mbedtls wrap issue with TrustFLEX provisioning if is #406
Description
Describe the bug
When using the Microchip CryptoAuth library with a TrustFLEX ATECC608B chip, the function atcab_get_pubkey() is called in atca_mbedtls_wrap.c at line 1513 if ca_key_cfg->is_genkey == 0. However, this results in a chip execution error:
./components/esp-cryptoauthlib/cryptoauthlib/lib/calib/calib_genkey.c:98:fffffff4:calib_genkey_base - execution
In previous versions of the library, the behavior was the opposite: atcab_get_pubkey() was invoked only when is_genkey == 1, which worked correctly.
To Reproduce
Steps to reproduce the behavior:
Use a TrustFLEX ATECC608B chip with esp-cryptoauthlib.
Set ca_key_cfg->is_genkey = 0.
Initialize the mbedTLS wrapper or trigger a TLS handshake.
Observe that atcab_get_pubkey() is invoked and fails with the error above.
Expected behavior
If is_genkey == 0, the library should assume the public key is already available (pre-generated or provisioned) and should not issue a GENKEY command. The current logic seems reversed compared to earlier library versions.
Additional context
Chip: ATECC608B TrustFLEX
Library: esp-cryptoauthlib (based on Microchip CryptoAuthLib)
File: atca_mbedtls_wrap.c, line 1513
Error code: 0xFFFFF4 (ATCA_EXECUTION_ERROR)
In previous versions, the condition was if (is_genkey == 1) → call atcab_get_pubkey() — the current version behaves oppositely.
This may indicate a logic inversion/regression in handling key configuration, or an incompatibility with TrustFLEX provisioning defaults.