Merge pull request #2052 from dgarske/atecc_fixes

Fixes for ATECC with PMS outlen and `ATECC_MAX_SLOT`
2019-01-25 14:26:09 -08:00 · 2019-01-25 14:26:09 -08:00 · 0d8ca06928
commit 0d8ca06928
parent d16c2ca7c6 7c4fa33937
6 changed files with 36 additions and 30 deletions
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c
@ -67,7 +67,7 @@ void my_atmel_slotInit()
 int my_atmel_alloc(int slotType)
 {
    int i, slot = -1;
- 
+
    ESP_LOGI(TAG, "Enter my_atmel_alloc");

    switch(slotType){
@ -101,11 +101,11 @@ int my_atmel_alloc(int slotType)
 void my_atmel_free(int slotId)
 {
    ESP_LOGI(TAG, "Enter my_atmel_alloc");
-    
-    if(slotId >= 0 && slotId <= ATECC_MAX_SLOT){
+
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
        mSlotList[slotId] = ATECC_INVALID_SLOT;
    }
-    
+
    ESP_LOGI(TAG, "Leave my_atmel_alloc");

 }
@ -183,7 +183,7 @@ void app_main(void)
    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
    #endif
 #endif
-    
+
    ESP_LOGI(TAG, "Start benchmark..");
    wolf_benchmark_task();

--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
@ -68,7 +68,7 @@ static void ShowCiphers(void)

 static byte mSlotList[ATECC_MAX_SLOT];

-int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, 
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
                                                atmel_slot_dealloc_cb dealloc);
 /* initialize slot array */
 void my_atmel_slotInit()
@ -111,7 +111,7 @@ int my_atmel_alloc(int slotType)
 /* free slot array       */
 void my_atmel_free(int slotId)
 {
-    if(slotId >= 0 && slotId <= ATECC_MAX_SLOT){
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
        mSlotList[slotId] = ATECC_INVALID_SLOT;
    }
 }
@ -163,7 +163,7 @@ void tls_smp_client_task()
         ESP_LOGE(TAG, "Failed to get host name.");
         ip4_addr = NULL;
    } else {
-         
+
         ip4_addr = (struct ip4_addr *)hp->h_addr;
         ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
    }
@ -187,7 +187,7 @@ void tls_smp_client_task()
            sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
            ESP_LOGE(TAG,"ERROR: failed to load chain %d, please check the file.\n",ret);
        }
-    
+
        if ((ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
            sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1))  != SSL_SUCCESS) {
            wolfSSL_CTX_free(ctx); ctx = NULL;
@ -231,7 +231,7 @@ void tls_smp_client_task()
        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL object\n");
    }

-    /* when using atecc608a on esp32-wroom-32se */ 
+    /* when using atecc608a on esp32-wroom-32se */
 #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
                                  && defined(WOLFSSL_ATECC508A)
    atcatls_set_callbacks(ctx);
@ -254,7 +254,7 @@ void tls_smp_client_task()
    /* Get a message for the server from stdin */
    WOLFSSL_MSG("Message for server: ");
    memset(buff, 0, sizeof(buff));
-    
+
    if(sendGet){
        printf("SSL connect ok, sending GET...\n");
        len = 28;
@ -283,7 +283,7 @@ void tls_smp_client_task()
    wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
    wolfSSL_Cleanup();     /* Cleanup the wolfSSL environment          */
    close(sockfd);         /* Close the connection to the server       */
-    
+
    vTaskDelete(NULL);

    return;                /* Return reporting a success               */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
@ -115,7 +115,7 @@ int my_atmel_alloc(int slotType)
 /* free slot array       */
 void my_atmel_free(int slotId)
 {
-    if(slotId >= 0 && slotId <= ATECC_MAX_SLOT){
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
        mSlotList[slotId] = ATECC_INVALID_SLOT;
    }
 }
@ -165,7 +165,7 @@ void tls_smp_server_task()
    }
    WOLFSSL_MSG("Loading certificate...");
    /* Load server certificates into WOLFSSL_CTX */
-    
+
    if ((ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
                        sizeof_server_cert_der_2048,
                        WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
@ -173,7 +173,7 @@ void tls_smp_server_task()
    }
    WOLFSSL_MSG("Loading key info...");
    /* Load server key into WOLFSSL_CTX */
-    
+
    if((ret=wolfSSL_CTX_use_PrivateKey_buffer(ctx,
                            server_key_der_2048, sizeof_server_key_der_2048,
                            WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -3897,6 +3897,7 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,

 #else
    (void)curveIn;
+    err = NOT_COMPILED_IN;
 #endif /* WOLFSSL_ATECC508A */

    /* change key state if public part is cached */
@ -3927,7 +3928,7 @@ int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut)

 int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
 {
-    int            err;
+    int err;
 #ifndef WOLFSSL_ATECC508A
 #ifndef WOLFSSL_SP_MATH
    DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT);
@ -3974,19 +3975,24 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */

 #ifdef WOLFSSL_ATECC508A
-   key->type = ECC_PRIVATEKEY;
-   key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE);
-   err = atmel_ecc_create_key(key->slot, key->pubkey_raw);
+   if (curve_id == ECC_SECP256R1) {
+       key->type = ECC_PRIVATEKEY;
+       key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE);
+       err = atmel_ecc_create_key(key->slot, key->pubkey_raw);

-   /* populate key->pubkey */
-   if (err == 0 && key->pubkey.x) {
-       err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw,
-                                  ECC_MAX_CRYPTO_HW_SIZE);
+       /* populate key->pubkey */
+       if (err == 0 && key->pubkey.x) {
+           err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw,
+                                      ECC_MAX_CRYPTO_HW_SIZE);
+       }
+       if (err == 0 && key->pubkey.y) {
+           err = mp_read_unsigned_bin(key->pubkey.y,
+                                      key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE,
+                                      ECC_MAX_CRYPTO_HW_SIZE);
+       }
   }
-   if (err == 0 && key->pubkey.y) {
-       err = mp_read_unsigned_bin(key->pubkey.y,
-                                  key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE,
-                                  ECC_MAX_CRYPTO_HW_SIZE);
+   else {
+      err = NOT_COMPILED_IN;
   }
 #else

--- a/wolfcrypt/src/port/atmel/atmel.c
+++ b/wolfcrypt/src/port/atmel/atmel.c
@ -402,7 +402,7 @@ int atmel_init(void)
    #endif

        /* Init the free slotId list */
-        for (i=0; i<=ATECC_MAX_SLOT; i++) {
+        for (i=0; i<ATECC_MAX_SLOT; i++) {
            if (i == ATECC_SLOT_AUTH_PRIV || i == ATECC_SLOT_I2C_ENC) {
                mSlotList[i] = i;
            }
@ -603,7 +603,7 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
        }

        ret = atmel_ecc_create_pms(tmpKey.slot, peerKey, out);
-        *outlen = ATECC_SIG_SIZE;
+        *outlen = ATECC_KEY_SIZE;

    #ifndef WOLFSSL_ATECC508A_NOIDLE
        /* put chip into idle to prevent watchdog situation on chip */
--- a/wolfssl/wolfcrypt/port/atmel/atmel.h
+++ b/wolfssl/wolfcrypt/port/atmel/atmel.h
@ -39,7 +39,7 @@
 #define ATECC_PUBKEY_SIZE   (ATECC_KEY_SIZE*2) /* X and Y */
 #define ATECC_SIG_SIZE      (ATECC_KEY_SIZE*2) /* R and S */
 #ifndef ATECC_MAX_SLOT
-#define ATECC_MAX_SLOT      (0x7) /* Only use 0-7 */
+#define ATECC_MAX_SLOT      (0x8) /* Only use 0-7 */
 #endif
 #define ATECC_INVALID_SLOT  (0xFF)