Skip to content

[Microchip TA-100] Fix port + update to cryptoauthlib v3.6.0 #9702

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
danielinux wants to merge 15 commits into
base: master
Choose a base branch
from
Open

[Microchip TA-100] Fix port + update to cryptoauthlib v3.6.0 #9702

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
e3ee55f
TA100: Microchip Trust Anchor support RSA/ECC
tmael Oct 15, 2025
492d388
TA100: follow-up changes (squash after 4e64cb56)
tmael Jan 14, 2026
e400fec
[TA-100] Fixed GMAC, AES-GCM, AES, ECC
danielinux Jan 22, 2026
5887c9e
Reverted changes to fallback ECC
danielinux Jan 22, 2026
fdcf505
[TA-100] Fixed ECC384. Adding RSA.
danielinux Jan 22, 2026
bde0142
[TA-100] Fixed RSA keygen/sign/verify, tests
danielinux Jan 22, 2026
9d8f643
Close PKG_CHECK_MODULES with a no-op failure action and use a separat…
tmael Mar 5, 2026
927b732
[TA-100] Fix build/test regressions in non-TA100 builds
tmael Mar 5, 2026
90017ba
wraps PKG_CHECK_MODULES with m4_ifdef so it's silently skipped when p…
tmael Mar 5, 2026
7d84796
Removed the dead #ifdef WOLFSSL_MICROCHIP_TA100 block (it was inside …
tmael Mar 6, 2026
9cb5b7a
Fix formatting
tmael Mar 6, 2026
81c33bb
Fix comments and shellcheck warning
tmael Mar 11, 2026
5074613
Fix typo
tmael Mar 17, 2026
6b9d658
Correct Nested comment for Espressif build
tmael Mar 21, 2026
6eb4a30
Addressed comment: added macros to .wolfssl_know_macro_extras
danielinux Mar 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .wolfssl_known_macro_extras
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,10 @@ ARDUINO_TEENSY41
ASN_DUMP_OID
ASN_TEMPLATE_SKIP_ISCA_CHECK
ATCAPRINTF
ATCA_HAL_I2C
ATCA_ENABLE_DEPRECATED
ATCA_TFLEX_SUPPORT
ATECC_DEV_TYPE
AVR
BASE64_NO_TABLE
BLAKE2B_SELFTEST
Expand Down Expand Up @@ -565,6 +568,7 @@ STSAFE_I2C_BUS
STSE_CONF_ECC_BRAINPOOL_P_256
STSE_CONF_ECC_BRAINPOOL_P_384
SYS_CLOCK_REALTIME
TA100_ECC_TRACE
TASK_EXTRA_STACK_SIZE
TCP_NODELAY
TFM_ALREADY_SET
Expand Down Expand Up @@ -790,8 +794,10 @@ WOLFSSL_LMS_ROOT_LEVELS
WOLFSSL_LPC43xx
WOLFSSL_MAKE_SYSTEM_NAME_LINUX
WOLFSSL_MAKE_SYSTEM_NAME_WSL
WOLFSSL_MANUALLY_SELECT_DEVICE_CONFIG
WOLFSSL_MDK5
WOLFSSL_MEM_FAIL_COUNT
WOLFSSL_MICROCHIP_AESGCM
WOLFSSL_MLKEM_INVNTT_UNROLL
WOLFSSL_MLKEM_NO_MALLOC
WOLFSSL_MLKEM_NTT_UNROLL
Expand All @@ -811,6 +817,7 @@ WOLFSSL_NO_CRL_NEXT_DATE
WOLFSSL_NO_CT_MAX_MIN
WOLFSSL_NO_DEBUG_CERTS
WOLFSSL_NO_DECODE_EXTRA
WOLFSSL_NO_DEL_HANDLE
WOLFSSL_NO_DER_TO_PEM
WOLFSSL_NO_DH186
WOLFSSL_NO_DTLS_SIZE_CHECK
Expand Down
168 changes: 139 additions & 29 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3108,48 +3108,158 @@ AC_ARG_WITH([maxq10xx],
]
)

AC_ARG_ENABLE([microchip],
Comment thread
dgarske marked this conversation as resolved.
[AS_HELP_STRING([--enable-microchip],[Enable wolfSSL support for microchip/atmel 508/608/100 (default: disabled)])],
[ ENABLED_ATMEL=$enableval ],
[ ENABLED_ATMEL=no ]
)

if test "$ENABLED_ATMEL" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MICROCHIP"

for v in `echo $ENABLED_ATMEL | tr "," " "`
do
case $v in
508)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
;;

608)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC608A"
;;

100)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MICROCHIP_TA100 -DMICROCHIP_DEV_TYPE=TA100"
;;
esac
done
fi


# Microchip/Atmel CryptoAuthLib
ENABLED_CRYPTOAUTHLIB="no"
trylibatcadir=""
AC_ARG_WITH([cryptoauthlib],
[AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])],
[
AC_MSG_CHECKING([for cryptoauthlib])
CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A"
LIBS="$LIBS -lcryptoauth"
[AS_HELP_STRING([--with-cryptoauthlib=PATH],
[PATH to CryptoAuthLib install (default: system paths)])],
[with_cryptoauthlib=$withval],
[with_cryptoauthlib=no])

AS_IF([test "x$with_cryptoauthlib" != "xno"], [
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--with-cryptoauthlib only performs library detection and doesn’t enable any Microchip backend macros anymore. This means users can pass --with-cryptoauthlib and still end up without WOLFSSL_ATECC* / WOLFSSL_MICROCHIP_TA100 enabled (and no port code compiled). Consider erroring out when --with-cryptoauthlib is used without --enable-microchip=..., or explicitly document that both flags are required.

Suggested change
AS_IF([test "x$with_cryptoauthlib" != "xno"], [
AS_IF([test "x$with_cryptoauthlib" != "xno"], [
AS_IF([test "x$ENABLED_ATMEL" = "xno"], [
AC_MSG_ERROR([--with-cryptoauthlib requires --enable-microchip=<devices>. Please re-run configure with --enable-microchip=508,608,100 or appropriate devices.])
])

Copilot uses AI. Check for mistakes.
AC_MSG_CHECKING([for CryptoAuthLib])

libdir=""
incdir=""
cryptoauthlib_found="no"

saved_LIBS="$LIBS"
saved_LDFLAGS="$LDFLAGS"
saved_CPPFLAGS="$CPPFLAGS"
saved_CFLAGS="$CFLAGS"

# Method 1: Try pkg-config first (most reliable)
m4_ifdef([PKG_CHECK_MODULES], [
PKG_CHECK_MODULES([CRYPTOAUTHLIB], [cryptoauthlib], [
CPPFLAGS="$CRYPTOAUTHLIB_CFLAGS $CPPFLAGS"
CFLAGS="$CRYPTOAUTHLIB_CFLAGS $CFLAGS"
LDFLAGS="$CRYPTOAUTHLIB_LIBS $LDFLAGS"
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the pkg-config path, CRYPTOAUTHLIB_LIBS is appended to both LDFLAGS and LIBS. Since *_LIBS commonly contains -l... entries, putting it into LDFLAGS is non-standard and can cause duplicated/incorrect linker flags downstream. Prefer appending CRYPTOAUTHLIB_LIBS only to LIBS and leaving LDFLAGS for -L.../linker flags.

Suggested change
LDFLAGS="$CRYPTOAUTHLIB_LIBS $LDFLAGS"

Copilot uses AI. Check for mistakes.
LIBS="$CRYPTOAUTHLIB_LIBS $LIBS"
cryptoauthlib_found="pkg-config"
], [:])
])

AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
# Method 2: Manual search if pkg-config failed
AS_IF([test "x$cryptoauthlib_found" = "xno"], [
AS_IF([test "x$with_cryptoauthlib" = "xyes"], [
search_dirs="/usr /usr/local"
], [
search_dirs="$with_cryptoauthlib"
])

if test "x$libatca_linked" = "xno" ; then
if test "x$withval" != "xno" ; then
trylibatcadir=$withval
fi
if test "x$withval" = "xyes" ; then
trylibatcadir="/usr"
for trylibatcadir in $search_dirs; do
for try_libdir in "$trylibatcadir/lib" "$trylibatcadir/lib64"; do
if test -f "$try_libdir/libcryptoauth.so" || test -f "$try_libdir/libcryptoauth.a"; then
libdir="$try_libdir"
break
fi
done

if test -z "$libdir"; then
if test -x /usr/bin/dpkg-architecture; then
DEB_HOST_MULTIARCH=`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`
if test -n "$DEB_HOST_MULTIARCH"; then
try_libdir="$trylibatcadir/lib/$DEB_HOST_MULTIARCH"
if test -f "$try_libdir/libcryptoauth.so" || test -f "$try_libdir/libcryptoauth.a"; then
libdir="$try_libdir"
fi
fi
fi
fi

LDFLAGS="$LDFLAGS -L$trylibatcadir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib"

AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
for try_incdir in "$trylibatcadir/include/cryptoauthlib" "$trylibatcadir/include"; do
if test -f "$try_incdir/cryptoauthlib.h"; then
incdir="$try_incdir"
break
fi
done

if test "x$libatca_linked" = "xno" ; then
AC_MSG_ERROR([cryptoauthlib isn't found.
If it's already installed, specify its path using --with-cryptoauthlib=/dir/])
if test -n "$libdir" && test -n "$incdir"; then
break
fi
libdir=""
incdir=""
done

AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib"
AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/lib"
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
if test -n "$libdir" && test -n "$incdir"; then
CPPFLAGS="-I$incdir $CPPFLAGS"
CFLAGS="-I$incdir $CFLAGS"
LDFLAGS="-L$libdir $LDFLAGS"
LIBS="-lcryptoauth $LIBS"
cryptoauthlib_found="$libdir"
fi
])

ENABLED_CRYPTOAUTHLIB="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
]
)
AS_IF([test "x$cryptoauthlib_found" != "xno"], [
wolfssl_include=""
AS_IF([test -f "${srcdir}/wolfssl/wolfcrypt/types.h"], [
wolfssl_include="-I${srcdir}"
], [test -f "${srcdir}/wolfssl.h"], [
wolfssl_include="-I${srcdir}"
])

test_CPPFLAGS="$wolfssl_include $CPPFLAGS"
test_CFLAGS="$wolfssl_include $CFLAGS"

saved_test_CPPFLAGS="$CPPFLAGS"
saved_test_CFLAGS="$CFLAGS"
CPPFLAGS="$test_CPPFLAGS"
CFLAGS="$test_CFLAGS"

AC_LINK_IFELSE([AC_LANG_PROGRAM(
[[#include <cryptoauthlib.h>]],
[[atcab_init(0); return 0;]])],
[
ENABLED_CRYPTOAUTHLIB="yes"
AC_MSG_RESULT([yes ($cryptoauthlib_found)])
AC_DEFINE([HAVE_CRYPTOAUTHLIB], [1], [CryptoAuthLib support])
CPPFLAGS="$saved_test_CPPFLAGS"
CFLAGS="$saved_test_CFLAGS"
],
[
LIBS="$saved_LIBS"
LDFLAGS="$saved_LDFLAGS"
CPPFLAGS="$saved_CPPFLAGS"
CFLAGS="$saved_CFLAGS"
AC_MSG_RESULT([no - compilation failed])
AC_MSG_ERROR([CryptoAuthLib found but compilation check failed. Check config.log for details.])
])
], [
AC_MSG_RESULT([no - library not found])
AC_MSG_ERROR([CryptoAuthLib not found. Install it or specify path with --with-cryptoauthlib=/path])
])
])

AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB], [test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])

# TropicSquare TROPIC01
# Example: "./configure --with-tropic01=/home/pi/libtropic"
Expand Down
10 changes: 7 additions & 3 deletions tests/api/test_ecc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1369,7 +1369,8 @@ int test_wc_ecc_pointFns(void)
EXPECT_DECLS;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
!defined(WOLFSSL_ATECC608A) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ecc_key key;
WC_RNG rng;
int ret;
Expand Down Expand Up @@ -1474,7 +1475,8 @@ int test_wc_ecc_shared_secret_ssh(void)
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ecc_key key;
ecc_key key2;
WC_RNG rng;
Expand Down Expand Up @@ -1554,7 +1556,8 @@ int test_wc_ecc_verify_hash_ex(void)
EXPECT_DECLS;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
&& !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC)
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ecc_key key;
WC_RNG rng;
int ret;
Expand Down Expand Up @@ -1648,6 +1651,7 @@ int test_wc_ecc_mulmod(void)
EXPECT_DECLS;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
!(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_MICROCHIP_TA100) || \
defined(WOLFSSL_VALIDATE_ECC_IMPORT)) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
ecc_key key1;
Expand Down
3 changes: 3 additions & 0 deletions tests/api/test_ossl_ec.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -429,6 +429,7 @@ int test_wolfSSL_EC_POINT(void)
X, Y, ctx), 0);

#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, NULL, ctx), 0);
Expand Down Expand Up @@ -521,6 +522,7 @@ int test_wolfSSL_EC_POINT(void)
ExpectIntEQ(EC_POINT_invert(group, new_point, ctx), 1);

#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
{
Expand Down Expand Up @@ -802,6 +804,7 @@ int test_wolfSSL_SPAKE(void)

#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) \
&& !defined(WOLFSSL_ATECC608A) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
BIGNUM* x = NULL; /* kdc priv */
BIGNUM* y = NULL; /* client priv */
Expand Down
33 changes: 29 additions & 4 deletions wolfcrypt/benchmark/benchmark.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -823,7 +823,6 @@ static WC_INLINE void bench_append_memory_info(char* buffer, size_t size,
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING_SZ 25


/* Bit values for each algorithm that is able to be benchmarked.
* Common grouping of algorithms also.
* Each algorithm has a unique value for its type e.g. cipher.
Expand Down Expand Up @@ -2077,6 +2076,9 @@ static const char* bench_result_words2[][6] = {
};
#endif
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif

#ifdef WOLFSSL_CAAM
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
Expand Down Expand Up @@ -2104,7 +2106,9 @@ static const char* bench_result_words2[][6] = {
static volatile int g_threadCount;
#endif

#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_CAAM) || defined(WC_USE_DEVID)
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_CAAM) || \
defined(WC_USE_DEVID) || \
defined(WOLFSSL_MICROCHIP_TA100)
#ifndef NO_HW_BENCH
#define BENCH_DEVID
#endif
Expand Down Expand Up @@ -10067,8 +10071,13 @@ static void bench_rsa_helper(int useDeviceID,
1, &times, ntimes, &pending)) {
#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
#if defined(WOLFSSL_MICROCHIP_TA100)
ret = wc_RsaSSL_Verify(message, len,
enc[i], rsaKeySz/8, rsaKey[i]);
#else
ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
rsaKeySz/8, rsaKey[i]);
#endif
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig));
idx = sizeof(rsa_2048_sig);
Expand Down Expand Up @@ -10204,6 +10213,13 @@ void bench_rsa(int useDeviceID)
#else
/* Note: To benchmark public only define WOLFSSL_PUBLIC_MP */
rsaKeySz = 0;
#endif
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_MICROCHIP_TA100)
/* Create new keys since you cannot import a private key to TA100 */
ret = wc_MakeRsaKey(rsaKey[i], rsaKeySz, WC_RSA_EXPONENT, &gRng);
if (ret) {
goto exit;
}
#endif
}

Expand Down Expand Up @@ -12349,6 +12365,9 @@ void bench_ecc(int useDeviceID, int curveId)
if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) {
goto exit;
}
#if defined(WOLFSSL_MICROCHIP_TA100)
genKey[i]->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_ALICE);
#endif
ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i], curveId);
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_AsyncWait(ret, &genKey[i]->asyncDev, WC_ASYNC_FLAG_NONE);
Expand All @@ -12361,6 +12380,9 @@ void bench_ecc(int useDeviceID, int curveId)
if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) {
goto exit;
}
#if defined(WOLFSSL_MICROCHIP_TA100)
genKey2[i]->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_BOB);
#endif
if ((ret = wc_ecc_make_key_ex(&gRng, keySize, genKey2[i],
curveId)) > 0) {
goto exit;
Expand Down Expand Up @@ -12557,7 +12579,10 @@ void bench_ecc(int useDeviceID, int curveId)
WC_FREE_ARRAY(sig, BENCH_MAX_PENDING, HEAP_HINT);
WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
#endif

#if defined(WOLFSSL_MICROCHIP_TA100)
atmel_ecc_free(ATMEL_SLOT_ECDHE_ALICE);
atmel_ecc_free(ATMEL_SLOT_ECDHE_BOB);
#endif
(void)useDeviceID;
(void)pending;
(void)x;
Expand Down
Loading
Loading