From 074090049be03a2e621ff7235c8ae35968fbf968 Mon Sep 17 00:00:00 2001
From: Hayden Roche <hayden@wolfssl.com>
Date: Thu, 18 Feb 2021 14:49:40 -0600
Subject: [PATCH 1/2] Add CMake support for CURVE25519, ED25519, CURVE448, and
 ED448.

---
 CMakeLists.txt | 99 ++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 95 insertions(+), 4 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0ce88a0dc..bbaa8e087 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -441,15 +441,106 @@ endif()
 
 # TODO: - ECC custom curves
 #       - Compressed key
-#       - CURVE25519
-#       - ED25519
-#       - CURVE448
-#       - ED448
 #       - FP ECC, fixed point cache ECC
 #       - ECC encrypt
 #       - PSK
 #       - Single PSK identity
 
+# CURVE25519
+set(WOLFSSL_CURVE25519_SMALL "no")
+set(WOLFSSL_CURVE25519_HELP_STRING "Enable Curve25519 (default: disabled)")
+set(WOLFSSL_CURVE25519 "no" CACHE STRING ${WOLFSSL_CURVE25519_HELP_STRING})
+set_property(CACHE WOLFSSL_CURVE25519 PROPERTY STRINGS "yes" "no" "small" "no128bit")
+
+if(WOLFSSL_OPENSSH)
+    override_cache(WOLFSSL_CURVE25519 "yes")
+endif()
+
+if(WOLFSSL_CURVE25519)
+    if("${WOLFSSL_CURVE25519}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
+        list(APPEND WOLFSSL_DEFINITIONS "-DCURVE25519_SMALL")
+        set(WOLFSSL_CURVE25519_SMALL "yes")
+    endif()
+
+    if("${WOLFSSL_CURVE25519}" STREQUAL "no128bit" OR WOLFSSL_32BIT)
+        list(APPEND WOLFSSL_DEFINITIONS "-DNO_CURVED25519_128BIT")
+    endif()
+
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE25519")
+    set(WOLFSSL_FEMATH "yes")
+endif()
+
+# ED25519
+set(WOLFSSL_ED25519_SMALL "no")
+set(WOLFSSL_ED25519_HELP_STRING "Enable ED25519 (default: disabled)")
+set(WOLFSSL_ED25519 "no" CACHE STRING ${WOLFSSL_ED25519_HELP_STRING})
+set_property(CACHE WOLFSSL_ED25519 PROPERTY STRINGS "yes" "no" "small")
+
+if(WOLFSSL_OPENSSH)
+    override_cache(WOLFSSL_ED25519 "yes")
+endif()
+
+if(WOLFSSL_ED25519 AND NOT WOLFSSL_32BIT)
+    if("${WOLFSSL_ED25519}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
+        list(APPEND WOLFSSL_DEFINITIONS "-DED25519_SMALL")
+        set(WOLFSSL_ED25519_SMALL "yes")
+        set(WOLFSSL_CURVE25519_SMALL "yes")
+    endif()
+
+    if(NOT WOLFSSL_SHA512)
+        message(FATAL_ERROR "cannot enable ed25519 without enabling sha512.")
+    endif()
+
+    set(WOLFSSL_FEMATH "yes")
+    set(WOLFSSL_GEMATH "yes")
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED25519")
+endif()
+
+# CURVE448
+set(WOLFSSL_CURVE448_SMALL "no")
+set(WOLFSSL_CURVE448_HELP_STRING "Enable Curve448 (default: disabled)")
+set(WOLFSSL_CURVE448 "no" CACHE STRING ${WOLFSSL_CURVE448_HELP_STRING})
+set_property(CACHE WOLFSSL_CURVE448 PROPERTY STRINGS "yes" "no" "small")
+
+if(WOLFSSL_CURVE448)
+    if("${WOLFSSL_CURVE448}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
+        list(APPEND WOLFSSL_DEFINITIONS "-DCURVE448_SMALL")
+        set(WOLFSSL_CURVE448_SMALL "yes")
+    endif()
+
+    if("${WOLFSSL_CURVE448}" STREQUAL "no128bit" OR WOLFSSL_32BIT)
+        list(APPEND WOLFSSL_DEFINITIONS "-DNO_CURVED448_128BIT")
+    endif()
+
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE448")
+    set(WOLFSSL_FE448 "yes")
+endif()
+
+# ED448
+set(WOLFSSL_ED448_SMALL "no")
+set(WOLFSSL_ED448_HELP_STRING "Enable ED448 (default: disabled)")
+set(WOLFSSL_ED448 "no" CACHE STRING ${WOLFSSL_ED448_HELP_STRING})
+set_property(CACHE WOLFSSL_ED448 PROPERTY STRINGS "yes" "no" "small")
+
+if(WOLFSSL_ED448 AND NOT WOLFSSL_32BIT)
+    if("${WOLFSSL_ED448}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
+        list(APPEND WOLFSSL_DEFINITIONS "-DED448_SMALL")
+        set(WOLFSSL_ED448_SMALL "yes")
+        set(WOLFSSL_CURVE448_SMALL "yes")
+    endif()
+
+    if(NOT WOLFSSL_SHA512)
+        message(FATAL_ERROR "cannot enable ed448 without enabling sha512.")
+    endif()
+
+    set(WOLFSSL_FE448 "yes")
+    set(WOLFSSL_GE448 "yes")
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED448")
+
+    # EdDSA448 requires SHAKE256 which requires SHA-3
+    override_cache(WOLFSSL_SHAKE256 "yes")
+endif()
+
 # Error strings
 set(WOLFSSL_ERROR_STRINGS_HELP_STRING "Enable error strings table (default: enabled)")
 option(WOLFSSL_ERROR_STRINGS ${WOLFSSL_ERROR_STRINGS_HELP_STRING} "yes")

From 101b35e766fcfcbf2aebac2fc0fac3b4edf4d7de Mon Sep 17 00:00:00 2001
From: Elms <jeff@wolfssl.com>
Date: Wed, 24 Feb 2021 13:57:27 -0800
Subject: [PATCH 2/2] cmake: mirror configure logic for SHA3, SHAKE256, SHA224

---
 CMakeLists.txt | 58 ++++++++++++++++++++++++++------------------------
 1 file changed, 30 insertions(+), 28 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index bbaa8e087..0452ce048 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -331,6 +331,36 @@ endif()
 #       - RIPEMD
 #       - BLAKE2
 
+
+# SHA224
+set(SHA224_DEFAULT "no")
+if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
+    ("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
+    if(NOT WOLFSSL_AFALG AND NOT WOLFSSL_DEVCRYPTO AND
+       (NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2")))
+        set(SHA224_DEFAULT "yes")
+    endif()
+endif()
+set(WOLFSSL_SHA224_HELP_STRING "Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)")
+option(WOLFSSL_SHA224 ${WOLFSSL_SHA224_HELP_STRING} ${SHA224_DEFAULT})
+
+# SHA3
+set(SHA3_DEFAULT "no")
+if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
+    ("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
+    if(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2"))
+        set(SHA3_DEFAULT "yes")
+    endif()
+endif()
+set(WOLFSSL_SHA3_HELP_STRING "Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)")
+set(WOLFSSL_SHA3 ${SHA3_DEFAULT} CACHE STRING ${WOLFSSL_SHA3_HELP_STRING})
+set_property(CACHE WOLFSSL_SHA3 PROPERTY STRINGS "yes" "no" "small")
+
+# SHAKE256
+set(WOLFSSL_SHAKE256_HELP_STRING "Enable wolfSSL SHAKE256 support (default: enabled on x86_64/aarch64)")
+set(WOLFSSL_SHAKE256 "no" CACHE STRING ${WOLFSSL_SHAKE256_HELP_STRING})
+set_property(CACHE WOLFSSL_SHAKE256 PROPERTY STRINGS "yes" "no" "small")
+
 # SHA512
 set(WOLFSSL_SHA512_HELP_STRING "Enable wolfSSL SHA-512 support (default: enabled)")
 option(WOLFSSL_SHA512 ${WOLFSSL_SHA512_HELP_STRING} "yes")
@@ -859,35 +889,11 @@ endif()
 #       - Selftest
 
 # SHA224
-set(SHA224_DEFAULT "no")
-if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
-    ("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
-    if(NOT WOLFSSL_AFALG AND NOT WOLFSSL_DEVCRYPTO AND
-       (NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2")))
-        set(SHA224_DEFAULT "yes")
-    endif()
-endif()
-
-set(WOLFSSL_SHA224_HELP_STRING "Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)")
-option(WOLFSSL_SHA224 ${WOLFSSL_SHA224_HELP_STRING} ${SHA224_DEFAULT})
-
 if(WOLFSSL_SHA224)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA224")
 endif()
 
 # SHA3
-set(SHA3_DEFAULT "no")
-if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
-    ("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
-    if(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2"))
-        set(SHA3_DEFAULT "yes")
-    endif()
-endif()
-
-set(WOLFSSL_SHA3_HELP_STRING "Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)")
-set(WOLFSSL_SHA3 ${SHA3_DEFAULT} CACHE STRING ${WOLFSSL_SHA3_HELP_STRING})
-set_property(CACHE WOLFSSL_SHA3 PROPERTY STRINGS "yes" "no" "small")
-
 if("${WOLFSSL_SHA3}" STREQUAL "small")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3_SMALL")
     override_cache(WOLFSSL_SHA3 "yes")
@@ -898,10 +904,6 @@ if(WOLFSSL_SHA3 AND NOT WOLFSSL_32BIT)
 endif()
 
 # SHAKE256
-set(WOLFSSL_SHAKE256_HELP_STRING "Enable wolfSSL SHAKE256 support (default: enabled on x86_64/aarch64)")
-set(WOLFSSL_SHAKE256 "no" CACHE STRING ${WOLFSSL_SHAKE256_HELP_STRING})
-set_property(CACHE WOLFSSL_SHAKE256 PROPERTY STRINGS "yes" "no" "small")
-
 if(NOT WOLFSSL_SHAKE256)
     override_cache(WOLFSSL_SHAKE256 ${WOLFSSL_SHA3})
 endif()