mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 13:40:49 +02:00
Addressed copilot's comments
This commit is contained in:
+3
-1
@@ -3013,6 +3013,9 @@ AC_ARG_WITH([cryptoauthlib],
|
||||
[with_cryptoauthlib=no])
|
||||
|
||||
AS_IF([test "x$with_cryptoauthlib" != "xno"], [
|
||||
AS_IF([test "x$ENABLED_ATMEL" = "xno"], [
|
||||
AC_MSG_ERROR([--with-cryptoauthlib requires --enable-microchip=<devices>.])
|
||||
])
|
||||
AC_MSG_CHECKING([for CryptoAuthLib])
|
||||
|
||||
libdir=""
|
||||
@@ -3029,7 +3032,6 @@ AS_IF([test "x$with_cryptoauthlib" != "xno"], [
|
||||
PKG_CHECK_MODULES([CRYPTOAUTHLIB], [cryptoauthlib], [
|
||||
CPPFLAGS="$CRYPTOAUTHLIB_CFLAGS $CPPFLAGS"
|
||||
CFLAGS="$CRYPTOAUTHLIB_CFLAGS $CFLAGS"
|
||||
LDFLAGS="$CRYPTOAUTHLIB_LIBS $LDFLAGS"
|
||||
LIBS="$CRYPTOAUTHLIB_LIBS $LIBS"
|
||||
cryptoauthlib_found="pkg-config"
|
||||
], [:])
|
||||
|
||||
+4
-2
@@ -287,6 +287,7 @@ ECC Curve Sizes:
|
||||
!defined(WOLFSSL_MICROCHIP_TA100) && \
|
||||
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
|
||||
!defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
|
||||
!defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) && \
|
||||
!defined(WOLFSSL_XILINX_CRYPT_VERSAL)
|
||||
#undef HAVE_ECC_VERIFY_HELPER
|
||||
#define HAVE_ECC_VERIFY_HELPER
|
||||
@@ -9357,9 +9358,10 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
byte hashIsZero = 0;
|
||||
word32 zIdx;
|
||||
#endif
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
|
||||
defined(WOLFSSL_MICROCHIP_TA100)
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
|
||||
byte sigRS[ATECC_KEY_SIZE*2];
|
||||
#elif defined(WOLFSSL_MICROCHIP_TA100)
|
||||
byte sigRS[ECC_MAX_CRYPTO_HW_SIZE*2];
|
||||
#elif defined(WOLFSSL_CRYPTOCELL)
|
||||
byte sigRS[ECC_MAX_CRYPTO_HW_SIZE*2];
|
||||
CRYS_ECDSA_VerifyUserContext_t sigCtxTemp;
|
||||
|
||||
@@ -119,9 +119,16 @@ Supported Features:
|
||||
RSA 2048 keygen/sign/verify
|
||||
ECC-P256 keygen/sign/verify/shared secret
|
||||
|
||||
WOLFSSL_MICROCHIP_AESGCM can be used to enable AES-GCM but
|
||||
AESGCM support is not yet available for TA100 in both
|
||||
cryptauthlib-v3.3.3_397871.zip and cryptauthlib-v3.6.0_443271.zip.
|
||||
WOLFSSL_MICROCHIP_AESGCM can be used to enable AES-GCM for TA100 when
|
||||
building against CryptoAuthLib v3.6.0_443271 or later. AES-GCM is not
|
||||
supported for TA100 with cryptauthlib-v3.3.3_397871.zip.
|
||||
|
||||
Current TA100 AES-GCM limitations:
|
||||
- IV size must be 12 bytes.
|
||||
- Authentication tag size must be 16 bytes for hardware decrypt, with
|
||||
shorter tags only supported for zero-length decrypt validation.
|
||||
- The combined AAD + payload size per hardware operation is limited to 996
|
||||
bytes.
|
||||
|
||||
|
||||
```
|
||||
|
||||
@@ -147,7 +147,7 @@ static int ateccx08a_cfg_initialized = 0;
|
||||
.devtype = MICROCHIP_DEV_TYPE,
|
||||
.atcai2c = {
|
||||
#ifdef ATCA_ENABLE_DEPRECATED
|
||||
.slave_addressus = 1,
|
||||
.slave_address = 1,
|
||||
#else
|
||||
.address = ATECC_I2C_ADDR,
|
||||
#endif
|
||||
@@ -451,13 +451,13 @@ int atmel_ecc_alloc(int slotType)
|
||||
break;
|
||||
#endif
|
||||
case ATMEL_SLOT_ECDHE_ALICE:
|
||||
/* not reserved in mSlotList, so return */
|
||||
/* reserve the fixed slot through the common allocation path */
|
||||
slotId = ATECC_SLOT_ECDHE_PRIV_ALICE;
|
||||
goto exit;
|
||||
break;
|
||||
case ATMEL_SLOT_ECDHE_BOB:
|
||||
/* not reserved in mSlotList, so return */
|
||||
/* reserve the fixed slot through the common allocation path */
|
||||
slotId = ATECC_SLOT_ECDHE_PRIV_BOB;
|
||||
goto exit;
|
||||
break;
|
||||
case ATMEL_SLOT_ANY:
|
||||
for (i=0; i < ATECC_MAX_SLOT; i++) {
|
||||
/* Find free slotId */
|
||||
@@ -475,8 +475,7 @@ int atmel_ecc_alloc(int slotType)
|
||||
}
|
||||
|
||||
/* is slot available */
|
||||
if (mSlotList[slotId] != ATECC_INVALID_SLOT &&
|
||||
mSlotList[slotId] != slotId ) {
|
||||
if (mSlotList[slotId] != ATECC_INVALID_SLOT) {
|
||||
slotId = ATECC_INVALID_SLOT;
|
||||
}
|
||||
else {
|
||||
@@ -894,13 +893,20 @@ int wc_Microchip_rsa_create_key(struct RsaKey* key, int size, long e)
|
||||
{
|
||||
ATCA_STATUS ret;
|
||||
ta_element_attributes_t rKeyA, uKeyA;
|
||||
size_t uKey_len = TA_KEY_TYPE_RSA2048_SIZE;
|
||||
size_t uKey_len = WOLFSSL_TA_KEY_TYPE_RSA_SIZE;
|
||||
|
||||
(void)size;
|
||||
(void)e;
|
||||
if (key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
if (size != (int)(WOLFSSL_TA_KEY_TYPE_RSA_SIZE * 8U)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
if (e != 0 && e != WC_RSA_EXPONENT) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* Private key for signing AND decryption */
|
||||
ret = talib_handle_init_private_key(&rKeyA, TA_KEY_TYPE_RSA2048,
|
||||
ret = talib_handle_init_private_key(&rKeyA, WOLFSSL_TA_KEY_TYPE_RSA,
|
||||
TA_ALG_MODE_RSA_SSA_PSS, TA_PROP_SIGN_INT_EXT_DIGEST,
|
||||
TA_PROP_KEY_AGREEMENT_OUT_BUFF);
|
||||
if (ret != ATCA_SUCCESS)
|
||||
@@ -913,7 +919,7 @@ int wc_Microchip_rsa_create_key(struct RsaKey* key, int size, long e)
|
||||
return WC_HW_E;
|
||||
|
||||
/* Public key - use 0, 0 for encryption support! */
|
||||
ret = talib_handle_init_public_key(&uKeyA, TA_KEY_TYPE_RSA2048,
|
||||
ret = talib_handle_init_public_key(&uKeyA, WOLFSSL_TA_KEY_TYPE_RSA,
|
||||
TA_ALG_MODE_RSA_SSA_PSS, 0, 0);
|
||||
if (ret != ATCA_SUCCESS)
|
||||
return WC_HW_E;
|
||||
@@ -952,7 +958,7 @@ int wc_Microchip_rsa_encrypt(const byte* in, word32 inLen, byte* out,
|
||||
printf("outLen: %u\n", outLen);
|
||||
printf("out: %p\n", out);
|
||||
#endif
|
||||
/* Use the 2048-specific function */
|
||||
/* The current wolfSSL TA100 backend uses the RSA-2048 RSAEnc path. */
|
||||
ret = talib_rsaenc_encrypt2048(atcab_get_device(), key->uKeyH,
|
||||
(uint16_t)inLen, in,
|
||||
(uint16_t)outLen, out);
|
||||
@@ -965,7 +971,7 @@ int wc_Microchip_rsa_decrypt(const byte* in, word32 inLen, byte* out,
|
||||
{
|
||||
int ret;
|
||||
|
||||
|
||||
/* The current wolfSSL TA100 backend uses the RSA-2048 RSAEnc path. */
|
||||
ret = talib_rsaenc_decrypt2048(atcab_get_device(), key->rKeyH,
|
||||
(uint16_t)inLen, in,
|
||||
(uint16_t)outLen, out);
|
||||
@@ -1320,7 +1326,7 @@ int atcatls_create_key_cb(WOLFSSL* ssl, ecc_key* key, unsigned int keySz,
|
||||
return WC_HW_WAIT_E;
|
||||
|
||||
/* generate new ephemeral key on device */
|
||||
ret = atmel_ecc_create_key(MAP_TO_HANDLE(slotId), ecc_curve, peerKey);
|
||||
ret = atmel_ecc_create_key(slotId, ecc_curve, peerKey);
|
||||
|
||||
/* load generated ECC508A public key into key, used by wolfSSL */
|
||||
if (ret == 0) {
|
||||
@@ -1397,8 +1403,7 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
|
||||
tmpKey.slot = slotId;
|
||||
|
||||
/* generate new ephemeral key on device */
|
||||
ret = atmel_ecc_create_key(MAP_TO_HANDLE(slotId), otherKey->dp->id,
|
||||
peerKey);
|
||||
ret = atmel_ecc_create_key(slotId, otherKey->dp->id, peerKey);
|
||||
if (ret != ATCA_SUCCESS) {
|
||||
atmel_ecc_free(slotId);
|
||||
goto exit;
|
||||
@@ -1673,6 +1678,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
|
||||
#endif
|
||||
|
||||
int ret = 0;
|
||||
ATCA_STATUS status;
|
||||
size_t signerCertSize = ATCATLS_SIGNER_CERT_MAX_SIZE;
|
||||
size_t deviceCertSize = ATCATLS_DEVICE_CERT_MAX_SIZE;
|
||||
uint8_t certBuffer[ATCATLS_CERT_BUFF_MAX_SIZE];
|
||||
@@ -1682,7 +1688,6 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ATECC_TNGTLS
|
||||
ATCA_STATUS status;
|
||||
ret = tng_atcacert_max_signer_cert_size(&signerCertSize);
|
||||
if (ret != ATCACERT_E_SUCCESS) {
|
||||
#ifdef WOLFSSL_ATECC_DEBUG
|
||||
@@ -1792,7 +1797,6 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
|
||||
return ret;
|
||||
}
|
||||
#endif /* ATCA_TFLEX_SUPPORT */
|
||||
#endif /* ATCA_TFLEX_SUPPORT */
|
||||
|
||||
int atcatls_set_callbacks(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
@@ -1931,11 +1935,12 @@ int wc_Microchip_aes_set_key(Aes* aes, const byte* key, word32 keylen,
|
||||
status = talib_aes_gcm_keyload(atcab_get_device(), aes->key_id, 0);
|
||||
CHECK_STATUS(status);
|
||||
|
||||
/* Test if data zone is locked */
|
||||
/* Provisioning must lock setup explicitly; do not lock it as a side
|
||||
* effect of loading an AES key. */
|
||||
status = talib_is_setup_locked(atcab_get_device(), &is_locked);
|
||||
CHECK_STATUS(status);
|
||||
if (!is_locked) {
|
||||
status = talib_lock_setup(atcab_get_device());
|
||||
CHECK_STATUS(status);
|
||||
return WC_HW_E;
|
||||
}
|
||||
|
||||
return atmel_ecc_translate_err(status);
|
||||
|
||||
@@ -128,9 +128,11 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
|
||||
#if defined(WOLFSSL_MICROCHIP_TA100)
|
||||
if (sig_len <= 0) {
|
||||
const RsaKey* r = (const RsaKey*)key;
|
||||
/* TA100 handles imply a 2048-bit RSA key. */
|
||||
/* TA100 stores hardware-backed RSA public keys outside
|
||||
* the software mp_int fields, so use the backend's fixed
|
||||
* public-key buffer size when handles are present. */
|
||||
if (r->rKeyH != 0 || r->uKeyH != 0) {
|
||||
sig_len = 256;
|
||||
sig_len = WOLFSSL_TA_KEY_TYPE_RSA_SIZE;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -182,14 +182,13 @@ WOLFSSL_LOCAL int wc_Microchip_rsa_encrypt(const byte* in, word32 inLen,
|
||||
WOLFSSL_LOCAL int wc_Microchip_rsa_decrypt(const byte* in, word32 inLen,
|
||||
byte* out, word32 outLen, RsaKey* key);
|
||||
|
||||
/* CryptoAuthLib defines larger TA100 RSA key types too, but the current
|
||||
* wolfSSL TA100 backend only wires up the RSAEnc path for RSA-2048. */
|
||||
#ifndef WOLFSSL_SP_NO_2048
|
||||
#define WOLFSSL_TA_KEY_TYPE_RSA TA_KEY_TYPE_RSA2048
|
||||
#define WOLFSSL_TA_KEY_TYPE_RSA_SIZE TA_KEY_TYPE_RSA2048_SIZE
|
||||
#elif !defined(WOLFSSL_SP_NO_3072)
|
||||
#define WOLFSSL_TA_KEY_TYPE_RSA TA_KEY_TYPE_RSA3072
|
||||
#define WOLFSSL_TA_KEY_TYPE_RSA_SIZE TA_KEY_TYPE_RSA3072_SIZE
|
||||
#else
|
||||
#error Microchip requires enabling 2048 or 3072 RSA.
|
||||
#error Current wolfSSL TA100 RSA backend requires 2048-bit RSA support.
|
||||
#endif
|
||||
|
||||
#endif /* NO_RSA */
|
||||
|
||||
@@ -226,7 +226,7 @@ struct RsaKey {
|
||||
#if defined(WOLFSSL_MICROCHIP_TA100)
|
||||
uint16_t rKeyH; /* private key handle */
|
||||
uint16_t uKeyH; /* public key handle */
|
||||
byte uKey[TA_KEY_TYPE_RSA2048_SIZE]; /* public key */
|
||||
byte uKey[WOLFSSL_TA_KEY_TYPE_RSA_SIZE]; /* public key */
|
||||
#endif
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
void* devCtx;
|
||||
@@ -517,4 +517,3 @@ WOLFSSL_API int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
|
||||
|
||||
#endif /* NO_RSA */
|
||||
#endif /* WOLF_CRYPT_RSA_H */
|
||||
|
||||
|
||||
Reference in New Issue
Block a user