From ccc50714d08ce22435963cd837db921c3a714058 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Sun, 28 Mar 2021 00:02:17 +0530 Subject: [PATCH 1/5] Fix TNGTLS certificate size issue TNGTLS devices has shown variations in the device and signer certificate sizes causing failure. This fix makes the size query dynamic. --- wolfcrypt/src/port/atmel/atmel.c | 84 ++++++++++++++++++-------------- 1 file changed, 47 insertions(+), 37 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 46c25ae19..44b535d58 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -192,7 +192,7 @@ int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg) cfg_ateccx08a_i2c_pi.devtype = cfg->devtype; cfg_ateccx08a_i2c_pi.atcai2c.slave_address = cfg->atcai2c.slave_address; cfg_ateccx08a_i2c_pi.atcai2c.bus = cfg->atcai2c.bus; - cfg_ateccx08a_i2c_pi.atcai2c.baud = cfg->atcai2c.baud; + cfg_ateccx08a_i2c_pi.atcai2c.baud = 400000;//cfg->atcai2c.baud; cfg_ateccx08a_i2c_pi.wake_delay = cfg->wake_delay; cfg_ateccx08a_i2c_pi.rx_retries = cfg->rx_retries; cfg_ateccx08a_i2c_pi.cfg_data = cfg->cfg_data; @@ -389,7 +389,7 @@ void atmel_show_rev_info(void) #ifdef WOLFSSL_ATECC_DEBUG word32 revision = 0; atmel_get_rev_info(&revision); - printf("ATECC508A Revision: %x\n", (word32)revision); + printf("ATECC508A Revision: %x\r\n", (word32)revision); #endif } @@ -915,62 +915,72 @@ exit: static int atcatls_set_certificates(WOLFSSL_CTX *ctx) { - #ifndef ATCATLS_TNGTLS_SIGNER_CERT_SIZE - #define ATCATLS_TNGTLS_SIGNER_CERT_SIZE 0x208 - #endif - #ifndef ATCATLS_TNGTLS_DEVICE_CERT_SIZE - #define ATCATLS_TNGTLS_DEVICE_CERT_SIZE 0x222 - #endif - #ifndef ATCATLS_TNGTLS_CERT_BUFF_SIZE - #define ATCATLS_TNGTLS_CERT_BUFF_SIZE (ATCATLS_TNGTLS_SIGNER_CERT_SIZE +\ - ATCATLS_TNGTLS_DEVICE_CERT_SIZE) - #endif - int ret = 0; ATCA_STATUS status; - size_t signerCertSize = ATCATLS_TNGTLS_SIGNER_CERT_SIZE; - size_t deviceCertSize = ATCATLS_TNGTLS_DEVICE_CERT_SIZE; - uint8_t certBuffer[ATCATLS_TNGTLS_CERT_BUFF_SIZE]; + size_t signerCertSize=0; + size_t deviceCertSize=0; + uint8_t *certBuffer; - /*Read signer cert*/ - status = tng_atcacert_read_signer_cert(&certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE], - &signerCertSize); + /*fetch signer cert size*/ + status=tng_atcacert_read_signer_cert(NULL, &signerCertSize); if (ATCA_SUCCESS != status) { - ret = atmel_ecc_translate_err(ret); - return ret; - } - if (signerCertSize != ATCATLS_TNGTLS_SIGNER_CERT_SIZE) { #ifdef WOLFSSL_ATECC_DEBUG - printf("signer cert size != ATCATLS_TNGTLS_SIGNER_CERT_SIZE.(%d)\r\n", - signerCertSize); + printf("Failed reading Signer cert size(0x%x)\r\n", status); #endif return WOLFSSL_FAILURE; } + /*fetch device cert size*/ + status=tng_atcacert_read_device_cert(NULL, &deviceCertSize, NULL); + if (ATCA_SUCCESS != status) { + #ifdef WOLFSSL_ATECC_DEBUG + printf("Failed reading device cert size(0x%x)\r\n", status); + #endif + return WOLFSSL_FAILURE; + } + certBuffer=XMALLOC(signerCertSize+deviceCertSize, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if(NULL == certBuffer){ + #ifdef WOLFSSL_ATECC_DEBUG + printf("Failed allocating space for certBuffer\r\n"); + #endif + return WOLFSSL_FAILURE; + } + + /*Read signer cert*/ + status = tng_atcacert_read_signer_cert(&certBuffer[deviceCertSize],\ + &signerCertSize); + if (ATCA_SUCCESS != status) { + #ifdef WOLFSSL_ATECC_DEBUG + printf("Error reading signer cert(0x%x)\r\n", status); + #endif + XFREE(certBuffer,NULL,DYNAMIC_TYPE_TMP_BUFFER); + ret = atmel_ecc_translate_err(ret); + return ret; + } + /*Read device cert signed by the signer above*/ status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize,\ - &certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE]); + &certBuffer[deviceCertSize]); if (ATCA_SUCCESS != status) { + #ifdef WOLFSSL_ATECC_DEBUG + printf("Error reading device cert(0x%x)\r\n", status); + #endif + XFREE(certBuffer,NULL,DYNAMIC_TYPE_TMP_BUFFER); ret = atmel_ecc_translate_err(ret); return ret; } - if (deviceCertSize != ATCATLS_TNGTLS_DEVICE_CERT_SIZE) { - #ifdef WOLFSSL_ATECC_DEBUG - printf("device cert size != ATCATLS_TNGTLS_DEVICE_CERT_SIZE.(%d)\r\n", - deviceCertSize); - #endif - return WOLFSSL_FAILURE; - } - ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, - (const unsigned char*)certBuffer, ATCATLS_TNGTLS_CERT_BUFF_SIZE, + ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,\ + (const unsigned char*)certBuffer, signerCertSize+deviceCertSize,\ WOLFSSL_FILETYPE_ASN1); if (ret != WOLFSSL_SUCCESS) { + printf("Error registering certificate chain\r\n"); ret = -1; } else { - ret = 0; + ret = 0; } + XFREE(certBuffer,NULL,DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -985,7 +995,7 @@ int atcatls_set_callbacks(WOLFSSL_CTX* ctx) ret = atcatls_set_certificates(ctx); if (ret != 0) { #ifdef WOLFSSL_ATECC_DEBUG - printf("atcatls_set_certificates failed. (%d)\r\n",ret); + printf("atcatls_set_certificates failed. (%d)\r\n", ret); #endif } #endif From 4911977946e8af35d6fc0742167422b4b80ceb62 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Sun, 28 Mar 2021 00:04:57 +0530 Subject: [PATCH 2/5] rename I2C address var per cryptoauthlib 3.3.0 --- wolfcrypt/src/port/atmel/atmel.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 44b535d58..0f755094c 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -190,9 +190,9 @@ int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg) XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi)); cfg_ateccx08a_i2c_pi.iface_type = cfg->iface_type; cfg_ateccx08a_i2c_pi.devtype = cfg->devtype; - cfg_ateccx08a_i2c_pi.atcai2c.slave_address = cfg->atcai2c.slave_address; + cfg_ateccx08a_i2c_pi.atcai2c.address = cfg->atcai2c.address; cfg_ateccx08a_i2c_pi.atcai2c.bus = cfg->atcai2c.bus; - cfg_ateccx08a_i2c_pi.atcai2c.baud = 400000;//cfg->atcai2c.baud; + cfg_ateccx08a_i2c_pi.atcai2c.baud = cfg->atcai2c.baud; cfg_ateccx08a_i2c_pi.wake_delay = cfg->wake_delay; cfg_ateccx08a_i2c_pi.rx_retries = cfg->rx_retries; cfg_ateccx08a_i2c_pi.cfg_data = cfg->cfg_data; @@ -513,7 +513,7 @@ int atmel_init(void) XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi)); cfg_ateccx08a_i2c_pi.iface_type = ATCA_I2C_IFACE; cfg_ateccx08a_i2c_pi.devtype = ATECC_DEV_TYPE; - cfg_ateccx08a_i2c_pi.atcai2c.slave_address = ATECC_I2C_ADDR; + cfg_ateccx08a_i2c_pi.atcai2c.address = ATECC_I2C_ADDR; cfg_ateccx08a_i2c_pi.atcai2c.bus = ATECC_I2C_BUS; cfg_ateccx08a_i2c_pi.atcai2c.baud = 400000; cfg_ateccx08a_i2c_pi.wake_delay = 1500; From c34fcf908c7ce4aae9b4dc5d010928605e7aae79 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Tue, 27 Apr 2021 12:17:23 +0530 Subject: [PATCH 3/5] code cleanup based on PR review comments --- wolfcrypt/src/port/atmel/atmel.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 0f755094c..6f2d48d68 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -190,7 +190,11 @@ int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg) XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi)); cfg_ateccx08a_i2c_pi.iface_type = cfg->iface_type; cfg_ateccx08a_i2c_pi.devtype = cfg->devtype; +#ifdef ATCA_ENABLE_DEPRECATED + cfg_ateccx08a_i2c_pi.atcai2c.slave_address = cfg->atcai2c.slave_address; +#else cfg_ateccx08a_i2c_pi.atcai2c.address = cfg->atcai2c.address; +#endif cfg_ateccx08a_i2c_pi.atcai2c.bus = cfg->atcai2c.bus; cfg_ateccx08a_i2c_pi.atcai2c.baud = cfg->atcai2c.baud; cfg_ateccx08a_i2c_pi.wake_delay = cfg->wake_delay; @@ -389,7 +393,7 @@ void atmel_show_rev_info(void) #ifdef WOLFSSL_ATECC_DEBUG word32 revision = 0; atmel_get_rev_info(&revision); - printf("ATECC508A Revision: %x\r\n", (word32)revision); + printf("ATECC608 Revision: %x\n", (word32)revision); #endif } @@ -513,7 +517,12 @@ int atmel_init(void) XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi)); cfg_ateccx08a_i2c_pi.iface_type = ATCA_I2C_IFACE; cfg_ateccx08a_i2c_pi.devtype = ATECC_DEV_TYPE; +#ifdef ATCA_ENABLE_DEPRECATED + cfg_ateccx08a_i2c_pi.atcai2c.slave_address = ATECC_I2C_ADDR; +#else cfg_ateccx08a_i2c_pi.atcai2c.address = ATECC_I2C_ADDR; +#endif + cfg_ateccx08a_i2c_pi.atcai2c.address = ATECC_I2C_ADDR; cfg_ateccx08a_i2c_pi.atcai2c.bus = ATECC_I2C_BUS; cfg_ateccx08a_i2c_pi.atcai2c.baud = 400000; cfg_ateccx08a_i2c_pi.wake_delay = 1500; @@ -921,7 +930,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) size_t deviceCertSize=0; uint8_t *certBuffer; - /*fetch signer cert size*/ + /* fetch signer cert size */ status=tng_atcacert_read_signer_cert(NULL, &signerCertSize); if (ATCA_SUCCESS != status) { #ifdef WOLFSSL_ATECC_DEBUG @@ -930,7 +939,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) return WOLFSSL_FAILURE; } - /*fetch device cert size*/ + /* fetch device cert size */ status=tng_atcacert_read_device_cert(NULL, &deviceCertSize, NULL); if (ATCA_SUCCESS != status) { #ifdef WOLFSSL_ATECC_DEBUG @@ -938,7 +947,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) #endif return WOLFSSL_FAILURE; } - certBuffer=XMALLOC(signerCertSize+deviceCertSize, NULL, DYNAMIC_TYPE_TMP_BUFFER); + certBuffer=(uint8_t*)XMALLOC(signerCertSize+deviceCertSize, NULL, DYNAMIC_TYPE_TMP_BUFFER); if(NULL == certBuffer){ #ifdef WOLFSSL_ATECC_DEBUG printf("Failed allocating space for certBuffer\r\n"); @@ -946,8 +955,8 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) return WOLFSSL_FAILURE; } - /*Read signer cert*/ - status = tng_atcacert_read_signer_cert(&certBuffer[deviceCertSize],\ + /* Read signer cert */ + status = tng_atcacert_read_signer_cert(&certBuffer[deviceCertSize], &signerCertSize); if (ATCA_SUCCESS != status) { #ifdef WOLFSSL_ATECC_DEBUG @@ -958,7 +967,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) return ret; } - /*Read device cert signed by the signer above*/ + /* Read device cert signed by the signer above */ status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize,\ &certBuffer[deviceCertSize]); if (ATCA_SUCCESS != status) { From e716fcc6352a7bab75bf66bdf8e1e2c874612901 Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Tue, 27 Apr 2021 16:51:49 +0530 Subject: [PATCH 4/5] do not reserve ATMEL_SLOT_ECDHE type for TNGTLS --- wolfcrypt/src/port/atmel/atmel.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index 6f2d48d68..df1fe90f9 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -263,7 +263,12 @@ int atmel_ecc_alloc(int slotType) goto exit; case ATMEL_SLOT_ECDHE: slotId = ATECC_SLOT_ECDHE_PRIV; + #ifdef WOLFSSL_ATECC_TNGTLS + /* not reserved in mSlotList, so return */ + goto exit; + #else break; + #endif case ATMEL_SLOT_ECDHE_ENC: slotId = ATECC_SLOT_ENC_PARENT; #ifdef WOLFSSL_ATECC_TNGTLS From 8ede17f337f84ba913bdb6d5c76d34011f40f32f Mon Sep 17 00:00:00 2001 From: Vysakh P Pillai <3634378+vppillai@users.noreply.github.com> Date: Thu, 29 Apr 2021 07:48:31 +0530 Subject: [PATCH 5/5] code formating changes based on PR review. --- wolfcrypt/src/port/atmel/atmel.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c index df1fe90f9..209b027fc 100644 --- a/wolfcrypt/src/port/atmel/atmel.c +++ b/wolfcrypt/src/port/atmel/atmel.c @@ -523,11 +523,10 @@ int atmel_init(void) cfg_ateccx08a_i2c_pi.iface_type = ATCA_I2C_IFACE; cfg_ateccx08a_i2c_pi.devtype = ATECC_DEV_TYPE; #ifdef ATCA_ENABLE_DEPRECATED - cfg_ateccx08a_i2c_pi.atcai2c.slave_address = ATECC_I2C_ADDR; + cfg_ateccx08a_i2c_pi.atcai2c.slave_address = ATECC_I2C_ADDR; #else cfg_ateccx08a_i2c_pi.atcai2c.address = ATECC_I2C_ADDR; #endif - cfg_ateccx08a_i2c_pi.atcai2c.address = ATECC_I2C_ADDR; cfg_ateccx08a_i2c_pi.atcai2c.bus = ATECC_I2C_BUS; cfg_ateccx08a_i2c_pi.atcai2c.baud = 400000; cfg_ateccx08a_i2c_pi.wake_delay = 1500; @@ -973,7 +972,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) } /* Read device cert signed by the signer above */ - status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize,\ + status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize, &certBuffer[deviceCertSize]); if (ATCA_SUCCESS != status) { #ifdef WOLFSSL_ATECC_DEBUG @@ -984,8 +983,8 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx) return ret; } - ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,\ - (const unsigned char*)certBuffer, signerCertSize+deviceCertSize,\ + ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + (const unsigned char*)certBuffer, signerCertSize+deviceCertSize, WOLFSSL_FILETYPE_ASN1); if (ret != WOLFSSL_SUCCESS) { printf("Error registering certificate chain\r\n");