mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 13:30:48 +02:00
TA100: follow-up changes (squash after 4e64cb56)
This commit is contained in:
committed by
Daniele Lacamera
parent
00cca3e25b
commit
dbf4aaa5be
+109
-27
@@ -3002,45 +3002,127 @@ then
|
||||
esac
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
# Microchip/Atmel CryptoAuthLib
|
||||
ENABLED_CRYPTOAUTHLIB="no"
|
||||
trylibatcadir=""
|
||||
AC_ARG_WITH([cryptoauthlib],
|
||||
[AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr)])],
|
||||
[
|
||||
AC_MSG_CHECKING([for cryptoauthlib])
|
||||
LIBS="$LIBS -lcryptoauth -lwolfssl -lpthread -lrt"
|
||||
[AS_HELP_STRING([--with-cryptoauthlib=PATH],
|
||||
[PATH to CryptoAuthLib install (default: system paths)])],
|
||||
[with_cryptoauthlib=$withval],
|
||||
[with_cryptoauthlib=no])
|
||||
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
|
||||
AS_IF([test "x$with_cryptoauthlib" != "xno"], [
|
||||
AC_MSG_CHECKING([for CryptoAuthLib])
|
||||
|
||||
if test "x$libatca_linked" = "xno" ; then
|
||||
if test "x$withval" != "xno" ; then
|
||||
trylibatcadir=$withval
|
||||
fi
|
||||
if test "x$withval" = "xyes" ; then
|
||||
trylibatcadir="/usr"
|
||||
libdir=""
|
||||
incdir=""
|
||||
cryptoauthlib_found="no"
|
||||
|
||||
saved_LIBS="$LIBS"
|
||||
saved_LDFLAGS="$LDFLAGS"
|
||||
saved_CPPFLAGS="$CPPFLAGS"
|
||||
saved_CFLAGS="$CFLAGS"
|
||||
|
||||
# Method 1: Try pkg-config first (most reliable)
|
||||
PKG_CHECK_MODULES([CRYPTOAUTHLIB], [cryptoauthlib], [
|
||||
CPPFLAGS="$CRYPTOAUTHLIB_CFLAGS $CPPFLAGS"
|
||||
CFLAGS="$CRYPTOAUTHLIB_CFLAGS $CFLAGS"
|
||||
LDFLAGS="$CRYPTOAUTHLIB_LIBS $LDFLAGS"
|
||||
LIBS="$CRYPTOAUTHLIB_LIBS $LIBS"
|
||||
cryptoauthlib_found="pkg-config"
|
||||
], [
|
||||
# Method 2: Manual search
|
||||
AS_IF([test "x$with_cryptoauthlib" = "xyes"], [
|
||||
search_dirs="/usr /usr/local"
|
||||
], [
|
||||
search_dirs="$with_cryptoauthlib"
|
||||
])
|
||||
|
||||
for trylibatcadir in $search_dirs; do
|
||||
for try_libdir in "$trylibatcadir/lib" "$trylibatcadir/lib64"; do
|
||||
if test -f "$try_libdir/libcryptoauth.so" || test -f "$try_libdir/libcryptoauth.a"; then
|
||||
libdir="$try_libdir"
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if test -z "$libdir"; then
|
||||
if test -x /usr/bin/dpkg-architecture; then
|
||||
DEB_HOST_MULTIARCH=`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`
|
||||
if test -n "$DEB_HOST_MULTIARCH"; then
|
||||
try_libdir="$trylibatcadir/lib/$DEB_HOST_MULTIARCH"
|
||||
if test -f "$try_libdir/libcryptoauth.so" || test -f "$try_libdir/libcryptoauth.a"; then
|
||||
libdir="$try_libdir"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$host_cpu" = "aarch64" ; then
|
||||
LIB_SUFFIX="/aarch64-linux-gnu"
|
||||
else
|
||||
LIB_SUFFIX=""
|
||||
for try_incdir in "$trylibatcadir/include/cryptoauthlib" "$trylibatcadir/include"; do
|
||||
if test -f "$try_incdir/cryptoauthlib.h"; then
|
||||
incdir="$try_incdir"
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if test -n "$libdir" && test -n "$incdir"; then
|
||||
break
|
||||
fi
|
||||
libdir=""
|
||||
incdir=""
|
||||
done
|
||||
|
||||
LDFLAGS="$LDFLAGS -L$trylibatcadir/lib$LIB_SUFFIX"
|
||||
CPPFLAGS="$CPPFLAGS -I$trylibatcadir/include/cryptoauthlib"
|
||||
AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib$LIB_SUFFIX"
|
||||
AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/include/cryptoauthlib"
|
||||
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
if test -n "$libdir" && test -n "$incdir"; then
|
||||
CPPFLAGS="-I$incdir $CPPFLAGS"
|
||||
CFLAGS="-I$incdir $CFLAGS"
|
||||
LDFLAGS="-L$libdir $LDFLAGS"
|
||||
LIBS="-lcryptoauth $LIBS"
|
||||
cryptoauthlib_found="$libdir"
|
||||
fi
|
||||
])
|
||||
|
||||
ENABLED_CRYPTOAUTHLIB="yes"
|
||||
]
|
||||
)
|
||||
AS_IF([test "x$cryptoauthlib_found" != "xno"], [
|
||||
wolfssl_include=""
|
||||
AS_IF([test -f "${srcdir}/wolfssl/wolfcrypt/types.h"], [
|
||||
wolfssl_include="-I${srcdir}"
|
||||
], [test -f "${srcdir}/wolfssl.h"], [
|
||||
wolfssl_include="-I${srcdir}"
|
||||
])
|
||||
|
||||
test_CPPFLAGS="$wolfssl_include $CPPFLAGS"
|
||||
test_CFLAGS="$wolfssl_include $CFLAGS"
|
||||
|
||||
saved_test_CPPFLAGS="$CPPFLAGS"
|
||||
saved_test_CFLAGS="$CFLAGS"
|
||||
CPPFLAGS="$test_CPPFLAGS"
|
||||
CFLAGS="$test_CFLAGS"
|
||||
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM(
|
||||
[[#include <cryptoauthlib.h>]],
|
||||
[[atcab_init(0); return 0;]])],
|
||||
[
|
||||
ENABLED_CRYPTOAUTHLIB="yes"
|
||||
AC_MSG_RESULT([yes ($cryptoauthlib_found)])
|
||||
AC_DEFINE([HAVE_CRYPTOAUTHLIB], [1], [CryptoAuthLib support])
|
||||
CPPFLAGS="$saved_test_CPPFLAGS"
|
||||
CFLAGS="$saved_test_CFLAGS"
|
||||
],
|
||||
[
|
||||
LIBS="$saved_LIBS"
|
||||
LDFLAGS="$saved_LDFLAGS"
|
||||
CPPFLAGS="$saved_CPPFLAGS"
|
||||
CFLAGS="$saved_CFLAGS"
|
||||
AC_MSG_RESULT([no - compilation failed])
|
||||
AC_MSG_ERROR([CryptoAuthLib found but test compilation failed. Check config.log for details.])
|
||||
])
|
||||
], [
|
||||
AC_MSG_RESULT([no - library not found])
|
||||
AC_MSG_ERROR([CryptoAuthLib not found. Install it or specify path with --with-cryptoauthlib=/path])
|
||||
])
|
||||
])
|
||||
|
||||
AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB], [test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])
|
||||
|
||||
# TropicSquare TROPIC01
|
||||
# Example: "./configure --with-tropic01=/home/pi/libtropic"
|
||||
|
||||
@@ -429,6 +429,7 @@ int test_wolfSSL_EC_POINT(void)
|
||||
X, Y, ctx), 0);
|
||||
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
!defined(WOLFSSL_MICROCHIP_TA100) && \
|
||||
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
|
||||
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
|
||||
ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, NULL, ctx), 0);
|
||||
@@ -520,6 +521,7 @@ int test_wolfSSL_EC_POINT(void)
|
||||
ExpectIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
|
||||
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
!defined(WOLFSSL_MICROCHIP_TA100) && \
|
||||
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
|
||||
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
|
||||
{
|
||||
@@ -801,6 +803,7 @@ int test_wolfSSL_SPAKE(void)
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) \
|
||||
&& !defined(WOLFSSL_ATECC608A) && !defined(HAVE_SELFTEST) && \
|
||||
!defined(WOLFSSL_MICROCHIP_TA100) && \
|
||||
!defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
|
||||
BIGNUM* x = NULL; /* kdc priv */
|
||||
BIGNUM* y = NULL; /* client priv */
|
||||
|
||||
@@ -2081,6 +2081,10 @@ static const char* bench_result_words2[][6] = {
|
||||
#endif
|
||||
};
|
||||
#endif /* !WC_NO_RNG || WOLFSSL_HAVE_MLKEM */
|
||||
#endif
|
||||
#if defined(WOLFSSL_MICROCHIP_TA100)
|
||||
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_CAAM
|
||||
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
|
||||
@@ -10713,7 +10717,7 @@ void bench_rsa(int useDeviceID)
|
||||
/* Note: To benchmark public only define WOLFSSL_PUBLIC_MP */
|
||||
rsaKeySz = 0;
|
||||
#endif
|
||||
#if defined(WOLFSSL_MICROCHIP_TA100)
|
||||
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_MICROCHIP_TA100)
|
||||
/* Create new keys since you cannot import a private key to TA100 */
|
||||
ret = wc_MakeRsaKey(rsaKey[i], rsaKeySz, WC_RSA_EXPONENT, &gRng);
|
||||
if (ret) {
|
||||
|
||||
@@ -1979,7 +1979,6 @@ static void alt_fp_init(mp_int* a)
|
||||
|
||||
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
!defined(WOLFSSL_MICROCHIP_TA100) && \
|
||||
!defined(WOLFSSL_CRYPTOCELL) && \
|
||||
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
|
||||
defined(WOLFSSL_IMXRT1170_CAAM))
|
||||
@@ -8099,11 +8098,9 @@ int wc_ecc_free(ecc_key* key)
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
!defined(WOLFSSL_MICROCHIP_TA100) && \
|
||||
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SP_MATH) && \
|
||||
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
|
||||
defined(WOLFSSL_IMXRT1170_CAAM))
|
||||
|
||||
/* Handles add failure cases:
|
||||
*
|
||||
* Before add:
|
||||
|
||||
@@ -98,6 +98,21 @@ ATECC508A HW accelerated implementation:
|
||||
|
||||
### Microchip Trust Anchor TA100 ECC/RSA
|
||||
|
||||
rm -rf build-shared
|
||||
cmake -S . -B build-shared \
|
||||
-DCMAKE_BUILD_TYPE=Debug \
|
||||
-DATCA_BUILD_SHARED_LIBS=ON \
|
||||
-DATCA_HAL_SPI=ON \
|
||||
-DATCA_PRINTF=ON \
|
||||
-DATCA_TA100_SUPPORT=ON \
|
||||
-DATCA_TA100_AES_AUTH_SUPPORT=ON \
|
||||
-DATCA_TA100_FCE_SUPPORT=ON \
|
||||
-DATCA_WOLFSSL=ON \
|
||||
-DBUILD_TESTS=ON
|
||||
cmake --build build-shared -j
|
||||
sudo cmake --install build-shared
|
||||
sudo ldconfig
|
||||
|
||||
`./configure CFLAGS="-DWOLFSSL_CMAC -DHAVE_PK_CALLBACKS -DWOLFSSL_ATECC508A_NOIDLE -DECC_USER_CURVES -DWOLFSSL_ATECC_NO_ECDH_ENC -DWOLFSSL_ATECC_DEBUG" --enable-cmac --enable-microchip=100 --with-cryptoauthlib`
|
||||
|
||||
Supported Features:
|
||||
|
||||
@@ -161,6 +161,52 @@ static int ateccx08a_cfg_initialized = 0;
|
||||
static ATCAIfaceCfg* gCfg = &config_atmel_device[WOLFSSL_ATCA_DEVICE_NO];
|
||||
|
||||
#if defined(WOLFSSL_MICROCHIP_TA100)
|
||||
|
||||
|
||||
/* TA100 device expects little-endian data for the property field.
|
||||
* On big-endian hosts, we need to byte-swap the uint16_t property value.
|
||||
* Use ATCA_UINT16_HOST_TO_LE if available from cryptoauthlib, otherwise
|
||||
* define our own based on wolfSSL's endianness detection.
|
||||
*/
|
||||
#ifndef ATCA_UINT16_HOST_TO_LE
|
||||
#ifdef BIG_ENDIAN_ORDER
|
||||
#define ATCA_UINT16_HOST_TO_LE(x) \
|
||||
((uint16_t)(((x) >> 8) | (((x) & 0xFF) << 8)))
|
||||
#else
|
||||
#define ATCA_UINT16_HOST_TO_LE(x) (x)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Helper function to fix property field endianness after talib_handle_init_*
|
||||
* functions populate the ta_element_attributes_t structure.
|
||||
* The talib functions build the property value in host byte order, but
|
||||
* the TA100 device expects little-endian format.
|
||||
*/
|
||||
static WC_INLINE void ta100_fix_property_endian(ta_element_attributes_t* attr)
|
||||
{
|
||||
#ifdef BIG_ENDIAN_ORDER
|
||||
if (attr != NULL) {
|
||||
attr->property = ATCA_UINT16_HOST_TO_LE(attr->property);
|
||||
}
|
||||
#else
|
||||
(void)attr; /* Suppress unused warning on little-endian */
|
||||
#endif
|
||||
}
|
||||
|
||||
/* The sharedData_attr property values need to be in LE format.
|
||||
* On little-endian: 0x1600 stays as 0x1600 (bytes: 00 16)
|
||||
* On big-endian: 0x1600 becomes 0x0016 (bytes: 00 16)
|
||||
*
|
||||
* Since we cannot use function calls in static initializers,
|
||||
* we define the values directly for each endianness:
|
||||
*/
|
||||
#ifdef BIG_ENDIAN_ORDER
|
||||
/* Big-endian: swap bytes so wire format is correct */
|
||||
#define TA100_PROP_SHARED_DATA 0x0016
|
||||
#else
|
||||
/* Little-endian: use value as-is */
|
||||
#define TA100_PROP_SHARED_DATA 0x1600
|
||||
#endif
|
||||
#ifndef SHARED_DATA_ADDR
|
||||
#define SHARED_DATA_ADDR 0x8006
|
||||
#endif
|
||||
@@ -190,14 +236,14 @@ typedef struct
|
||||
See Shared Data Element Attributes in the programming specifications
|
||||
*/
|
||||
static ta_element_attributes_t sharedData_attr[ATECC_MAX_SLOT] = {
|
||||
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, 0x1600, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, TA100_PROP_SHARED_DATA, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, TA100_PROP_SHARED_DATA, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, TA100_PROP_SHARED_DATA, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, TA100_PROP_SHARED_DATA, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, TA100_PROP_SHARED_DATA, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, TA100_PROP_SHARED_DATA, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, TA100_PROP_SHARED_DATA, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
{0x81, TA100_PROP_SHARED_DATA, 0x00, 0x00, 0x00, 0x41, 0x10},
|
||||
};
|
||||
static ta_element_attributes_t* gSharedDataAttr = sharedData_attr;
|
||||
|
||||
@@ -524,6 +570,9 @@ static int atmel_init_enc_key(void)
|
||||
int atmel_get_rev_info(word32* revision)
|
||||
{
|
||||
int ret;
|
||||
printf("Waking device...\n");
|
||||
ret = atcab_wakeup();
|
||||
printf("atcab_wakeup: %d\n", ret);
|
||||
ret = atcab_info((uint8_t*)revision);
|
||||
ret = atmel_ecc_translate_err(ret);
|
||||
return ret;
|
||||
@@ -656,115 +705,171 @@ int atmel_ecc_verify(const byte* message, const byte* signature,
|
||||
#ifdef WOLFSSL_MICROCHIP_TA100
|
||||
|
||||
#ifndef NO_RSA
|
||||
/*
|
||||
* TA100 RSA Support - Sign/Verify AND Encrypt/Decrypt
|
||||
*
|
||||
*/
|
||||
|
||||
int wc_Microchip_rsa_create_key(struct RsaKey* key, int size, long e)
|
||||
{
|
||||
ATCA_STATUS ret;
|
||||
ta_element_attributes_t rKeyA, uKeyA;
|
||||
size_t uKey_len = WOLFSSL_TA_KEY_TYPE_RSA_SIZE;
|
||||
size_t uKey_len = TA_KEY_TYPE_RSA2048_SIZE;
|
||||
|
||||
(void)size;
|
||||
(void)e;
|
||||
|
||||
ret = talib_handle_init_private_key(&rKeyA, WOLFSSL_TA_KEY_TYPE_RSA,
|
||||
TA_ALG_MODE_RSA_SSA_PSS,TA_PROP_SIGN_INT_EXT_DIGEST,
|
||||
/* Private key for signing AND decryption */
|
||||
ret = talib_handle_init_private_key(&rKeyA, TA_KEY_TYPE_RSA2048,
|
||||
TA_ALG_MODE_RSA_SSA_1_5, TA_PROP_SIGN_INT_EXT_DIGEST,
|
||||
TA_PROP_KEY_AGREEMENT_OUT_BUFF);
|
||||
if (ret != ATCA_SUCCESS) return WC_HW_E;
|
||||
if (ret != ATCA_SUCCESS)
|
||||
return WC_HW_E;
|
||||
|
||||
ta100_fix_property_endian(&rKeyA);
|
||||
|
||||
ret = talib_create_element(atcab_get_device(), &rKeyA, &key->rKeyH);
|
||||
if (ret != ATCA_SUCCESS) return WC_HW_E;
|
||||
if (ret != ATCA_SUCCESS)
|
||||
return WC_HW_E;
|
||||
|
||||
ret = talib_handle_init_public_key(&uKeyA, WOLFSSL_TA_KEY_TYPE_RSA,
|
||||
TA_ALG_MODE_RSA_SSA_PSS, TA_PROP_VAL_NO_SECURE_BOOT_SIGN,
|
||||
TA_PROP_ROOT_PUB_KEY_VERIFY);
|
||||
if (ret != ATCA_SUCCESS) return WC_HW_E;
|
||||
/* Public key - use 0, 0 for encryption support! */
|
||||
ret = talib_handle_init_public_key(&uKeyA, TA_KEY_TYPE_RSA2048,
|
||||
TA_ALG_MODE_RSA_SSA_1_5, 0, 0);
|
||||
if (ret != ATCA_SUCCESS)
|
||||
return WC_HW_E;
|
||||
|
||||
ta100_fix_property_endian(&uKeyA);
|
||||
|
||||
ret = talib_create_element(atcab_get_device(), &uKeyA, &key->uKeyH);
|
||||
if (ret != ATCA_SUCCESS) return WC_HW_E;
|
||||
if (ret != ATCA_SUCCESS)
|
||||
return WC_HW_E;
|
||||
|
||||
ret = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY,
|
||||
(uint32_t)key->rKeyH, key->uKey, &uKey_len);
|
||||
if (ret != ATCA_SUCCESS) return WC_HW_E;
|
||||
if (ret != ATCA_SUCCESS)
|
||||
return WC_HW_E;
|
||||
|
||||
/* Write the RSA public key to the handle. */
|
||||
ret = talib_write_pub_key(atcab_get_device(), key->uKeyH, (uint16_t)uKey_len,
|
||||
key->uKey);
|
||||
|
||||
ret = atmel_ecc_translate_err(ret);
|
||||
|
||||
return ret;
|
||||
/* Use talib_write_element, not talib_write_pub_key */
|
||||
ret = talib_write_element(atcab_get_device(), key->uKeyH,
|
||||
(uint16_t)uKey_len, key->uKey);
|
||||
|
||||
return atmel_ecc_translate_err(ret);
|
||||
}
|
||||
int wc_Microchip_rsa_sign(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key)
|
||||
|
||||
int wc_Microchip_rsa_encrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
uint16_t sign_size = outLen; /* WOLFSSL_TA_KEY_TYPE_RSA_SIZE */
|
||||
|
||||
#ifdef WOLFSSL_ATECC_DEBUG
|
||||
printf("WOLFSSL_TA_KEY_TYPE_RSA = %d\n", WOLFSSL_TA_KEY_TYPE_RSA);
|
||||
printf("TA_KEY_TYPE_RSA2048 = %d\n", TA_KEY_TYPE_RSA2048);
|
||||
printf("=== talib_rsaenc_encrypt debug ===\n");
|
||||
printf("device: %p\n", atcab_get_device());
|
||||
printf("uKeyH: 0x%08X (%u)\n", key->uKeyH, key->uKeyH);
|
||||
printf("inLen: %u\n", inLen);
|
||||
printf("in: %p\n", in);
|
||||
printf("outLen: %u\n", outLen);
|
||||
printf("out: %p\n", out);
|
||||
#endif
|
||||
/* Use the 2048-specific function */
|
||||
ret = talib_rsaenc_encrypt2048(atcab_get_device(), key->uKeyH,
|
||||
(uint16_t)inLen, in,
|
||||
(uint16_t)outLen, out);
|
||||
|
||||
return atmel_ecc_translate_err(ret);
|
||||
}
|
||||
|
||||
int wc_Microchip_rsa_decrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
|
||||
|
||||
ret = talib_rsaenc_decrypt2048(atcab_get_device(), key->rKeyH,
|
||||
(uint16_t)inLen, in,
|
||||
(uint16_t)outLen, out);
|
||||
|
||||
return atmel_ecc_translate_err(ret);
|
||||
}
|
||||
|
||||
|
||||
int wc_Microchip_rsa_sign(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
uint16_t sign_size = (uint16_t)outLen;
|
||||
byte hash_data[WC_SHA256_DIGEST_SIZE];
|
||||
|
||||
if ((ret = wc_Sha256Hash(in, inLen, hash_data)) != 0) {
|
||||
return ret;
|
||||
if (in == NULL || out == NULL || key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* Hash the input message */
|
||||
ret = wc_Sha256Hash(in, inLen, hash_data);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Sign using the signing private key handle */
|
||||
ret = talib_sign_external(atcab_get_device(), WOLFSSL_TA_KEY_TYPE_RSA,
|
||||
key->rKeyH, TA_HANDLE_INPUT_BUFFER, hash_data,
|
||||
WC_SHA256_DIGEST_SIZE, out, &sign_size);
|
||||
ret = atmel_ecc_translate_err(ret);
|
||||
return ret;
|
||||
|
||||
return atmel_ecc_translate_err(ret);
|
||||
}
|
||||
|
||||
|
||||
int wc_Microchip_rsa_verify(const byte* in, word32 inLen, byte* sig, word32 sigLen,
|
||||
RsaKey* key, int* pVerified)
|
||||
RsaKey* key, int* pVerified)
|
||||
{
|
||||
int ret;
|
||||
bool verified = false;
|
||||
byte hash_data[WC_SHA256_DIGEST_SIZE];
|
||||
|
||||
if ((ret = wc_Sha256Hash(in, inLen, hash_data)) != 0) {
|
||||
return ret;
|
||||
if (in == NULL || sig == NULL || key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* Hash the input message */
|
||||
ret = wc_Sha256Hash(in, inLen, hash_data);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Verify using the verification public key handle */
|
||||
ret = talib_verify(atcab_get_device(), WOLFSSL_TA_KEY_TYPE_RSA,
|
||||
TA_HANDLE_INPUT_BUFFER, key->uKeyH, sig,
|
||||
sigLen, hash_data, WC_SHA256_DIGEST_SIZE, NULL,
|
||||
sigLen, &verified);
|
||||
TA_HANDLE_INPUT_BUFFER, key->uKeyH, sig,
|
||||
sigLen, hash_data, WC_SHA256_DIGEST_SIZE, NULL,
|
||||
sigLen, &verified);
|
||||
|
||||
ret = atmel_ecc_translate_err(ret);
|
||||
if (pVerified)
|
||||
|
||||
if (pVerified != NULL) {
|
||||
*pVerified = (int)verified;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_Microchip_rsa_encrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* Encrypt the plaintext with the rsa public key in handle */
|
||||
ret = talib_rsaenc_encrypt(atcab_get_device(), key->uKeyH,
|
||||
inLen, in, outLen, out);
|
||||
ret = atmel_ecc_translate_err(ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_Microchip_rsa_decrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
/* Decrypt the ciphertext with the rsa private key in handle */
|
||||
ret = talib_rsaenc_decrypt(atcab_get_device(), key->rKeyH,
|
||||
inLen, in, outLen, out);
|
||||
ret = atmel_ecc_translate_err(ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
void wc_Microchip_rsa_free(struct RsaKey* key)
|
||||
{
|
||||
if (key->rKeyH)
|
||||
(void)talib_delete_handle(atcab_get_device(), (uint32_t)key->rKeyH);
|
||||
if (key->uKeyH)
|
||||
(void)talib_delete_handle(atcab_get_device(), (uint32_t)key->uKeyH);
|
||||
if (key == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* Free signing/encryption key handles */
|
||||
if (key->rKeyH) {
|
||||
(void)talib_delete_handle(atcab_get_device(), (uint32_t)key->rKeyH);
|
||||
key->rKeyH = 0;
|
||||
}
|
||||
if (key->uKeyH) {
|
||||
(void)talib_delete_handle(atcab_get_device(), (uint32_t)key->uKeyH);
|
||||
key->uKeyH = 0;
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* NO_RSA */
|
||||
|
||||
#ifdef WOLFSSL_ATECC_DEBUG
|
||||
@@ -854,14 +959,20 @@ static void atmel_Handle_Attributes(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#define CHECK_STATUS(s) \
|
||||
if (s != ATCA_SUCCESS) \
|
||||
{ \
|
||||
printf("Error: Line %d in File %s\r\n", __LINE__, __FILE__); \
|
||||
printf("STATUS = %X\r\n", s); \
|
||||
printf("See atca_status.h for error code \r\n"); \
|
||||
return atmel_ecc_translate_err(s); \
|
||||
}
|
||||
#ifdef WOLFSSL_ATECC_DEBUG
|
||||
#define CHECK_STATUS(s) \
|
||||
if ((s) != ATCA_SUCCESS) { \
|
||||
WOLFSSL_MSG("TA100 Error"); \
|
||||
printf("Error: Line %d in File %s\r\n", __LINE__, __FILE__); \
|
||||
printf("STATUS = %X\r\n", (unsigned int)(s)); \
|
||||
return atmel_ecc_translate_err(s); \
|
||||
}
|
||||
#else
|
||||
#define CHECK_STATUS(s) \
|
||||
if ((s) != ATCA_SUCCESS) { \
|
||||
return atmel_ecc_translate_err(s); \
|
||||
}
|
||||
#endif
|
||||
static int atmel_createHandles(void)
|
||||
{
|
||||
ATCA_STATUS status;
|
||||
@@ -1577,50 +1688,41 @@ void wc_Microchip_aes_free(Aes* aes)
|
||||
(void)aes;
|
||||
}
|
||||
|
||||
|
||||
static int wc_Microchip_AesGcmCommon(Aes* aes, byte* out, const byte* in,
|
||||
word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
|
||||
const byte* authIn, word32 authInSz, int dir)
|
||||
{
|
||||
ATCA_STATUS status;
|
||||
atca_aes_gcm_ctx_t ctx;
|
||||
|
||||
(void)out;
|
||||
(void)in;
|
||||
(void)sz;
|
||||
(void)iv;
|
||||
(void)aes;
|
||||
(void)ivSz;
|
||||
(void)authTag;
|
||||
(void)authTagSz;
|
||||
(void)authIn;
|
||||
(void)authInSz;
|
||||
(void)dir;
|
||||
|
||||
(void)ctx;
|
||||
|
||||
if (aes == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
if (dir != AES_ENCRYPTION &&
|
||||
dir != AES_DECRYPTION) {
|
||||
if (dir != AES_ENCRYPTION && dir != AES_DECRYPTION) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
if (dir == AES_ENCRYPTION) {
|
||||
/* Note: talib API takes non-const iv */
|
||||
status = talib_aes_gcm_encrypt(atcab_get_device(), authIn,
|
||||
authInSz, iv, in, sz, out, authTag);
|
||||
CHECK_STATUS(status);
|
||||
authInSz, (uint8_t*)iv, in, sz, out, authTag);
|
||||
}
|
||||
else {
|
||||
status = talib_aes_gcm_decrypt(atcab_get_device(), authIn,
|
||||
authInSz, iv, authTag, in, sz, out);
|
||||
|
||||
/* Add cipher to gcm */
|
||||
status = atcab_aes_gcm_decrypt_update(&ctx, in, sz, out);
|
||||
CHECK_STATUS(status);
|
||||
authInSz, (uint8_t*)iv, authTag, in, sz, out);
|
||||
}
|
||||
return atmel_ecc_translate_err(status);
|
||||
|
||||
if (status != ATCA_SUCCESS) {
|
||||
return atmel_ecc_translate_err(status);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wc_Microchip_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
const byte* iv, word32 ivSz,
|
||||
byte* authTag, word32 authTagSz,
|
||||
|
||||
+15
-1
@@ -445,6 +445,10 @@ static const byte const_byte_array[] = "A+Gd\0\0\0";
|
||||
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_MICROCHIP_TA100)
|
||||
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_CAAM
|
||||
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
|
||||
#endif
|
||||
@@ -26747,7 +26751,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
|
||||
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
#endif
|
||||
if (ret >= 0) {
|
||||
ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
|
||||
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_MICROCHIP_TA100)
|
||||
/* Create new keys for TA100 */
|
||||
ret = wc_MakeRsaKey(key, 2048, WC_RSA_EXPONENT, &rng);
|
||||
if (ret) {
|
||||
goto exit_rsa;
|
||||
}
|
||||
ret = wc_RsaPublicEncrypt(in, inLen, out, 256, key, &rng);
|
||||
#else
|
||||
ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
|
||||
|
||||
#endif
|
||||
}
|
||||
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
|
||||
if (ret < 0)
|
||||
|
||||
@@ -832,8 +832,7 @@ int wc_ecc_point_is_at_infinity(ecc_point *p);
|
||||
WOLFSSL_API
|
||||
int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx);
|
||||
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
!defined(WOLFSSL_MICROCHIP_TA100)
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
|
||||
WOLFSSL_API
|
||||
int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R,
|
||||
mp_int* a, mp_int* modulus, int map);
|
||||
|
||||
@@ -109,8 +109,8 @@ enum atmelSlotType {
|
||||
ATMEL_SLOT_ECDHE_BOB,
|
||||
};
|
||||
|
||||
int atmel_ecc_alloc(int slotType);
|
||||
void atmel_ecc_free(int slotId);
|
||||
WOLFSSL_API int atmel_ecc_alloc(int slotType);
|
||||
WOLFSSL_API void atmel_ecc_free(int slotId);
|
||||
|
||||
typedef int (*atmel_slot_alloc_cb)(int);
|
||||
typedef void (*atmel_slot_dealloc_cb)(int);
|
||||
|
||||
Reference in New Issue
Block a user