Fix TNGTLS certificate size issue

TNGTLS devices has shown variations in the device and signer certificate sizes causing failure. This fix makes the size query dynamic.
2025-08-01 19:54:40 +02:00 · 2021-03-28 00:02:17 +05:30
parent a9ff314840
commit ccc50714d0
1 changed files with 47 additions and 37 deletions
--- a/wolfcrypt/src/port/atmel/atmel.c
+++ b/wolfcrypt/src/port/atmel/atmel.c
@@ -192,7 +192,7 @@ int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg)
    cfg_ateccx08a_i2c_pi.devtype               = cfg->devtype;
    cfg_ateccx08a_i2c_pi.atcai2c.slave_address = cfg->atcai2c.slave_address;
    cfg_ateccx08a_i2c_pi.atcai2c.bus           = cfg->atcai2c.bus;
-    cfg_ateccx08a_i2c_pi.atcai2c.baud          = cfg->atcai2c.baud;
+    cfg_ateccx08a_i2c_pi.atcai2c.baud          = 400000;//cfg->atcai2c.baud;
    cfg_ateccx08a_i2c_pi.wake_delay            = cfg->wake_delay;
    cfg_ateccx08a_i2c_pi.rx_retries            = cfg->rx_retries;
    cfg_ateccx08a_i2c_pi.cfg_data              = cfg->cfg_data;
@@ -389,7 +389,7 @@ void atmel_show_rev_info(void)
 #ifdef WOLFSSL_ATECC_DEBUG
    word32 revision = 0;
    atmel_get_rev_info(&revision);
-    printf("ATECC508A Revision: %x\n", (word32)revision);
+    printf("ATECC508A Revision: %x\r\n", (word32)revision);
 #endif
 }

@@ -915,62 +915,72 @@ exit:

 static int atcatls_set_certificates(WOLFSSL_CTX *ctx) 
 {
-    #ifndef ATCATLS_TNGTLS_SIGNER_CERT_SIZE
-        #define ATCATLS_TNGTLS_SIGNER_CERT_SIZE 0x208
-    #endif
-    #ifndef ATCATLS_TNGTLS_DEVICE_CERT_SIZE
-        #define ATCATLS_TNGTLS_DEVICE_CERT_SIZE 0x222
-    #endif
-    #ifndef ATCATLS_TNGTLS_CERT_BUFF_SIZE
-        #define ATCATLS_TNGTLS_CERT_BUFF_SIZE (ATCATLS_TNGTLS_SIGNER_CERT_SIZE +\
-                                               ATCATLS_TNGTLS_DEVICE_CERT_SIZE)
-    #endif
-
    int ret = 0;
    ATCA_STATUS status;
-    size_t signerCertSize = ATCATLS_TNGTLS_SIGNER_CERT_SIZE;
-    size_t deviceCertSize = ATCATLS_TNGTLS_DEVICE_CERT_SIZE;
-    uint8_t certBuffer[ATCATLS_TNGTLS_CERT_BUFF_SIZE];
+    size_t signerCertSize=0;
+    size_t deviceCertSize=0;
+    uint8_t *certBuffer;

-    /*Read signer cert*/
-    status = tng_atcacert_read_signer_cert(&certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE],
-                                           &signerCertSize);
+    /*fetch signer cert size*/
+    status=tng_atcacert_read_signer_cert(NULL, &signerCertSize);
    if (ATCA_SUCCESS != status) {
-        ret = atmel_ecc_translate_err(ret);
-        return ret;
-    }
-    if (signerCertSize != ATCATLS_TNGTLS_SIGNER_CERT_SIZE) {
        #ifdef WOLFSSL_ATECC_DEBUG
-        printf("signer cert size != ATCATLS_TNGTLS_SIGNER_CERT_SIZE.(%d)\r\n",
-               signerCertSize);
+        printf("Failed reading Signer cert size(0x%x)\r\n", status);
        #endif
        return WOLFSSL_FAILURE;
    }

+    /*fetch device cert size*/
+    status=tng_atcacert_read_device_cert(NULL, &deviceCertSize, NULL);
+    if (ATCA_SUCCESS != status) {
+        #ifdef WOLFSSL_ATECC_DEBUG
+        printf("Failed reading device cert size(0x%x)\r\n", status);
+        #endif
+        return WOLFSSL_FAILURE;
+    }    
+    certBuffer=XMALLOC(signerCertSize+deviceCertSize, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if(NULL == certBuffer){
+        #ifdef WOLFSSL_ATECC_DEBUG
+        printf("Failed allocating space for certBuffer\r\n");
+        #endif
+        return WOLFSSL_FAILURE;
+    }
+    
+    /*Read signer cert*/
+    status = tng_atcacert_read_signer_cert(&certBuffer[deviceCertSize],\
+                                           &signerCertSize);
+    if (ATCA_SUCCESS != status) {
+        #ifdef WOLFSSL_ATECC_DEBUG
+        printf("Error reading signer cert(0x%x)\r\n", status);
+        #endif
+        XFREE(certBuffer,NULL,DYNAMIC_TYPE_TMP_BUFFER);
+        ret = atmel_ecc_translate_err(ret);
+        return ret;
+    }
+
    /*Read device cert signed by the signer above*/
    status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize,\
-     	                  &certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE]);
+     	                                   &certBuffer[deviceCertSize]);
    if (ATCA_SUCCESS != status) {
+        #ifdef WOLFSSL_ATECC_DEBUG
+        printf("Error reading device cert(0x%x)\r\n", status);
+        #endif
+        XFREE(certBuffer,NULL,DYNAMIC_TYPE_TMP_BUFFER);
        ret = atmel_ecc_translate_err(ret);
        return ret;
    }
-    if (deviceCertSize != ATCATLS_TNGTLS_DEVICE_CERT_SIZE) {
-        #ifdef WOLFSSL_ATECC_DEBUG
-        printf("device cert size != ATCATLS_TNGTLS_DEVICE_CERT_SIZE.(%d)\r\n",
-               deviceCertSize);
-        #endif
-        return WOLFSSL_FAILURE;
-    }

-    ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
-          (const unsigned char*)certBuffer, ATCATLS_TNGTLS_CERT_BUFF_SIZE,
+    ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,\
+          (const unsigned char*)certBuffer, signerCertSize+deviceCertSize,\
          WOLFSSL_FILETYPE_ASN1);
    if (ret != WOLFSSL_SUCCESS) {
+        printf("Error registering certificate chain\r\n");
        ret = -1;
    }
    else {
-	ret = 0;
+	    ret = 0;
    }
+    XFREE(certBuffer,NULL,DYNAMIC_TYPE_TMP_BUFFER);
    return ret;
 }

@@ -985,7 +995,7 @@ int atcatls_set_callbacks(WOLFSSL_CTX* ctx)
    ret = atcatls_set_certificates(ctx);
    if (ret != 0) {
        #ifdef WOLFSSL_ATECC_DEBUG
-        printf("atcatls_set_certificates failed. (%d)\r\n",ret);
+        printf("atcatls_set_certificates failed. (%d)\r\n", ret);
        #endif
    }
 #endif