Addressed copilot's comments

Author: danielinux

configure.ac

@@ -3013,6 +3013,9 @@ AC_ARG_WITH([cryptoauthlib],
     [with_cryptoauthlib=no])
 
 AS_IF([test "x$with_cryptoauthlib" != "xno"], [
+    AS_IF([test "x$ENABLED_ATMEL" = "xno"], [
+        AC_MSG_ERROR([--with-cryptoauthlib requires --enable-microchip=<devices>.])
+    ])
     AC_MSG_CHECKING([for CryptoAuthLib])
 
     libdir=""
@@ -3029,7 +3032,6 @@ AS_IF([test "x$with_cryptoauthlib" != "xno"], [
         PKG_CHECK_MODULES([CRYPTOAUTHLIB], [cryptoauthlib], [
             CPPFLAGS="$CRYPTOAUTHLIB_CFLAGS $CPPFLAGS"
             CFLAGS="$CRYPTOAUTHLIB_CFLAGS $CFLAGS"
-            LDFLAGS="$CRYPTOAUTHLIB_LIBS $LDFLAGS"
             LIBS="$CRYPTOAUTHLIB_LIBS $LIBS"
             cryptoauthlib_found="pkg-config"
         ], [:])

wolfcrypt/src/ecc.c

@@ -287,6 +287,7 @@ ECC Curve Sizes:
     !defined(WOLFSSL_MICROCHIP_TA100) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
     !defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
+    !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) && \
     !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
     #undef  HAVE_ECC_VERIFY_HELPER
     #define HAVE_ECC_VERIFY_HELPER
@@ -9341,9 +9342,10 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 #else
    int           err;
    word32        keySz = 0;
-#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
-    defined(WOLFSSL_MICROCHIP_TA100)
+#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
    byte sigRS[ATECC_KEY_SIZE*2];
+#elif defined(WOLFSSL_MICROCHIP_TA100)
+   byte sigRS[ECC_MAX_CRYPTO_HW_SIZE*2];
 #elif defined(WOLFSSL_CRYPTOCELL)
    byte sigRS[ECC_MAX_CRYPTO_HW_SIZE*2];
    CRYS_ECDSA_VerifyUserContext_t sigCtxTemp;

wolfcrypt/src/port/atmel/README.md

@@ -119,9 +119,16 @@ Supported Features:
 RSA 2048 keygen/sign/verify
 ECC-P256 keygen/sign/verify/shared secret
 
-WOLFSSL_MICROCHIP_AESGCM can be used to enable AES-GCM but
-AESGCM support is not yet available for TA100 in both
-cryptauthlib-v3.3.3_397871.zip and cryptauthlib-v3.6.0_443271.zip.
+WOLFSSL_MICROCHIP_AESGCM can be used to enable AES-GCM for TA100 when
+building against CryptoAuthLib v3.6.0_443271 or later. AES-GCM is not
+supported for TA100 with cryptauthlib-v3.3.3_397871.zip.
+
+Current TA100 AES-GCM limitations:
+- IV size must be 12 bytes.
+- Authentication tag size must be 16 bytes for hardware decrypt, with
+  shorter tags only supported for zero-length decrypt validation.
+- The combined AAD + payload size per hardware operation is limited to 996
+  bytes.
 
 
 ```

wolfcrypt/src/port/atmel/atmel.c

@@ -147,7 +147,7 @@ static int ateccx08a_cfg_initialized = 0;
         .devtype    = MICROCHIP_DEV_TYPE,
         .atcai2c = {
             #ifdef ATCA_ENABLE_DEPRECATED
-                .slave_addressus = 1,
+                .slave_address = 1,
             #else
                 .address = ATECC_I2C_ADDR,
             #endif
@@ -451,13 +451,13 @@ int atmel_ecc_alloc(int slotType)
                 break;
             #endif
             case ATMEL_SLOT_ECDHE_ALICE:
-                /* not reserved in mSlotList, so return */
+                /* reserve the fixed slot through the common allocation path */
                 slotId = ATECC_SLOT_ECDHE_PRIV_ALICE;
-                goto exit;
+                break;
             case ATMEL_SLOT_ECDHE_BOB:
-                /* not reserved in mSlotList, so return */
+                /* reserve the fixed slot through the common allocation path */
                 slotId = ATECC_SLOT_ECDHE_PRIV_BOB;
-                goto exit;
+                break;
             case ATMEL_SLOT_ANY:
                 for (i=0; i < ATECC_MAX_SLOT; i++) {
                     /* Find free slotId */
@@ -475,8 +475,7 @@ int atmel_ecc_alloc(int slotType)
         }
 
         /* is slot available */
-        if (mSlotList[slotId] != ATECC_INVALID_SLOT &&
-            mSlotList[slotId] != slotId ) {
+        if (mSlotList[slotId] != ATECC_INVALID_SLOT) {
             slotId = ATECC_INVALID_SLOT;
         }
         else {
@@ -884,13 +883,20 @@ int wc_Microchip_rsa_create_key(struct RsaKey* key, int size, long e)
 {
     ATCA_STATUS ret;
     ta_element_attributes_t rKeyA, uKeyA;
-    size_t uKey_len = TA_KEY_TYPE_RSA2048_SIZE;
+    size_t uKey_len = WOLFSSL_TA_KEY_TYPE_RSA_SIZE;
 
-    (void)size;
-    (void)e;
+    if (key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (size != (int)(WOLFSSL_TA_KEY_TYPE_RSA_SIZE * 8U)) {
+        return BAD_FUNC_ARG;
+    }
+    if (e != 0 && e != WC_RSA_EXPONENT) {
+        return BAD_FUNC_ARG;
+    }
 
     /* Private key for signing AND decryption */
-    ret = talib_handle_init_private_key(&rKeyA, TA_KEY_TYPE_RSA2048,
+    ret = talib_handle_init_private_key(&rKeyA, WOLFSSL_TA_KEY_TYPE_RSA,
             TA_ALG_MODE_RSA_SSA_PSS, TA_PROP_SIGN_INT_EXT_DIGEST,
             TA_PROP_KEY_AGREEMENT_OUT_BUFF);
     if (ret != ATCA_SUCCESS)
@@ -903,7 +909,7 @@ int wc_Microchip_rsa_create_key(struct RsaKey* key, int size, long e)
         return WC_HW_E;
 
     /* Public key - use 0, 0 for encryption support! */
-    ret = talib_handle_init_public_key(&uKeyA, TA_KEY_TYPE_RSA2048,
+    ret = talib_handle_init_public_key(&uKeyA, WOLFSSL_TA_KEY_TYPE_RSA,
             TA_ALG_MODE_RSA_SSA_PSS, 0, 0);
     if (ret != ATCA_SUCCESS)
         return WC_HW_E;
@@ -942,7 +948,7 @@ int wc_Microchip_rsa_encrypt(const byte* in, word32 inLen, byte* out,
     printf("outLen: %u\n", outLen);
     printf("out: %p\n", out);
 #endif
-    /* Use the 2048-specific function */
+    /* The current wolfSSL TA100 backend uses the RSA-2048 RSAEnc path. */
     ret = talib_rsaenc_encrypt2048(atcab_get_device(), key->uKeyH,
                                    (uint16_t)inLen, in,
                                    (uint16_t)outLen, out);
@@ -955,7 +961,7 @@ int wc_Microchip_rsa_decrypt(const byte* in, word32 inLen, byte* out,
 {
     int ret;
 
-
+    /* The current wolfSSL TA100 backend uses the RSA-2048 RSAEnc path. */
     ret = talib_rsaenc_decrypt2048(atcab_get_device(), key->rKeyH,
                                    (uint16_t)inLen, in,
                                    (uint16_t)outLen, out);
@@ -1310,7 +1316,7 @@ int atcatls_create_key_cb(WOLFSSL* ssl, ecc_key* key, unsigned int keySz,
             return WC_HW_WAIT_E;
 
         /* generate new ephemeral key on device */
-        ret = atmel_ecc_create_key(MAP_TO_HANDLE(slotId), ecc_curve, peerKey);
+        ret = atmel_ecc_create_key(slotId, ecc_curve, peerKey);
 
         /* load generated ECC508A public key into key, used by wolfSSL */
         if (ret == 0) {
@@ -1387,8 +1393,7 @@ int atcatls_create_pms_cb(WOLFSSL* ssl, ecc_key* otherKey,
             tmpKey.slot = slotId;
 
             /* generate new ephemeral key on device */
-            ret = atmel_ecc_create_key(MAP_TO_HANDLE(slotId), otherKey->dp->id,
-                                                     peerKey);
+            ret = atmel_ecc_create_key(slotId, otherKey->dp->id, peerKey);
             if (ret != ATCA_SUCCESS) {
                 atmel_ecc_free(slotId);
                 goto exit;
@@ -1663,6 +1668,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
     #endif
 
     int ret = 0;
+    ATCA_STATUS status;
     size_t signerCertSize = ATCATLS_SIGNER_CERT_MAX_SIZE;
     size_t deviceCertSize = ATCATLS_DEVICE_CERT_MAX_SIZE;
     uint8_t certBuffer[ATCATLS_CERT_BUFF_MAX_SIZE];
@@ -1672,7 +1678,6 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
 #endif
 
 #ifdef WOLFSSL_ATECC_TNGTLS
-    ATCA_STATUS status;
     ret = tng_atcacert_max_signer_cert_size(&signerCertSize);
     if (ret != ATCACERT_E_SUCCESS) {
     #ifdef WOLFSSL_ATECC_DEBUG
@@ -1782,7 +1787,6 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
     return ret;
 }
 #endif /* ATCA_TFLEX_SUPPORT */
-#endif /* ATCA_TFLEX_SUPPORT */
 
 int atcatls_set_callbacks(WOLFSSL_CTX* ctx)
 {
@@ -1921,11 +1925,12 @@ int wc_Microchip_aes_set_key(Aes* aes, const byte* key, word32 keylen,
     status = talib_aes_gcm_keyload(atcab_get_device(), aes->key_id, 0);
     CHECK_STATUS(status);
 
-    /* Test if data zone is locked */
+    /* Provisioning must lock setup explicitly; do not lock it as a side
+     * effect of loading an AES key. */
     status = talib_is_setup_locked(atcab_get_device(), &is_locked);
+    CHECK_STATUS(status);
     if (!is_locked) {
-        status = talib_lock_setup(atcab_get_device());
-        CHECK_STATUS(status);
+        return WC_HW_E;
     }
 
     return atmel_ecc_translate_err(status);

wolfcrypt/src/signature.c

@@ -128,9 +128,11 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
 #if defined(WOLFSSL_MICROCHIP_TA100)
                 if (sig_len <= 0) {
                     const RsaKey* r = (const RsaKey*)key;
-                    /* TA100 handles imply a 2048-bit RSA key. */
+                    /* TA100 stores hardware-backed RSA public keys outside
+                     * the software mp_int fields, so use the backend's fixed
+                     * public-key buffer size when handles are present. */
                     if (r->rKeyH != 0 || r->uKeyH != 0) {
-                        sig_len = 256;
+                        sig_len = WOLFSSL_TA_KEY_TYPE_RSA_SIZE;
                     }
                 }
 #endif

wolfssl/wolfcrypt/port/atmel/atmel.h

@@ -182,14 +182,13 @@ WOLFSSL_LOCAL int wc_Microchip_rsa_encrypt(const byte* in, word32 inLen,
 WOLFSSL_LOCAL int wc_Microchip_rsa_decrypt(const byte* in, word32 inLen,
                                          byte* out, word32 outLen, RsaKey* key);
 
+/* CryptoAuthLib defines larger TA100 RSA key types too, but the current
+ * wolfSSL TA100 backend only wires up the RSAEnc path for RSA-2048. */
 #ifndef WOLFSSL_SP_NO_2048
     #define WOLFSSL_TA_KEY_TYPE_RSA TA_KEY_TYPE_RSA2048
     #define WOLFSSL_TA_KEY_TYPE_RSA_SIZE TA_KEY_TYPE_RSA2048_SIZE
-#elif !defined(WOLFSSL_SP_NO_3072)
-    #define WOLFSSL_TA_KEY_TYPE_RSA TA_KEY_TYPE_RSA3072
-    #define WOLFSSL_TA_KEY_TYPE_RSA_SIZE TA_KEY_TYPE_RSA3072_SIZE
 #else
-    #error Microchip requires enabling 2048 or 3072 RSA.
+    #error Current wolfSSL TA100 RSA backend requires 2048-bit RSA support.
 #endif
 
 #endif /* NO_RSA */

wolfssl/wolfcrypt/rsa.h

@@ -226,7 +226,7 @@ struct RsaKey {
 #if defined(WOLFSSL_MICROCHIP_TA100)
     uint16_t  rKeyH;        /* private key handle */
     uint16_t  uKeyH;        /* public key handle */
-    byte uKey[TA_KEY_TYPE_RSA2048_SIZE]; /* public key */
+    byte uKey[WOLFSSL_TA_KEY_TYPE_RSA_SIZE]; /* public key */
 #endif
 #ifdef WOLF_CRYPTO_CB
     void* devCtx;
@@ -517,4 +517,3 @@ WOLFSSL_API int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
 
 #endif /* NO_RSA */
 #endif /* WOLF_CRYPT_RSA_H */
-