TLS_SLOT_ECDHE_PRIV, TLS_SLOT_FEATURE_PRIV,
peerKey, out);
#endif
if (ret != ATCA_SUCCESS) {
ret = WC_HW_E;
}
ret = atmel_ecc_create_pms(tmpKey.slot, peerKey, out);
*outlen = ATECC_SIG_SIZE;
exit:
@ -442,7 +552,7 @@ exit:
#ifdef WOLFSSL_ATECC508A_DEBUG
if (ret != 0) {
printf("atcatls_create_pms_cb: ret %d\n", ret);
printf("atcab_ecdh_enc: ret %d\n", ret);
}
#endif
@ -458,6 +568,7 @@ int atcatls_sign_certificate_cb(WOLFSSL* ssl, const byte* in, word32 inSz,
{
int ret;
byte sigRs[ATECC_SIG_SIZE*2];
int slotId;
(void)ssl;
(void)inSz;
@ -469,7 +580,11 @@ int atcatls_sign_certificate_cb(WOLFSSL* ssl, const byte* in, word32 inSz,
return BAD_FUNC_ARG;
}
ret = atcatls_sign(TLS_SLOT_AUTH_PRIV, in, sigRs);
slotId = atmel_ecc_alloc(ATMEL_SLOT_DEVICE);
if (slotId == ATECC_INVALID_SLOT)
return WC_HW_WAIT_E;
ret = atmel_ecc_sign(slotId, in, sigRs);
if (ret != ATCA_SUCCESS) {
ret = WC_HW_E; goto exit;
}
@ -485,6 +600,8 @@ int atcatls_sign_certificate_cb(WOLFSSL* ssl, const byte* in, word32 inSz,
exit:
atmel_ecc_free(slotId);
#ifdef WOLFSSL_ATECC508A_DEBUG
if (ret != 0) {
printf("atcatls_sign_certificate_cb: ret %d\n", ret);
@ -546,7 +663,7 @@ int atcatls_verify_signature_cb(WOLFSSL* ssl, const byte* sig, word32 sigSz,
(void)rSz;
(void)sSz;
ret = atcatls_verify(hash, sigRs, peerKey, (bool*)result);
ret = atmel_ecc_verify(hash, sigRs, peerKey, result);
if (ret != ATCA_SUCCESS || !*result) {
ret = WC_HW_E; goto exit;
}

6
wolfcrypt/src/wc_port.c
View File

@ -153,7 +153,11 @@ int wolfCrypt_Init(void)
#endif
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A)
atmel_init();
ret = atmel_init();
if (ret != 0) {
WOLFSSL_MSG("CryptoAuthLib init failed");
return ret;
}
#endif
#if defined(WOLFSSL_STSAFEA100)

61
wolfssl/wolfcrypt/port/atmel/atmel.h
View File

@ -31,9 +31,7 @@
#undef SHA_BLOCK_SIZE
#define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP
#include <cryptoauthlib.h>
#include <tls/atcatls.h>
#include <atcacert/atcacert_client.h>
#include <tls/atcatls_cfg.h>
#undef SHA_BLOCK_SIZE
#endif
@ -44,7 +42,24 @@
#ifndef ATECC_MAX_SLOT
#define ATECC_MAX_SLOT (0x7) /* Only use 0-7 */
#endif
#define ATECC_INVALID_SLOT (-1)
#define ATECC_INVALID_SLOT (0xFF)
/* Device Key for signing */
#ifndef ATECC_SLOT_AUTH_PRIV
#define ATECC_SLOT_AUTH_PRIV (0x0)
#endif
/* Ephemeral key */
#ifndef ATECC_SLOT_ECDHE_PRIV
#define ATECC_SLOT_ECDHE_PRIV (0x2)
#endif
/* Symmetric encryption key */
#ifndef ATECC_SLOT_I2C_ENC
#define ATECC_SLOT_I2C_ENC (0x04)
#endif
/* Parent encryption key */
#ifndef ATECC_SLOT_ENC_PARENT
#define ATECC_SLOT_ENC_PARENT (0x7)
#endif
/* ATECC_KEY_SIZE required for ecc.h */
#include <wolfssl/wolfcrypt/ecc.h>
@ -54,23 +69,11 @@ struct WOLFSSL_CTX;
struct WOLFSSL_X509_STORE_CTX;
struct ecc_key;
/* Cert Structure */
typedef struct t_atcert {
uint32_t signer_ca_size;
uint8_t signer_ca[512];
uint8_t signer_ca_pubkey[64];
uint32_t end_user_size;
uint8_t end_user[512];
uint8_t end_user_pubkey[64];
} t_atcert;
extern t_atcert atcert;
/* Amtel port functions */
void atmel_init(void);
/* Atmel port functions */
int atmel_init(void);
void atmel_finish(void);
int atmel_get_random_number(uint32_t count, uint8_t* rand_out);
int atmel_get_random_block(unsigned char* output, unsigned int sz);
int atmel_get_random_block(unsigned char* output, unsigned int sz);
long atmel_get_curr_time_and_date(long* tm);
#ifdef WOLFSSL_ATECC508A
@ -80,17 +83,33 @@ enum atmelSlotType {
ATMEL_SLOT_ENCKEY,
ATMEL_SLOT_DEVICE,
ATMEL_SLOT_ECDHE,
ATMEL_SLOT_ECDHEPUB,
ATMEL_SLOT_ECDHE_ENC,
};
int atmel_ecc_alloc(int slotType);
void atmel_ecc_free(int slot);
void atmel_ecc_free(int slotId);
typedef int (*atmel_slot_alloc_cb)(int);
typedef void (*atmel_slot_dealloc_cb)(int);
int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
atmel_slot_dealloc_cb dealloc);
int atmel_ecc_translate_err(int status);
int atmel_get_rev_info(byte* revision);
void atmel_show_rev_info(void);
/* The macro ATECC_GET_ENC_KEY can be set to override the default
encryption key with your own at build-time */
#ifndef ATECC_GET_ENC_KEY
#define ATECC_GET_ENC_KEY(enckey, keysize) atmel_get_enc_key_default((enckey), (keysize))
#endif
int atmel_get_enc_key_default(byte* enckey, word16 keysize);
int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms);
int atmel_ecc_create_key(int slotId, byte* peerKey);
int atmel_ecc_sign(int slotId, const byte* message, byte* signature);
int atmel_ecc_verify(const byte* message, const byte* signature,
const byte* pubkey, int* verified);
#endif /* WOLFSSL_ATECC508A */
#ifdef HAVE_PK_CALLBACKS