[TA-100] Fixed ECC384. Adding RSA.

Author: danielinux

wolfcrypt/src/ecc.c

@@ -4708,7 +4708,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
     defined(WOLFSSL_MICROCHIP_TA100)
    /* For SECP256R1 use hardware */
-   if (private_key->dp->id == ECC_SECP256R1) {
+   if (private_key->dp->id == ECC_SECP256R1 &&
+       private_key->slot != ATECC_INVALID_SLOT) {
        err = atmel_ecc_create_pms(private_key->slot, public_key->pubkey_raw, out);
        *outlen = private_key->dp->size;
    }
@@ -5616,6 +5617,21 @@ int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng)
     return err;
 }
 
+#if defined(WOLFSSL_MICROCHIP_TA100)
+static WC_INLINE int ta100_curve_id_for_key(const ecc_key* key)
+{
+    if (key != NULL && key->dp != NULL) {
+        switch (key->dp->size) {
+            case 28: return ECC_SECP224R1;
+            case 32: return ECC_SECP256R1;
+            case 48: return ECC_SECP384R1;
+            default: return key->dp->id;
+        }
+    }
+    return ECC_CURVE_DEF;
+}
+#endif
+
 
 static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
         int curve_id, int flags)
@@ -5712,12 +5728,17 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
         key->dp->id == ECC_SECP256K1 ||
         key->dp->id == ECC_BRAINPOOLP256R1) { /* supports more than ECC256R1 curve */
 #else
-    if (key->dp->id == ECC_SECP256R1) {
+    if (key->dp->id == ECC_SECP256R1 ||
+        key->dp->id == ECC_SECP224R1 ||
+        key->dp->id == ECC_SECP384R1 ||
+        key->dp->id == ECC_SECP256K1 ||
+        key->dp->id == ECC_BRAINPOOLP256R1) {
 #endif
        key->type = ECC_PRIVATEKEY;
        if (key->slot == ATECC_INVALID_SLOT)
            key->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE);
-       err = atmel_ecc_create_key(key->slot, curve_id, key->pubkey_raw);
+       err = atmel_ecc_create_key(key->slot, ta100_curve_id_for_key(key),
+           key->pubkey_raw);
 
        /* populate key->pubkey */
        if (err == 0
@@ -5726,16 +5747,16 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
        #endif
        ) {
            err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw,
-                                      ECC_MAX_CRYPTO_HW_SIZE);
+                                      (word32)key->dp->size);
        }
        if (err == 0
        #ifdef ALT_ECC_SIZE
           && key->pubkey.y
        #endif
        ) {
            err = mp_read_unsigned_bin(key->pubkey.y,
-                                      key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE,
-                                      ECC_MAX_CRYPTO_HW_SIZE);
+                                      key->pubkey_raw + key->dp->size,
+                                      (word32)key->dp->size);
        }
    }
    else {
@@ -6210,6 +6231,14 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
     defined(WOLFSSL_MICROCHIP_TA100)
     key->slot = ATECC_INVALID_SLOT;
+#ifdef WOLFSSL_MICROCHIP_TA100
+    /* TA100 needs pubkey initialized to populate after genkey */
+    ret = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z,
+                        NULL, NULL, NULL);
+    if (ret != MP_OKAY) {
+        return MEMORY_E;
+    }
+#endif
 #else
 #if defined(WOLFSSL_KCAPI_ECC)
     key->handle = NULL;
@@ -6451,9 +6480,22 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
 
     #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
          defined(WOLFSSL_MICROCHIP_TA100)
+#if defined(WOLFSSL_MICROCHIP_TA100)
+        if (ta100_curve_id_for_key(key) == ECC_SECP256R1) {
+            (void)inlen;
+            /* Sign: Result is 32-bytes of R then 32-bytes of S */
+            err = atmel_ecc_sign(key->slot, in, out);
+        }
+        else {
+            /* Sign: Result is raw R||S */
+            err = atmel_ecc_sign_ex(key->slot, ta100_curve_id_for_key(key),
+                in, inlen, out);
+        }
+#else
         (void)inlen;
         /* Sign: Result is 32-bytes of R then 32-bytes of S */
         err = atmel_ecc_sign(key->slot, in, out);
+#endif
 
         if (err != 0) {
            return err;
@@ -9284,8 +9326,22 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
     }
 #endif /* WOLFSSL_SE050 */
 
-#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
-    defined(WOLFSSL_MICROCHIP_TA100)
+#if defined(WOLFSSL_MICROCHIP_TA100)
+    if (ta100_curve_id_for_key(key) == ECC_SECP256R1) {
+        err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res);
+        if (err != 0) {
+            return err;
+        }
+        (void)hashlen;
+    }
+    else {
+        err = atmel_ecc_verify_ex(hash, hashlen, sigRS, key->pubkey_raw,
+            keySz * 2, ta100_curve_id_for_key(key), res);
+        if (err != 0) {
+           return err;
+        }
+    }
+#elif defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
     err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res);
     if (err != 0) {
        return err;

wolfcrypt/src/port/atmel/atmel.c

@@ -648,6 +648,21 @@ static uint8_t getCurveType(int curve_id)
     }
 }
 #endif /* WOLFSSL_MICROCHIP_TA100 */
+
+#ifdef WOLFSSL_MICROCHIP_TA100
+static int getCurveSizeBytes(int curve_id)
+{
+    switch (curve_id) {
+        case ECC_SECP224R1: return 28;
+        case ECC_SECP256R1: return 32;
+        case ECC_SECP384R1: return 48;
+        case ECC_SECP256K1: return 32;
+        case ECC_BRAINPOOLP256R1: return 32;
+        case ECC_CURVE_DEF: return 32;
+        default: return -1;
+    }
+}
+#endif /* WOLFSSL_MICROCHIP_TA100 */
 int atmel_ecc_create_key(int slotId, int curve_id, byte* peerKey)
 {
     int ret;
@@ -665,9 +680,55 @@ int atmel_ecc_create_key(int slotId, int curve_id, byte* peerKey)
 
 #endif
     /* generate new ephemeral key on device */
+#ifdef WOLFSSL_MICROCHIP_TA100
+    #if defined(TA100_ECC_TRACE)
+    printf("[TA100] atmel_ecc_create_key: slot=%d curve_id=%d curve_size=%d curve_type=%d\r\n",
+        slotId, curve_id, getCurveSizeBytes(curve_id), getCurveType(curve_id));
+#endif
+    {
+        ATCA_STATUS status;
+        ta_element_attributes_t key_attr;
+        uint8_t is_valid = 0;
+        int curve_size = getCurveSizeBytes(curve_id);
+        int curve_type = getCurveType(curve_id);
+        size_t pubkey_len = (size_t)(curve_size * 2);
+
+        if (curve_size <= 0 || curve_type == MICROCHIP_INVALID_ECC)
+            return NOT_COMPILED_IN;
+
+        status = talib_is_handle_valid(atcab_get_device(),
+            (uint32_t)MAP_TO_HANDLE(slotId), &is_valid);
+        if (status == ATCA_SUCCESS && is_valid == 0x01) {
+            status = talib_delete_handle(atcab_get_device(),
+                (uint32_t)MAP_TO_HANDLE(slotId));
+        }
+        if (status != ATCA_SUCCESS)
+            return atmel_ecc_translate_err(status);
+
+        status = talib_handle_init_private_key(&key_attr,
+            (uint8_t)curve_type, TA_ALG_MODE_ECC_ECDSA,
+            TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_KEY_AGREEMENT_OUT_BUFF);
+        if (status != ATCA_SUCCESS)
+            return atmel_ecc_translate_err(status);
+
+        ta100_fix_property_endian(&key_attr);
+        status = talib_create_element_with_handle(atcab_get_device(),
+            (uint32_t)MAP_TO_HANDLE(slotId), &key_attr);
+        if (status != ATCA_SUCCESS)
+            return atmel_ecc_translate_err(status);
+
+        status = talib_genkey_base(atcab_get_device(), TA_KEYGEN_MODE_NEWKEY,
+            (uint32_t)MAP_TO_HANDLE(slotId), peerKey, &pubkey_len);
+        #if defined(TA100_ECC_TRACE)
+        printf("[TA100] atmel_ecc_create_key: genkey status=%d pubkey_len=%u\r\n",
+            status, (unsigned)pubkey_len);
+#endif
+        return atmel_ecc_translate_err(status);
+    }
+#endif
+
     ret = atcab_genkey(MAP_TO_HANDLE(slotId), peerKey);
-    ret = atmel_ecc_translate_err(ret);
-    return ret;
+    return atmel_ecc_translate_err(ret);
 }
 
 int atmel_ecc_sign(int slotId, const byte* message, byte* signature)
@@ -692,6 +753,111 @@ int atmel_ecc_verify(const byte* message, const byte* signature,
     return ret;
 }
 
+#ifdef WOLFSSL_MICROCHIP_TA100
+int atmel_ecc_sign_ex(int slotId, int curve_id, const byte* message,
+    word32 message_len, byte* signature)
+{
+    int ret;
+    int curve_size = getCurveSizeBytes(curve_id);
+    int curve_type = getCurveType(curve_id);
+    uint16_t sign_size;
+    const byte* msg = message;
+    uint16_t msg_len;
+    byte tmp_msg[TA_SIGN_P384_MSG_SIZE];
+    byte tmp_sig[TA_SIGN_P384_SIG_SIZE];
+
+    if (curve_size <= 0 || curve_type == MICROCHIP_INVALID_ECC)
+        return NOT_COMPILED_IN;
+
+    sign_size = (uint16_t)(curve_size * 2);
+    if (sign_size > sizeof(tmp_sig))
+        return BAD_FUNC_ARG;
+    msg_len = (uint16_t)message_len;
+    if (msg_len != (uint16_t)curve_size) {
+        if (msg_len > (uint16_t)curve_size) {
+            msg_len = (uint16_t)curve_size;
+        } else {
+            XMEMSET(tmp_msg, 0, (word32)curve_size);
+            XMEMCPY(tmp_msg + (curve_size - msg_len), message, msg_len);
+            msg = tmp_msg;
+            msg_len = (uint16_t)curve_size;
+        }
+    }
+    #if defined(TA100_ECC_TRACE)
+    printf("[TA100] atmel_ecc_sign_ex: curve_size=%d msg_len=%u\r\n",
+        curve_size, (unsigned)msg_len);
+    #endif
+    ret = talib_sign_external(atcab_get_device(), (uint8_t)curve_type,
+        MAP_TO_HANDLE(slotId), TA_HANDLE_INPUT_BUFFER, msg,
+        msg_len, tmp_sig, &sign_size);
+
+    if (ret != ATCA_SUCCESS)
+        return atmel_ecc_translate_err(ret);
+
+    /* Always return raw R||S, each padded to curve size */
+    XMEMSET(signature, 0, (word32)(curve_size * 2));
+    if (sign_size == (uint16_t)(curve_size * 2)) {
+        XMEMCPY(signature, tmp_sig, sign_size);
+    }
+    else if ((sign_size % 2) == 0 && sign_size < (uint16_t)(curve_size * 2)) {
+        uint16_t half = (uint16_t)(sign_size / 2);
+        if (half > (uint16_t)curve_size)
+            return BAD_FUNC_ARG;
+        XMEMCPY(signature + (curve_size - half), tmp_sig, half);
+        XMEMCPY(signature + curve_size + (curve_size - half),
+            tmp_sig + half, half);
+    }
+    else {
+        return ASN_PARSE_E;
+    }
+
+    return 0;
+}
+
+int atmel_ecc_verify_ex(const byte* message, word32 message_len,
+    const byte* signature, const byte* pubkey, word32 pubkey_len,
+    int curve_id, int* pVerified)
+{
+    int ret;
+    int curve_size = getCurveSizeBytes(curve_id);
+    int curve_type = getCurveType(curve_id);
+    uint16_t sig_len;
+    const byte* msg = message;
+    uint16_t msg_len;
+    byte tmp_msg[TA_VERIFY_P384_MSG_SIZE];
+    bool verified = false;
+
+    if (curve_size <= 0 || curve_type == MICROCHIP_INVALID_ECC)
+        return NOT_COMPILED_IN;
+
+    sig_len = (uint16_t)(curve_size * 2);
+    msg_len = (uint16_t)message_len;
+    if (msg_len != (uint16_t)curve_size) {
+        if (msg_len > (uint16_t)curve_size) {
+            msg_len = (uint16_t)curve_size;
+        } else {
+            XMEMSET(tmp_msg, 0, (word32)curve_size);
+            XMEMCPY(tmp_msg + (curve_size - msg_len), message, msg_len);
+            msg = tmp_msg;
+            msg_len = (uint16_t)curve_size;
+        }
+    }
+    #if defined(TA100_ECC_TRACE)
+    printf("[TA100] atmel_ecc_verify_ex: curve_size=%d msg_len=%u\r\n",
+        curve_size, (unsigned)msg_len);
+    #endif
+    ret = talib_verify(atcab_get_device(), (uint8_t)curve_type,
+        TA_HANDLE_INPUT_BUFFER, TA_HANDLE_INPUT_BUFFER, signature, sig_len,
+        msg, msg_len, pubkey, (uint16_t)pubkey_len,
+        &verified);
+
+    ret = atmel_ecc_translate_err(ret);
+    if (pVerified)
+        *pVerified = (int)verified;
+    return ret;
+}
+#endif /* WOLFSSL_MICROCHIP_TA100 */
+
 #endif /* HAVE_ECC */
 #endif /* WOLFSSL_ATECC508A || WOLFSSL_ATECC608A || WOLFSSL_MICROCHIP_TA100 */
 
@@ -1335,7 +1501,11 @@ int atcatls_sign_certificate_cb(WOLFSSL* ssl, const byte* in, unsigned int inSz,
         return WC_HW_WAIT_E;
 
     /* We can only sign with P-256 */
+#ifdef WOLFSSL_MICROCHIP_TA100
+    ret = atmel_ecc_sign_ex(slotId, ECC_SECP256R1, in, inSz, sigRs);
+#else
     ret = atmel_ecc_sign(MAP_TO_HANDLE(slotId), in, sigRs);
+#endif
     if (ret != ATCA_SUCCESS) {
         ret = WC_HW_E; goto exit;
     }

wolfcrypt/src/rsa.c

@@ -3385,12 +3385,17 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
     #elif defined(WOLFSSL_MICROCHIP_TA100)
         if (rsa_type == RSA_PUBLIC_ENCRYPT &&
                                             pad_value == RSA_BLOCK_TYPE_2) {
-
-            return wc_Microchip_rsa_encrypt(in, inLen, out, outLen, key);
+            if (key->uKeyH != 0) {
+                return wc_Microchip_rsa_encrypt(in, inLen, out, outLen, key);
+            }
+            return WC_HW_E;
         }
         else if (rsa_type == RSA_PRIVATE_ENCRYPT &&
                                          pad_value == RSA_BLOCK_TYPE_1) {
-            return wc_Microchip_rsa_sign(in, inLen, out, outLen, key);
+            if (key->rKeyH != 0) {
+                return wc_Microchip_rsa_sign(in, inLen, out, outLen, key);
+            }
+            return WC_HW_E;
         }
     #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
         if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) {
@@ -3557,13 +3562,18 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
     #elif defined(WOLFSSL_MICROCHIP_TA100)
         if (rsa_type == RSA_PRIVATE_DECRYPT &&
                                             pad_value == RSA_BLOCK_TYPE_2) {
-
-            return wc_Microchip_rsa_decrypt(in, inLen, out, outLen, key);
+            if (key->rKeyH != 0) {
+                return wc_Microchip_rsa_decrypt(in, inLen, out, outLen, key);
+            }
+            return WC_HW_E;
         }
         else if (rsa_type == RSA_PUBLIC_DECRYPT &&
                                          pad_value == RSA_BLOCK_TYPE_1) {
-            int tmp;
-            return wc_Microchip_rsa_verify(in, inLen, out, outLen, key, &tmp);
+            if (key->uKeyH != 0) {
+                int tmp;
+                return wc_Microchip_rsa_verify(in, inLen, out, outLen, key, &tmp);
+            }
+            return WC_HW_E;
         }
     #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
         if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) {
@@ -4415,6 +4425,12 @@ int wc_RsaEncryptSize(const RsaKey* key)
 
     ret = mp_unsigned_bin_size(&key->n);
 
+#if defined(WOLFSSL_MICROCHIP_TA100)
+    if (ret == 0 && (key->rKeyH != 0 || key->uKeyH != 0)) {
+        ret = 2048 / 8;
+    }
+#endif
+
 #ifdef WOLF_CRYPTO_CB
     if (ret == 0 && key->devId != INVALID_DEVID) {
         if (wc_CryptoCb_RsaGetSize(key, &ret) == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {