diff --git a/IDE/ECLIPSE/SIFIVE/Makefile b/IDE/ECLIPSE/SIFIVE/Makefile index 9cb031127..81f2620b6 100644 --- a/IDE/ECLIPSE/SIFIVE/Makefile +++ b/IDE/ECLIPSE/SIFIVE/Makefile @@ -21,6 +21,9 @@ OPT_CFLAGS = -specs=nano.specs #OPT_CFLAGS += -O3 -DTIME -DNOENUM -Wno-implicit -mexplicit-relocs -save-temps #OPT_CFLAGS += -fno-inline -fno-builtin-printf -fno-common -falign-functions=4 +# ovewrite the __stack_size default value of 0x400 with 0x1000(4 Kbytes). +# The __stack_size and __heap_size symbols are defined in the linker metal.default.ld +# script in the freedom-e-sdk. override CFLAGS += $(OPT_CFLAGS) $(WOLFSSL_CFLAGS) \ -Xlinker --defsym=__stack_size=0x1000 diff --git a/IDE/ECLIPSE/SIFIVE/README.md b/IDE/ECLIPSE/SIFIVE/README.md index a6f0d6cbb..bd13c7667 100644 --- a/IDE/ECLIPSE/SIFIVE/README.md +++ b/IDE/ECLIPSE/SIFIVE/README.md @@ -15,6 +15,11 @@ The `IDE/ECLIPSE/SIFIVE/main.c` example application provides a function to run t - #undef NO_CRYPT_TEST - #undef NO_CRYPT_BENCHMARK ``` +## Tested Configurations +- SHA-1 +- SHA-256 +- AES CBC +- ECC sign/verify/shared secret with fast math library ## Setup ### Setting up the SDK with wolfSSL @@ -80,7 +85,7 @@ RANLIB=$RISCV_PATH/bin/riscv64-unknown-elf-gcc-ranlib \ LD=riscv64-unknown-elf-ld \ CXX=riscv64-unknown-elf-g++ \ --disable-examples --enable-static --disable-shared \ -CFLAGS="-march=rv32imac -mabi=ilp32 -mcmodel=medlow -ffunction-sections -fdata-sections -I~/freedom-e-sdk/bsp/sifive-hifive1/install/include -O0 -g -DNO_FILESYSTEM -DWOLFSSL_NO_SOCK -DNO_WRITEV -DWOLFCRYPT_ONLY -DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_SIFIVE_RISC_V" +CFLAGS="-march=rv32imac -mabi=ilp32 -mcmodel=medlow -ffunction-sections -fdata-sections -I~/freedom-e-sdk/bsp/sifive-hifive1/install/include -O0 -g -DNO_FILESYSTEM -DWOLFSSL_NO_SOCK -DNO_WRITEV -DWOLFCRYPT_ONLY -DWOLFSSL_SIFIVE_RISC_V" $make $sudo make install @@ -143,8 +148,6 @@ ECDHE 256 agree 2 ops took 22.000 sec, avg 11000.000 ms, 0.091 ops/ ECDSA 256 sign 2 ops took 23.000 sec, avg 11500.000 ms, 0.087 ops/sec ECDSA 256 verify 2 ops took 45.000 sec, avg 22500.000 ms, 0.044 ops/sec Benchmark complete - - ``` TARGET=sifive-hifive1 ``` @@ -175,6 +178,11 @@ ECDSA 256 sign 2 ops took 25.000 sec, avg 12500.000 ms, 0.080 ops/ ECDSA 256 verify 2 ops took 48.000 sec, avg 24000.000 ms, 0.042 ops/sec Benchmark complete ``` +## Known Caveats +- If you find the wolfcrypt test stuck on early_trap_vector error, it is like related to memory issues +- Using the `__stack_size` default value of 0x400 will not be enough for the ECC test to pass. +The `IDE/ECLIPSE/SIFIVE/Makefile` overwrites the value with 0x1000 (4 KBytes) +- Enabling RSA will cause the ECC test to fail due to memory shortage ## References The test results were collected from a SiFive reference platform target with the following hardware, software and tool chains: diff --git a/IDE/ECLIPSE/SIFIVE/main.c b/IDE/ECLIPSE/SIFIVE/main.c index d304d77a6..a1528a32c 100644 --- a/IDE/ECLIPSE/SIFIVE/main.c +++ b/IDE/ECLIPSE/SIFIVE/main.c @@ -46,6 +46,7 @@ double current_time(int reset) } #endif +#if WOLFSSL_SIFIVE_RISC_V_DEBUG void check(int depth) { char ch; char *ptr = malloc(1); @@ -55,6 +56,7 @@ void check(int depth) { return; check(depth-1); + free(ptr); } void mtime_sleep( uint64_t ticks) { @@ -71,6 +73,45 @@ void delay(int sec) { uint64_t ticks = sec * RTC_FREQ; mtime_sleep(ticks); } +#endif + +/* RNG CODE */ +/* TODO: Implement real RNG */ +static unsigned int gCounter; +unsigned int hw_rand(void) +{ + /* #warning Must implement your own random source */ + + return ++gCounter; +} + +unsigned int my_rng_seed_gen(void) +{ + return hw_rand(); +} + +int my_rng_gen_block(unsigned char* output, unsigned int sz) +{ + uint32_t i = 0; + uint32_t randReturnSize = sizeof(CUSTOM_RAND_TYPE); + + while (i < sz) + { + /* If not aligned or there is odd/remainder */ + if((i + randReturnSize) > sz || + ((uint32_t)&output[i] % randReturnSize) != 0 ) { + /* Single byte at a time */ + output[i++] = (unsigned char)my_rng_seed_gen(); + } + else { + /* Use native 8, 16, 32 or 64 copy instruction */ + *((CUSTOM_RAND_TYPE*)&output[i]) = my_rng_seed_gen(); + i += randReturnSize; + } + } + + return 0; +} int main(void) { @@ -78,7 +119,7 @@ int main(void) #if WOLFSSL_SIFIVE_RISC_V_DEBUG printf("check stack and heap addresses\n"); - check(10); + check(8); printf("sleep for 10 seconds to verify timer\n"); delay(10); printf("awake after sleeping for 10 seconds\n"); @@ -87,9 +128,7 @@ int main(void) #ifdef DEBUG_WOLFSSL wolfSSL_Debugging_ON(); #endif - #ifdef HAVE_STACK_SIZE - StackSizeCheck(&args, server_test); - #endif + if ((ret = wolfCrypt_Init()) != 0) { printf("wolfCrypt_Init failed %d\n", ret); return -1; diff --git a/IDE/ECLIPSE/SIFIVE/user_settings.h b/IDE/ECLIPSE/SIFIVE/user_settings.h index c2f66b4d7..0d6c31c82 100644 --- a/IDE/ECLIPSE/SIFIVE/user_settings.h +++ b/IDE/ECLIPSE/SIFIVE/user_settings.h @@ -118,11 +118,11 @@ extern "C" { #ifdef ECC_USER_CURVES /* Manual Curve Selection */ - //#define HAVE_ECC192 - //#define HAVE_ECC224 + #define HAVE_ECC192 + #define HAVE_ECC224 #undef NO_ECC256 - //#define HAVE_ECC384 - //#define HAVE_ECC521 + #define HAVE_ECC384 + #define HAVE_ECC521 #endif /* Fixed point cache (speeds repeated operations against same private key) */ @@ -203,29 +203,24 @@ extern "C" { #if 1 #undef HAVE_AES_CBC #define HAVE_AES_CBC + + #undef HAVE_AESGCM + #define HAVE_AESGCM - /* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */ - #if !defined(WOLFSSL_CRYPTOCELL_AES) - #undef HAVE_AESGCM - #define HAVE_AESGCM + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + #define GCM_SMALL - /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ - #define GCM_SMALL + #undef WOLFSSL_AES_DIRECT + //#define WOLFSSL_AES_DIRECT - #undef WOLFSSL_AES_DIRECT - //#define WOLFSSL_AES_DIRECT + #undef HAVE_AES_ECB + //#define HAVE_AES_ECB - #undef HAVE_AES_ECB - //#define HAVE_AES_ECB + #undef WOLFSSL_AES_COUNTER + //#define WOLFSSL_AES_COUNTER - #undef WOLFSSL_AES_COUNTER - //#define WOLFSSL_AES_COUNTER - - #undef HAVE_AESCCM - //#define HAVE_AESCCM - #endif -#else - #define NO_AES + #undef HAVE_AESCCM + //#define HAVE_AESCCM #endif @@ -436,16 +431,22 @@ extern "C" { /* RNG */ /* ------------------------------------------------------------------------- */ -#if defined(WOLFSSL_SIFIVE_RISC_V) - /* Override P-RNG with HW RNG */ - //extern int my_random_generate(byte* output, word32 sz); - //#undef CUSTOM_RAND_GENERATE_BLOCK - //#define CUSTOM_RAND_GENERATE_BLOCK my_random_generate - #define WOLFSSL_GENSEED_FORTEST /* for software RNG*/ +#if 1 +/* Bypass P-RNG and use only HW RNG */ +#define CUSTOM_RAND_TYPE unsigned int +extern int my_rng_gen_block(unsigned char* output, unsigned int sz); +#undef CUSTOM_RAND_GENERATE_BLOCK +#define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block #else - #define WOLFSSL_GENSEED_FORTEST -#endif + #define HAVE_HASHDRBG + /* Seed Source */ + /* Size of returned HW RNG value */ + #define CUSTOM_RAND_TYPE unsigned int + extern unsigned int my_rng_seed_gen(void); + #undef CUSTOM_RAND_GENERATE + #define CUSTOM_RAND_GENERATE my_rng_seed_gen +#endif /* ------------------------------------------------------------------------- */ /* Enable Features */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 72c74e7f7..7cff6040f 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -2327,13 +2327,11 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif #ifdef USE_TEST_GENSEED -#ifndef WOLFSSL_SIFIVE_RISC_V #ifndef _MSC_VER #warning "write a real random seed!!!!, just for testing now" #else #pragma message("Warning: write a real random seed!!!!, just for testing now") #endif -#endif /* !WOLFSSL_SIFIVE_RISC_V*/ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { word32 i;