[Microchip TA-100] Fix port + update to cryptoauthlib v3.6.0

configure.ac

@@ -3018,48 +3018,154 @@ AC_ARG_WITH([maxq10xx],
     ]
 )
 
+AC_ARG_ENABLE([microchip],
+    [AS_HELP_STRING([--enable-microchip],[Enable wolfSSL support for microchip/atmel 508/608/100 (default: disabled)])],
+    [ ENABLED_ATMEL=$enableval ],
+    [ ENABLED_ATMEL=no ]
+    )
+
+if test "$ENABLED_ATMEL" != "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MICROCHIP"
+
+    for v in `echo $ENABLED_ATMEL | tr "," " "`
+    do
+      case $v in
+        508)
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
+            ;;
+
+        608)
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC608A"
+            ;;
+
+        100)
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MICROCHIP_TA100 -DMICROCHIP_DEV_TYPE=TA100"
+            ;;
+      esac
+    done
+fi
+
+
 # Microchip/Atmel CryptoAuthLib
 ENABLED_CRYPTOAUTHLIB="no"
-trylibatcadir=""
 AC_ARG_WITH([cryptoauthlib],
-    [AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])],
-    [
-        AC_MSG_CHECKING([for cryptoauthlib])
-        CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A"
-        LIBS="$LIBS -lcryptoauth"
-
-        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
+    [AS_HELP_STRING([--with-cryptoauthlib=PATH],
+                    [PATH to CryptoAuthLib install (default: system paths)])],
+    [with_cryptoauthlib=$withval],
+    [with_cryptoauthlib=no])
+
+AS_IF([test "x$with_cryptoauthlib" != "xno"], [
+    AC_MSG_CHECKING([for CryptoAuthLib])
+
+    libdir=""
+    incdir=""
+    cryptoauthlib_found="no"
+
+    saved_LIBS="$LIBS"
+    saved_LDFLAGS="$LDFLAGS"
+    saved_CPPFLAGS="$CPPFLAGS"
+    saved_CFLAGS="$CFLAGS"
+
+    # Method 1: Try pkg-config first (most reliable)
+    PKG_CHECK_MODULES([CRYPTOAUTHLIB], [cryptoauthlib], [
+        CPPFLAGS="$CRYPTOAUTHLIB_CFLAGS $CPPFLAGS"
+        CFLAGS="$CRYPTOAUTHLIB_CFLAGS $CFLAGS"
+        LDFLAGS="$CRYPTOAUTHLIB_LIBS $LDFLAGS"
+        LIBS="$CRYPTOAUTHLIB_LIBS $LIBS"
+        cryptoauthlib_found="pkg-config"
+    ], [
+        # Method 2: Manual search
+        AS_IF([test "x$with_cryptoauthlib" = "xyes"], [
+            search_dirs="/usr /usr/local"
+        ], [
+            search_dirs="$with_cryptoauthlib"
+        ])
 
-        if test "x$libatca_linked" = "xno" ; then
-            if test "x$withval" != "xno" ; then
-                trylibatcadir=$withval
-            fi
-            if test "x$withval" = "xyes" ; then
-                trylibatcadir="/usr"
+        for trylibatcadir in $search_dirs; do
+            for try_libdir in "$trylibatcadir/lib" "$trylibatcadir/lib64"; do
+                if test -f "$try_libdir/libcryptoauth.so" || test -f "$try_libdir/libcryptoauth.a"; then
+                    libdir="$try_libdir"
+                    break
+                fi
+            done
+
+            if test -z "$libdir"; then
+                if test -x /usr/bin/dpkg-architecture; then
+                    DEB_HOST_MULTIARCH=`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`
+                    if test -n "$DEB_HOST_MULTIARCH"; then
+                        try_libdir="$trylibatcadir/lib/$DEB_HOST_MULTIARCH"
+                        if test -f "$try_libdir/libcryptoauth.so" || test -f "$try_libdir/libcryptoauth.a"; then
+                            libdir="$try_libdir"
+                        fi
+                    fi
+                fi
             fi
 
-            LDFLAGS="$LDFLAGS -L$trylibatcadir/lib"
-            CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib"
-
-            AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
+            for try_incdir in "$trylibatcadir/include/cryptoauthlib" "$trylibatcadir/include"; do
+                if test -f "$try_incdir/cryptoauthlib.h"; then
+                    incdir="$try_incdir"
+                    break
+                fi
+            done
 
-            if test "x$libatca_linked" = "xno" ; then
-                AC_MSG_ERROR([cryptoauthlib isn't found.
-                If it's already installed, specify its path using --with-cryptoauthlib=/dir/])
+            if test -n "$libdir" && test -n "$incdir"; then
+                break
             fi
+            libdir=""
+            incdir=""
+        done
 
-            AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib"
-            AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/lib"
-            AC_MSG_RESULT([yes])
-        else
-            AC_MSG_RESULT([yes])
+        if test -n "$libdir" && test -n "$incdir"; then
+            CPPFLAGS="-I$incdir $CPPFLAGS"
+            CFLAGS="-I$incdir $CFLAGS"
+            LDFLAGS="-L$libdir $LDFLAGS"
+            LIBS="-lcryptoauth $LIBS"
+            cryptoauthlib_found="$libdir"
         fi
+    ])
 
-        ENABLED_CRYPTOAUTHLIB="yes"
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
-    ]
-)
+    AS_IF([test "x$cryptoauthlib_found" != "xno"], [
+        wolfssl_include=""
+        AS_IF([test -f "${srcdir}/wolfssl/wolfcrypt/types.h"], [
+            wolfssl_include="-I${srcdir}"
+        ], [test -f "${srcdir}/wolfssl.h"], [
+            wolfssl_include="-I${srcdir}"
+        ])
+
+        test_CPPFLAGS="$wolfssl_include $CPPFLAGS"
+        test_CFLAGS="$wolfssl_include $CFLAGS"
+
+        saved_test_CPPFLAGS="$CPPFLAGS"
+        saved_test_CFLAGS="$CFLAGS"
+        CPPFLAGS="$test_CPPFLAGS"
+        CFLAGS="$test_CFLAGS"
+
+        AC_LINK_IFELSE([AC_LANG_PROGRAM(
+            [[#include <cryptoauthlib.h>]],
+            [[atcab_init(0); return 0;]])],
+            [
+                ENABLED_CRYPTOAUTHLIB="yes"
+                AC_MSG_RESULT([yes ($cryptoauthlib_found)])
+                AC_DEFINE([HAVE_CRYPTOAUTHLIB], [1], [CryptoAuthLib support])
+                CPPFLAGS="$saved_test_CPPFLAGS"
+                CFLAGS="$saved_test_CFLAGS"
+            ],
+            [
+                LIBS="$saved_LIBS"
+                LDFLAGS="$saved_LDFLAGS"
+                CPPFLAGS="$saved_CPPFLAGS"
+                CFLAGS="$saved_CFLAGS"
+                AC_MSG_RESULT([no - compilation failed])
+                AC_MSG_ERROR([CryptoAuthLib found but test compilation failed. Check config.log for details.])
+            ])
+    ], [
+        AC_MSG_RESULT([no - library not found])
+        AC_MSG_ERROR([CryptoAuthLib not found. Install it or specify path with --with-cryptoauthlib=/path])
+    ])
+])
 
+AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB], [test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])
 
 # TropicSquare TROPIC01
 # Example: "./configure --with-tropic01=/home/pi/libtropic"

src/pk_ec.c

@@ -1999,6 +1999,7 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group,
 }
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
+    !defined(WOLFSSL_MICROCHIP_TA100) && \
     !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
     !defined(WOLF_CRYPTO_CB_ONLY_ECC)
 /* Add two points on the same together.

tests/api/test_ecc.c

@@ -1369,7 +1369,8 @@ int test_wc_ecc_pointFns(void)
     EXPECT_DECLS;
 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
-    !defined(WOLFSSL_ATECC608A) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLFSSL_ATECC608A) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
+    !defined(WOLFSSL_MICROCHIP_TA100) 
     ecc_key    key;
     WC_RNG     rng;
     int        ret;
@@ -1474,7 +1475,8 @@ int test_wc_ecc_shared_secret_ssh(void)
 #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
     !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
+    !defined(WOLFSSL_MICROCHIP_TA100) 
     ecc_key key;
     ecc_key key2;
     WC_RNG  rng;
@@ -1554,7 +1556,8 @@ int test_wc_ecc_verify_hash_ex(void)
     EXPECT_DECLS;
 #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
     && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
-       !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC)
+       !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC) && \
+       !defined(WOLFSSL_MICROCHIP_TA100)
     ecc_key       key;
     WC_RNG        rng;
     int           ret;
@@ -1648,6 +1651,7 @@ int test_wc_ecc_mulmod(void)
     EXPECT_DECLS;
 #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
     !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
+      defined(WOLFSSL_MICROCHIP_TA100) || \
       defined(WOLFSSL_VALIDATE_ECC_IMPORT)) && \
     !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     ecc_key     key1;
@@ -1871,4 +1875,3 @@ int test_wc_EccPrivateKeyToDer(void)
 #endif
     return EXPECT_RESULT();
 } /* End test_wc_EccPrivateKeyToDer */
-

tests/api/test_ossl_ec.c

@@ -428,6 +428,7 @@ int test_wolfSSL_EC_POINT(void)
         X, Y, ctx), 0);
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
+    !defined(WOLFSSL_MICROCHIP_TA100) && \
     !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
     !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, NULL, ctx), 0);
@@ -514,6 +515,7 @@ int test_wolfSSL_EC_POINT(void)
     ExpectIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
+    !defined(WOLFSSL_MICROCHIP_TA100) && \
     !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
     !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     {
@@ -788,6 +790,7 @@ int test_wolfSSL_SPAKE(void)
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) \
     && !defined(WOLFSSL_ATECC608A) && !defined(HAVE_SELFTEST) && \
+       !defined(WOLFSSL_MICROCHIP_TA100) && \
        !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     BIGNUM* x = NULL; /* kdc priv */
     BIGNUM* y = NULL; /* client priv */

wolfcrypt/benchmark/benchmark.c

@@ -818,8 +818,6 @@ static WC_INLINE void bench_append_memory_info(char* buffer, size_t size,
 
 #define TEST_STRING    "Everyone gets Friday off."
 #define TEST_STRING_SZ 25
-
-
 /* Bit values for each algorithm that is able to be benchmarked.
  * Common grouping of algorithms also.
  * Each algorithm has a unique value for its type e.g. cipher.
@@ -2051,6 +2049,9 @@ static const char* bench_result_words2[][6] = {
 };
 #endif
 #endif
+#if defined(WOLFSSL_MICROCHIP_TA100)
+    #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
+#endif
 
 #ifdef WOLFSSL_CAAM
     #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
@@ -2078,7 +2079,8 @@ static const char* bench_result_words2[][6] = {
     static volatile int g_threadCount;
 #endif
 
-#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_CAAM) || defined(WC_USE_DEVID)
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_CAAM) || defined(WC_USE_DEVID)  || \
+    defined(WOLFSSL_MICROCHIP_TA100)
     #ifndef NO_HW_BENCH
         #define BENCH_DEVID
     #endif
@@ -9987,8 +9989,12 @@ static void bench_rsa_helper(int useDeviceID,
                                           1, &times, ntimes, &pending)) {
                     #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
                         !defined(WOLFSSL_RSA_PUBLIC_ONLY)
-                        ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
+                        #if defined(WOLFSSL_MICROCHIP_TA100)
+                            ret = wc_RsaSSL_Verify(message, len, enc[i], rsaKeySz/8, rsaKey[i]);
+                        #else
+                            ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
                                                       rsaKeySz/8, rsaKey[i]);
+                        #endif
                     #elif defined(USE_CERT_BUFFERS_2048)
                         XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig));
                         idx = sizeof(rsa_2048_sig);
@@ -10124,6 +10130,13 @@ void bench_rsa(int useDeviceID)
 #else
         /* Note: To benchmark public only define WOLFSSL_PUBLIC_MP */
         rsaKeySz = 0;
+#endif
+#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_MICROCHIP_TA100)
+        /* Create new keys since you cannot import a private key to TA100 */
+        ret = wc_MakeRsaKey(rsaKey[i], rsaKeySz, WC_RSA_EXPONENT, &gRng);
+        if (ret) {
+            goto exit;
+        }
 #endif
     }
 
@@ -12146,6 +12159,9 @@ void bench_ecc(int useDeviceID, int curveId)
         if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
+#if defined(WOLFSSL_MICROCHIP_TA100)
+        genKey[i]->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_ALICE);
+#endif
         ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i], curveId);
     #ifdef WOLFSSL_ASYNC_CRYPT
         ret = wc_AsyncWait(ret, &genKey[i]->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -12158,6 +12174,9 @@ void bench_ecc(int useDeviceID, int curveId)
         if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
+#if defined(WOLFSSL_MICROCHIP_TA100)
+        genKey2[i]->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_BOB);
+#endif
         if ((ret = wc_ecc_make_key_ex(&gRng, keySize, genKey2[i],
                     curveId)) > 0) {
             goto exit;
@@ -12354,7 +12373,6 @@ void bench_ecc(int useDeviceID, int curveId)
     WC_FREE_ARRAY(sig, BENCH_MAX_PENDING, HEAP_HINT);
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 #endif
-
     (void)useDeviceID;
     (void)pending;
     (void)x;