diff --git a/IDE/GCC-ARM/Header/user_settings.h b/IDE/GCC-ARM/Header/user_settings.h index 2b367ad2a..19464bf18 100644 --- a/IDE/GCC-ARM/Header/user_settings.h +++ b/IDE/GCC-ARM/Header/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2017 wolfSSL Inc. + * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -54,14 +54,49 @@ extern "C" { #undef SIZEOF_LONG_LONG #define SIZEOF_LONG_LONG 8 -#ifdef USE_FAST_MATH +#undef USE_FAST_MATH +#if 1 + #define USE_FAST_MATH + #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT - /* Optimizations (on M0 UMULL is not supported, need another assembly solution) */ + /* Optimizations */ //#define TFM_ARM #endif +/* Wolf Single Precision Math */ +#undef WOLFSSL_SP +#if 0 + #define WOLFSSL_SP + #define WOLFSSL_SP_SMALL + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_HAVE_SP_DH + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_CACHE_RESISTANT + //#define WOLFSSL_SP_MATH + + /* 64 or 32 bit version */ + //#define WOLFSSL_SP_ARM32_ASM + //#define WOLFSSL_SP_ARM64_ASM +#endif + +/* ------------------------------------------------------------------------- */ +/* FIPS - Requires eval or license from wolfSSL */ +/* ------------------------------------------------------------------------- */ +#undef HAVE_FIPS +#if 0 + #define HAVE_FIPS + + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION 2 + + #ifdef SINGLE_THREADED + #undef NO_THREAD_LS + #define NO_THREAD_LS + #endif +#endif + /* ------------------------------------------------------------------------- */ /* Crypto */ @@ -92,24 +127,31 @@ extern "C" { #if 0 #define WC_RSA_PSS #endif + + #if 0 + #define WC_RSA_NO_PADDING + #endif #else #define NO_RSA #endif /* ECC */ +#undef HAVE_ECC #if 1 - #undef HAVE_ECC #define HAVE_ECC /* Manually define enabled curves */ #undef ECC_USER_CURVES #define ECC_USER_CURVES - //#define HAVE_ECC192 - //#define HAVE_ECC224 - #undef NO_ECC256 - //#define HAVE_ECC384 - //#define HAVE_ECC521 + #ifdef ECC_USER_CURVES + /* Manual Curve Selection */ + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + #endif /* Fixed point cache (speeds repeated operations against same private key) */ #undef FP_ECC @@ -131,17 +173,35 @@ extern "C" { #undef ECC_TIMING_RESISTANT #define ECC_TIMING_RESISTANT + /* Enable cofactor support */ + #ifdef HAVE_FIPS + #undef HAVE_ECC_CDH + #define HAVE_ECC_CDH + #endif + + /* Validate import */ + #ifdef HAVE_FIPS + #undef WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_ECC_IMPORT + #endif + + /* Compressed Key Support */ + #undef HAVE_COMP_KEY + //#define HAVE_COMP_KEY + /* Use alternate ECC size for ECC math */ #ifdef USE_FAST_MATH #ifdef NO_RSA - /* if not using RSA set FP_MAX_BITS to 256*2 */ + /* Custom fastmath size if not using RSA */ + /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */ #undef FP_MAX_BITS - #define FP_MAX_BITS 512 + #define FP_MAX_BITS (256 + 32) #else #undef ALT_ECC_SIZE #define ALT_ECC_SIZE #endif + /* Speedups specific to curve */ #ifndef NO_ECC256 #undef TFM_ECC256 #define TFM_ECC256 @@ -149,6 +209,27 @@ extern "C" { #endif #endif +/* DH */ +#undef NO_DH +#if 1 + /* Use table for DH instead of -lm (math) lib dependency */ + #if 0 + #define WOLFSSL_DH_CONST + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_4096 + //#define HAVE_FFDHE_6144 + //#define HAVE_FFDHE_8192 + #endif + + #ifdef HAVE_FIPS + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q + #endif +#else + #define NO_DH +#endif + + /* AES */ #undef NO_AES #if 1 @@ -158,16 +239,32 @@ extern "C" { #undef HAVE_AESGCM #define HAVE_AESGCM - #undef HAVE_AESCCM - #define HAVE_AESCCM - /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ - #undef GCM_SMALL #define GCM_SMALL + + #undef WOLFSSL_AES_DIRECT + //#define WOLFSSL_AES_DIRECT + + #undef HAVE_AES_ECB + //#define HAVE_AES_ECB + + #undef WOLFSSL_AES_COUNTER + //#define WOLFSSL_AES_COUNTER + + #undef HAVE_AESCCM + //#define HAVE_AESCCM #else #define NO_AES #endif + +/* DES3 */ +#undef NO_DES3 +#if 0 +#else + #define NO_DES3 +#endif + /* ChaCha20 / Poly1305 */ #undef HAVE_CHACHA #undef HAVE_POLY1305 @@ -210,7 +307,12 @@ extern "C" { #undef NO_SHA256 #if 1 /* not unrolled - ~2k smaller and ~25% slower */ - #define USE_SLOW_SHA256 + //#define USE_SLOW_SHA256 + + /* Sha224 */ + #if 0 + #define WOLFSSL_SHA224 + #endif #else #define NO_SHA256 #endif @@ -227,28 +329,33 @@ extern "C" { #endif /* over twice as small, but 50% slower */ - #define USE_SLOW_SHA512 + //#define USE_SLOW_SHA512 +#endif + +/* Sha3 */ +#undef WOLFSSL_SHA3 +#if 0 + #define WOLFSSL_SHA3 #endif /* MD5 */ #undef NO_MD5 -#if 1 - -#else - #define NO_MD5 -#endif - -#undef WOLFSSL_SHA3 #if 0 - #define WOLFSSL_SHA3 + #else + #define NO_MD5 #endif /* HKDF */ #undef HAVE_HKDF #if 0 - #define HAVE_HKDF -#else + #define HAVE_HKDF +#endif + +/* CMAC */ +#undef WOLFSSL_CMAC +#if 0 + #define WOLFSSL_CMAC #endif @@ -273,27 +380,67 @@ extern "C" { /* Debugging */ /* ------------------------------------------------------------------------- */ -#undef DEBUG_WOLFSSL -//#define DEBUG_WOLFSSL - -/* Use this to measure / print heap usage */ +#undef DEBUG_WOLFSSL +#undef NO_ERROR_STRINGS #if 0 - #undef USE_WOLFSSL_MEMORY - #define USE_WOLFSSL_MEMORY - - #undef WOLFSSL_TRACK_MEMORY - //#define WOLFSSL_TRACK_MEMORY - - #undef WOLFSSL_DEBUG_MEMORY - //#define WOLFSSL_DEBUG_MEMORY + #define DEBUG_WOLFSSL #else - #undef NO_WOLFSSL_MEMORY - #define NO_WOLFSSL_MEMORY + #if 0 + #define NO_ERROR_STRINGS + #endif #endif -#ifndef DEBUG_WOLFSSL - #undef NO_ERROR_STRINGS - #define NO_ERROR_STRINGS + +/* ------------------------------------------------------------------------- */ +/* Memory */ +/* ------------------------------------------------------------------------- */ + +/* Override Memory API's */ +#if 0 + #undef XMALLOC_OVERRIDE + #define XMALLOC_OVERRIDE + + /* prototypes for user heap override functions */ + /* Note: Realloc only required for normal math */ + #include /* for size_t */ + extern void *myMalloc(size_t n, void* heap, int type); + extern void myFree(void *p, void* heap, int type); + extern void *myRealloc(void *p, size_t n, void* heap, int type); + + #define XMALLOC(n, h, t) myMalloc(n, h, t) + #define XFREE(p, h, t) myFree(p, h, t) + #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) +#endif + +#if 0 + /* Static memory requires fast math */ + #define WOLFSSL_STATIC_MEMORY + + /* Disable fallback malloc/free */ + #define WOLFSSL_NO_MALLOC + #if 1 + #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ + #endif +#endif + +/* Memory callbacks */ +#if 0 + #undef USE_WOLFSSL_MEMORY + #define USE_WOLFSSL_MEMORY + + /* Use this to measure / print heap usage */ + #if 1 + #undef WOLFSSL_TRACK_MEMORY + #define WOLFSSL_TRACK_MEMORY + + #undef WOLFSSL_DEBUG_MEMORY + #define WOLFSSL_DEBUG_MEMORY + #endif +#else + #ifndef WOLFSSL_STATIC_MEMORY + #define NO_WOLFSSL_MEMORY + /* Otherwise we will use stdlib malloc, free and realloc */ + #endif #endif @@ -304,6 +451,7 @@ extern "C" { /* Override Current Time */ /* Allows custom "custom_time()" function to be used for benchmark */ #define WOLFSSL_USER_CURRTIME +#define WOLFSSL_GMTIME #define USER_TICKS extern unsigned long my_time(unsigned long* timer); #define XTIME my_time @@ -312,16 +460,16 @@ extern unsigned long my_time(unsigned long* timer); /* ------------------------------------------------------------------------- */ /* RNG */ /* ------------------------------------------------------------------------- */ + +/* Seed Source */ /* Size of returned HW RNG value */ #define CUSTOM_RAND_TYPE unsigned int - -/* Seed source */ -extern unsigned int custom_rand_generate(void); +extern unsigned int my_rng_seed_gen(void); #undef CUSTOM_RAND_GENERATE -#define CUSTOM_RAND_GENERATE custom_rand_generate +#define CUSTOM_RAND_GENERATE my_rng_seed_gen /* Choose RNG method */ -#if 0 +#if 1 /* Use built-in P-RNG (SHA256 based) with HW RNG */ /* P-RNG + HW RNG (P-RNG is ~8K) */ #undef HAVE_HASHDRBG @@ -331,20 +479,67 @@ extern unsigned int custom_rand_generate(void); #define WC_NO_HASHDRBG /* Bypass P-RNG and use only HW RNG */ - extern int custom_rand_generate_block(unsigned char* output, unsigned int sz); + extern int my_rng_gen_block(unsigned char* output, unsigned int sz); #undef CUSTOM_RAND_GENERATE_BLOCK - #define CUSTOM_RAND_GENERATE_BLOCK custom_rand_generate_block + #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block #endif +/* ------------------------------------------------------------------------- */ +/* Custom Standard Lib */ +/* ------------------------------------------------------------------------- */ +/* Allows override of all standard library functions */ +#undef STRING_USER +#if 0 + #define STRING_USER + + #include + + #undef USE_WOLF_STRSEP + #define USE_WOLF_STRSEP + #define XSTRSEP(s1,d) wc_strsep((s1),(d)) + + #undef USE_WOLF_STRTOK + #define USE_WOLF_STRTOK + #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) + + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + + #define XSTRLEN(s1) strlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) + + #define XSNPRINTF snprintf +#endif + + + /* ------------------------------------------------------------------------- */ /* Enable Features */ /* ------------------------------------------------------------------------- */ +#undef WOLFSSL_TLS13 #if 0 - #undef WOLFSSL_TLS13 #define WOLFSSL_TLS13 #endif +#undef WOLFSSL_KEY_GEN +#if 0 + #define WOLFSSL_KEY_GEN +#endif + +#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN) + #define WOLFSSL_OLD_PRIME_CHECK +#endif + #undef KEEP_PEER_CERT //#define KEEP_PEER_CERT @@ -407,12 +602,6 @@ extern unsigned int custom_rand_generate(void); #undef NO_DSA #define NO_DSA -#undef NO_DH -#define NO_DH - -#undef NO_DES3 -#define NO_DES3 - #undef NO_RC4 #define NO_RC4 diff --git a/IDE/GCC-ARM/Makefile b/IDE/GCC-ARM/Makefile index 82a12fb0a..ba4010c42 100644 --- a/IDE/GCC-ARM/Makefile +++ b/IDE/GCC-ARM/Makefile @@ -13,4 +13,4 @@ WolfSSLStaticLib: clean: rm -f $(BUILD_DIR)/*.elf $(BUILD_DIR)/*.hex $(BUILD_DIR)/*.map - rm -f $(BUILD_DIR)/*.o $(BUILD_DIR)/*.sym $(BUILD_DIR)/*.disasm + rm -f $(BUILD_DIR)/*.o $(BUILD_DIR)/*.a $(BUILD_DIR)/*.sym $(BUILD_DIR)/*.disasm diff --git a/IDE/GCC-ARM/Makefile.common b/IDE/GCC-ARM/Makefile.common index 1088bfc3f..f68b28d06 100644 --- a/IDE/GCC-ARM/Makefile.common +++ b/IDE/GCC-ARM/Makefile.common @@ -5,51 +5,9 @@ CMD_ECHO = BUILD_DIR = ./Build # Toolchain location and prefix +#TOOLCHAIN = TOOLCHAIN = /opt/gcc-arm-none-eabi/bin/arm-none-eabi- -INC = -I./Header \ - -I./Source \ - -I../.. - -# Memory Map -SRC_LD = -T./linker.ld - -# Defines -DEF = -DWOLFSSL_USER_SETTINGS - -# Compiler and linker flags -ARCHFLAGS = -mcpu=cortex-m0 -mthumb -mabi=aapcs -DBGFLAGS = -ggdb -ASFLAGS = $(ARCHFLAGS) - -# CC: Place functions and data into separate sections to allow dead code removal -# by the linker (-f*-sections). Enable link time optimization (-flto) -CFLAGS = $(ARCHFLAGS) -std=gnu99 -Wall -Wno-cpp \ - -ffunction-sections -fdata-sections \ - -Os -flto $(DBGFLAGS) - -# LD: Remove unused sections -LDFLAGS = $(ARCHFLAGS) -Wl,--gc-sections - -# LD: Link with newlib-nano implementation -LDFLAGS += --specs=nano.specs --specs=nosys.specs - -# LD: generate map -LDFLAGS += -Wl,-Map=$(BUILD_DIR)/$(BIN).map $(DBGFLAGS) - -# LD: Entry point -LDFLAGS += -Wl,-ereset_handler - -# Math lib (for DH) -LIBS = -lm - -SRC_C += ./Source/armtarget.c -SRC_C += $(wildcard ../../src/*.c ../../wolfcrypt/src/*.c ../../wolfcrypt/benchmark/*.c ../../wolfcrypt/test/*.c) -FILENAMES_C = $(notdir $(SRC_C)) -FILENAMES_C := $(filter-out evp.c, $(FILENAMES_C)) -OBJS_C = $(addprefix $(BUILD_DIR)/, $(FILENAMES_C:.c=.o)) -vpath %.c $(dir $(SRC_C)) - # Tools selection CC = $(TOOLCHAIN)gcc AS = $(TOOLCHAIN)gcc @@ -60,6 +18,147 @@ OBJCOPY = $(TOOLCHAIN)objcopy OBJDUMP = $(TOOLCHAIN)objdump SIZE = $(TOOLCHAIN)size +# Includes +INC = -I./Header \ + -I./Source \ + -I../.. + +# Defines +DEF = -DWOLFSSL_USER_SETTINGS + +# Architecture +ARCHFLAGS = -mcpu=cortex-m0 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP +#ARCHFLAGS = -mcpu=cortex-r5 -mthumb -mabi=aapcs +#ARCHFLAGS = -mcpu=cortex-a53 -mthumb -mabi=aapcs + +# Compiler and linker flags +ASFLAGS = $(ARCHFLAGS) +CFLAGS = $(ARCHFLAGS) -std=gnu99 -Wall -Wno-cpp +LDFLAGS = $(ARCHFLAGS) + +# LD: Link with nosys +LDFLAGS += --specs=nosys.specs + +# LD: Link with nano or rdimon implementation for standard library +LDFLAGS += --specs=nano.specs +#LDFLAGS += --specs=rdimon.specs + +# LD: generate map +LDFLAGS += -Wl,-Map=$(BUILD_DIR)/$(BIN).map + +# LD: Entry point +LDFLAGS += -Wl,-ereset_handler + +# Math lib (for DH) +LIBS = -lm + +# Memory Map +SRC_LD = -T./linker.ld + +# Optimization level and place functions / data into separate sections to allow dead code removal +CFLAGS += -Os -ffunction-sections -fdata-sections -fno-builtin +# Remove unused sections and link time optimizations +LDFLAGS += -Wl,--gc-sections -flto + +# Debugging +#DBGFLAGS = -ggdb -g3 +CFLAGS += $(DBGFLAGS) +LDFLAGS += $(DBGFLAGS) + + +# FILES + +# Port and Test/Benchmark +SRC_C += ./Source/wolf_main.c +SRC_C += ./Source/armtarget.c +SRC_C += ../../wolfcrypt/test/test.c +SRC_C += ../../wolfcrypt/benchmark/benchmark.c + +# WOLFSSL TLS FILES +SRC_C += ../../src/crl.c +SRC_C += ../../src/internal.c +SRC_C += ../../src/keys.c +SRC_C += ../../src/ocsp.c +SRC_C += ../../src/sniffer.c +SRC_C += ../../src/ssl.c +SRC_C += ../../src/tls.c +SRC_C += ../../src/tls13.c +SRC_C += ../../src/wolfio.c + +# wolfCrypt Core (FIPS) +SRC_C += ../../wolfcrypt/src/wolfcrypt_first.c +SRC_C += ../../wolfcrypt/src/aes.c +SRC_C += ../../wolfcrypt/src/cmac.c +SRC_C += ../../wolfcrypt/src/des3.c +SRC_C += ../../wolfcrypt/src/dh.c +SRC_C += ../../wolfcrypt/src/ecc.c +SRC_C += ../../wolfcrypt/src/hmac.c +SRC_C += ../../wolfcrypt/src/random.c +SRC_C += ../../wolfcrypt/src/rsa.c +SRC_C += ../../wolfcrypt/src/sha.c +SRC_C += ../../wolfcrypt/src/sha256.c +SRC_C += ../../wolfcrypt/src/sha512.c +SRC_C += ../../wolfcrypt/src/sha3.c +SRC_C += ../../wolfcrypt/src/fips.c +SRC_C += ../../wolfcrypt/src/fips_test.c +SRC_C += ../../wolfcrypt/src/wolfcrypt_last.c + +# wolfCrypt Additional +SRC_C += ../../wolfcrypt/src/asn.c +SRC_C += ../../wolfcrypt/src/chacha.c +SRC_C += ../../wolfcrypt/src/cmac.c +SRC_C += ../../wolfcrypt/src/coding.c +SRC_C += ../../wolfcrypt/src/compress.c +SRC_C += ../../wolfcrypt/src/cpuid.c +SRC_C += ../../wolfcrypt/src/cryptodev.c +SRC_C += ../../wolfcrypt/src/curve25519.c +SRC_C += ../../wolfcrypt/src/ed25519.c +SRC_C += ../../wolfcrypt/src/error.c +SRC_C += ../../wolfcrypt/src/fe_low_mem.c +SRC_C += ../../wolfcrypt/src/fe_operations.c +SRC_C += ../../wolfcrypt/src/ge_low_mem.c +SRC_C += ../../wolfcrypt/src/ge_operations.c +SRC_C += ../../wolfcrypt/src/hash.c +SRC_C += ../../wolfcrypt/src/integer.c +SRC_C += ../../wolfcrypt/src/logging.c +SRC_C += ../../wolfcrypt/src/md5.c +SRC_C += ../../wolfcrypt/src/memory.c +SRC_C += ../../wolfcrypt/src/misc.c +SRC_C += ../../wolfcrypt/src/pkcs12.c +SRC_C += ../../wolfcrypt/src/pkcs7.c +SRC_C += ../../wolfcrypt/src/poly1305.c +SRC_C += ../../wolfcrypt/src/pwdbased.c +SRC_C += ../../wolfcrypt/src/signature.c +SRC_C += ../../wolfcrypt/src/srp.c +SRC_C += ../../wolfcrypt/src/sp_arm32.c +SRC_C += ../../wolfcrypt/src/sp_arm64.c +SRC_C += ../../wolfcrypt/src/sp_c32.c +SRC_C += ../../wolfcrypt/src/sp_int.c +SRC_C += ../../wolfcrypt/src/tfm.c +SRC_C += ../../wolfcrypt/src/wc_encrypt.c +SRC_C += ../../wolfcrypt/src/wc_port.c +SRC_C += ../../wolfcrypt/src/wolfevent.c +SRC_C += ../../wolfcrypt/src/wolfmath.c + +# wolfCrypt non-standard algorithms (disabled by default) +SRC_C += ../../wolfcrypt/src/arc4.c +SRC_C += ../../wolfcrypt/src/blake2b.c +SRC_C += ../../wolfcrypt/src/camellia.c +SRC_C += ../../wolfcrypt/src/dsa.c +SRC_C += ../../wolfcrypt/src/hc128.c +SRC_C += ../../wolfcrypt/src/idea.c +SRC_C += ../../wolfcrypt/src/md2.c +SRC_C += ../../wolfcrypt/src/md4.c +SRC_C += ../../wolfcrypt/src/rabbit.c +SRC_C += ../../wolfcrypt/src/ripemd.c + + +FILENAMES_C = $(notdir $(SRC_C)) +FILENAMES_C := $(filter-out evp.c, $(FILENAMES_C)) +OBJS_C = $(addprefix $(BUILD_DIR)/, $(FILENAMES_C:.c=.o)) +vpath %.c $(dir $(SRC_C)) + + build_hex: $(BUILD_DIR) $(BUILD_DIR)/$(BIN).hex @echo "" $(CMD_ECHO) @$(SIZE) $(BUILD_DIR)/$(BIN).elf @@ -90,6 +189,9 @@ $(BUILD_DIR)/$(BIN).elf: $(OBJS_ASM) $(OBJS_C) @echo "Generating name list: $(BIN).sym" $(CMD_ECHO) $(NM) -n $@ > $(BUILD_DIR)/$(BIN).sym + @echo "Showing final size:" + $(CMD_ECHO) ls -la $@ + @echo "Generating disassembly: $(BIN).disasm" $(CMD_ECHO) $(OBJDUMP) -S $@ > $(BUILD_DIR)/$(BIN).disasm @@ -100,6 +202,9 @@ $(BUILD_DIR)/$(BIN).a: $(OBJS_ASM) $(OBJS_C) @echo "Generating name list: $(BIN).sym" $(CMD_ECHO) $(NM) -n $@ > $(BUILD_DIR)/$(BIN).sym + @echo "Showing final size:" + $(CMD_ECHO) ls -la $@ + @echo "Generating disassembly: $(BIN).disasm" $(CMD_ECHO) $(OBJDUMP) -S $@ > $(BUILD_DIR)/$(BIN).disasm diff --git a/IDE/GCC-ARM/README.md b/IDE/GCC-ARM/README.md index 3ca5ec924..d110c1561 100644 --- a/IDE/GCC-ARM/README.md +++ b/IDE/GCC-ARM/README.md @@ -14,50 +14,69 @@ This example is for Cortex M series, but can be adopted for other architectures. 1. Make sure you have `gcc-arm-none-eabi` installed. 2. Modify the `Makefile.common`: * Use correct toolchain path `TOOLCHAIN`. - * Use correct architecture 'ARCHFLAGS' (default is cortex-m0 / thumb). See [GCC ARM Options](https://gcc.gnu.org/onlinedocs/gcc-4.7.3/gcc/ARM-Options.html) `-mcpu=name`. -3. Use `make` and it will build the static library and wolfCrypt test/benchmark and wolfSSL TLS client targets as `.elf` and `.hex` in `/Build`. + * Use correct architecture 'ARCHFLAGS'. See [GCC ARM Options](https://gcc.gnu.org/onlinedocs/gcc-4.7.3/gcc/ARM-Options.html) `-mcpu=name`. + * Confirm memory map in linker.ld matches your flash/ram or comment out `SRC_LD = -T./linker.ld` in Makefile.common. +3. Use `make` to build the static library (libwolfssl.a), wolfCrypt test/benchmark and wolfSSL TLS client targets as `.elf` and `.hex` in `/Build`. -### Building for Raspberry Pi -Example `Makefile.common` changes for Rasperry Pi with Cortex-A53: +## Building for Raspberry Pi -1. Change ARCHFLAGS to `ARCHFLAGS = -mcpu=cortex-a53 -mthumb -mabi=aapcs` to specify Cortex-A53. +Example `Makefile.common` changes for Raspberry Pi with Cortex-A53: + +1. In Makefile.common change `ARCHFLAGS` to `-mcpu=cortex-a53 -mthumb`. 2. Comment out `SRC_LD`, since custom memory map is not applicable. 3. Clear `TOOLCHAIN`, so it will use default `gcc`. Set `TOOLCHAIN = ` -4. Comment out `LDFLAGS += --specs=nano.specs --specs=nosys.specs` to disable newlib-nano. +4. Comment out `LDFLAGS += --specs=nano.specs` and `LDFLAGS += --specs=nosys.specs` to nosys and nano. Note: To comment out a line in a Makefile use place `#` in front of line. -### Example Build +## Building for FIPS + +1. Request evaluation from wolfSSL by emailing fips@wolfss.com. +2. Modify user_settings.h so section for `HAVE_FIPS` is enabled. +3. Use `make`. +4. Run the wolfCrypt test `./Build/WolfCryptTest.elf` to generate the FIPS boundary HASH + +Example: ``` -make clean && make - - text data bss dec hex filename - 50076 2508 44 52628 cd94 ./Build/WolfCryptTest.elf - - text data bss dec hex filename - 39155 2508 60 41723 a2fb ./Build/WolfCryptBench.elf - - text data bss dec hex filename - 70368 464 36 70868 114d4 ./Build/WolfSSLClient.elf +$ Crypt Test +error test passed! +base64 test passed! +base16 test passed! +asn test passed! +in my Fips callback, ok = 0, err = -203 +message = In Core Integrity check FIPS error +hash = F607C7B983D1D283590448A56381DE460F1E83CB02584F4D77B7F2C583A8F5CD +In core integrity hash check failure, copy above hash +into verifyCore[] in fips_test.c and rebuild +SHA test failed! + error = -1802 +Crypt Test: Return code -1 ``` -### Building with configure +5. Update the `../../wolfcrypt/src/fips_test.c` array `static const char verifyCore[] = {}` with the correct core hash check. +6. Build again using `make`. +7. Run the wolfCrypt test. + +## Building with configure The configure script in the main project directory can perform a cross-compile build with the the gcc-arm-none-eabi tools. Assuming the tools are installed in your executable path: ``` -$ ./configure CFLAGS="-march=armv8-a \ - --specs=nosys.specs -DHAVE_PK_CALLBACKS \ - -DWOLFSSL_USER_IO -DNO_WRITEV" \ - --host=arm-non-eabi --disable-filesystem \ - --enable-fastmath --disable-shared \ - CC=arm-none-eabi-gcc AR=arm-none-eabi-ar \ - STRIP=arm-none-eabi-strip RANLIB=arm-none-eabi-ranlib \ - --prefix=/path/to/build/wolfssl-arm +$ ./configure \ + --host=arm-non-eabi \ + CC=arm-none-eabi-gcc \ + AR=arm-none-eabi-ar \ + STRIP=arm-none-eabi-strip \ + RANLIB=arm-none-eabi-ranlib \ + --prefix=/path/to/build/wolfssl-arm \ + CFLAGS="-march=armv8-a --specs=nosys.specs \ + -DHAVE_PK_CALLBACKS -DWOLFSSL_USER_IO -DNO_WRITEV" \ + --disable-filesystem --enable-fastmath \ + --disable-shared $ make $ make install ``` @@ -65,7 +84,22 @@ $ make install If you are building for a 32-bit architecture, add `-DTIME_T_NOT_LONG` to the list of CFLAGS. -## Performace Tuning Options +## Example Build Output + +``` +make clean && make + + text data bss dec hex filename + 50076 2508 44 52628 cd94 ./Build/WolfCryptTest.elf + + text data bss dec hex filename + 39155 2508 60 41723 a2fb ./Build/WolfCryptBench.elf + + text data bss dec hex filename + 70368 464 36 70868 114d4 ./Build/WolfSSLClient.elf +``` + +## Performance Tuning Options These settings are located in `Header/user_settings.h`. @@ -79,7 +113,7 @@ These settings are located in `Header/user_settings.h`. * `ECC_TIMING_RESISTANT`: Enables timing resistance for ECC and uses slightly less memory. * `ECC_SHAMIR`: Doubles heap usage, but slightly faster * `RSA_LOW_MEM`: Half as much memory but twice as slow. Uses Non-CRT method for private key. -AES GCM: `GCM_SMALL`, `GCM_WORD32` or `GCM_TABLE`: Tunes performance and flash/memory usage. +* AES GCM: `GCM_SMALL`, `GCM_WORD32` or `GCM_TABLE`: Tunes performance and flash/memory usage. * `CURVED25519_SMALL`: Enables small versions of Ed/Curve (FE/GE math). * `USE_SLOW_SHA`: Enables smaller/slower version of SHA. * `USE_SLOW_SHA256`: About 2k smaller and about 25% slower @@ -87,3 +121,5 @@ AES GCM: `GCM_SMALL`, `GCM_WORD32` or `GCM_TABLE`: Tunes performance and flash/m * `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with. * `BENCH_EMBEDDED`: Define this if using the wolfCrypt test/benchmark and using a low memory target. * `ECC_USER_CURVES`: Allows user to defines curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc.... +* `TFM_ARM`, `TFM_SSE2`, `TFM_AVR32`, `TFM_PPC32`, `TFM_MIPS`, `TFM_X86` or `TFM_X86_64`: These are assembly optimizations available with USE_FAST_MATH. +* Single Precision Math for ARM: See `WOLFSSL_SP`. Optimized math for ARM performance of specific RSA, DH and ECC algorithms. diff --git a/IDE/GCC-ARM/Source/armtarget.c b/IDE/GCC-ARM/Source/armtarget.c index dc5f5dfbf..e960b96f4 100644 --- a/IDE/GCC-ARM/Source/armtarget.c +++ b/IDE/GCC-ARM/Source/armtarget.c @@ -1,6 +1,6 @@ /* armtarget.c * - * Copyright (C) 2006-2017 wolfSSL Inc. + * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,13 +29,9 @@ #include #include -/* Test to determine if ARM Cortex M */ -#if defined(__arm__) && defined(__ARM_ARCH) && (__ARM_ARCH == 6 || __ARM_ARCH == 7) - #define CORTEX_M_SERIES -#endif +#ifdef USE_WOLF_ARM_STARTUP -#ifdef CORTEX_M_SERIES /* Memory initialization */ extern uint32_t __data_load_start__[]; extern uint32_t __data_start__[]; @@ -63,12 +59,12 @@ void meminit32(uint32_t* start, uint32_t* end) *start++ = 0; } } -#endif /* CORTEX_M_SERIES */ +#endif /* USE_WOLF_ARM_STARTUP */ /* Entry Point */ void reset_handler(void) { -#ifdef CORTEX_M_SERIES +#ifdef USE_WOLF_ARM_STARTUP /* Init sections */ memcpy32(__data_load_start__, __data_start__, __data_end__); meminit32(__bss_start__, __bss_end__); @@ -76,7 +72,7 @@ void reset_handler(void) /* Init heap */ __heap_start__[0] = 0; __heap_start__[1] = ((uint32_t)__heap_end__ - (uint32_t)__heap_start__); -#endif /* CORTEX_M_SERIES */ +#endif /* USE_WOLF_ARM_STARTUP */ /* Start main */ extern int main(void); @@ -86,7 +82,7 @@ void reset_handler(void) while(1); } -#ifdef CORTEX_M_SERIES +#ifdef USE_WOLF_ARM_STARTUP // Vector Exception/Interrupt Handlers static void Default_Handler(void) { @@ -186,7 +182,7 @@ void HardFault_Handler(void) ); } -// Vectors +/* Vectors Table */ typedef void (*vector_entry)(void); const vector_entry vectors[] __attribute__ ((section(".vectors"),used)) = { @@ -211,71 +207,4 @@ const vector_entry vectors[] __attribute__ ((section(".vectors"),used)) = /* remainder go below */ }; -#endif /* CORTEX_M_SERIES */ - - -/* TIME CODE */ -/* TODO: Implement real RTC */ -static int gTimeMs; -static int hw_get_time_sec(void) -{ - return ++gTimeMs; -} - -unsigned long my_time(unsigned long* timer) -{ - (void)timer; - return hw_get_time_sec(); -} - -unsigned int LowResTimer(void) -{ - return hw_get_time_sec(); -} - -double current_time(int reset) -{ - double time; - int timeMs = gTimeMs; - (void)reset; - time = (timeMs / 1000); // sec - time += (double)(timeMs % 1000) / 1000; // ms - return time; -} - - -/* RNG CODE */ -/* TODO: Implement real RNG */ -static int gCounter; -int hw_rand(void) -{ - return ++gCounter; -} - -unsigned int custom_rand_generate(void) -{ - return hw_rand(); -} - -int custom_rand_generate_block(unsigned char* output, unsigned int sz) -{ - uint32_t i = 0; - - while (i < sz) - { - /* If not aligned or there is odd/remainder */ - if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz || - ((uint32_t)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0 - ) { - /* Single byte at a time */ - output[i++] = (unsigned char)custom_rand_generate(); - } - else { - /* Use native 8, 16, 32 or 64 copy instruction */ - *((CUSTOM_RAND_TYPE*)&output[i]) = custom_rand_generate(); - i += sizeof(CUSTOM_RAND_TYPE); - } - } - - return 0; -} +#endif /* USE_WOLF_ARM_STARTUP */ diff --git a/IDE/GCC-ARM/Source/benchmark_main.c b/IDE/GCC-ARM/Source/benchmark_main.c index ed7b3ea04..4019e0b66 100644 --- a/IDE/GCC-ARM/Source/benchmark_main.c +++ b/IDE/GCC-ARM/Source/benchmark_main.c @@ -20,10 +20,12 @@ */ #include +#include #include #include #include +#ifndef NO_CRYPT_BENCHMARK typedef struct func_args { int argc; char** argv; @@ -31,17 +33,22 @@ typedef struct func_args { } func_args; static func_args args = { 0 } ; - +#endif int main(void) { + int ret; +#ifndef NO_CRYPT_BENCHMARK wolfCrypt_Init(); printf("\nBenchmark Test\n"); benchmark_test(&args); - printf("Benchmark Test: Return code %d\n", args.return_code); + ret = args.return_code; + printf("Benchmark Test: Return code %d\n", ret); wolfCrypt_Cleanup(); - - return 0; +#else + ret = NOT_COMPILED_IN; +#endif + return ret; } diff --git a/IDE/GCC-ARM/Source/test_main.c b/IDE/GCC-ARM/Source/test_main.c index 137f13f47..42a84be5e 100644 --- a/IDE/GCC-ARM/Source/test_main.c +++ b/IDE/GCC-ARM/Source/test_main.c @@ -22,9 +22,11 @@ #include #include +#include #include #include +#ifndef NO_CRYPT_TEST typedef struct func_args { int argc; char** argv; @@ -32,16 +34,22 @@ typedef struct func_args { } func_args; static func_args args = { 0 } ; +#endif int main(void) { + int ret; +#ifndef NO_CRYPT_TEST wolfCrypt_Init(); printf("\nCrypt Test\n"); wolfcrypt_test(&args); - printf("Crypt Test: Return code %d\n", args.return_code); + ret = args.return_code; + printf("Crypt Test: Return code %d\n", ret); wolfCrypt_Cleanup(); - - return 0; +#else + ret = NOT_COMPILED_IN; +#endif + return ret; } diff --git a/IDE/GCC-ARM/Source/tls_client.c b/IDE/GCC-ARM/Source/tls_client.c index 60f20abaa..5cf405209 100644 --- a/IDE/GCC-ARM/Source/tls_client.c +++ b/IDE/GCC-ARM/Source/tls_client.c @@ -21,6 +21,10 @@ #include +#include + +#ifndef WOLFCRYPT_ONLY + #include #include #include @@ -182,17 +186,22 @@ fail: return -1; } +#endif int main(void) { int ret; +#ifndef WOLFCRYPT_ONLY wolfSSL_Init(); ret = tls_client(); wolfSSL_Cleanup(); +#else + ret = NOT_COMPILED_IN; +#endif return ret; } diff --git a/IDE/GCC-ARM/Source/wolf_main.c b/IDE/GCC-ARM/Source/wolf_main.c new file mode 100644 index 000000000..615e97586 --- /dev/null +++ b/IDE/GCC-ARM/Source/wolf_main.c @@ -0,0 +1,142 @@ +/* wolf_main.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include +#include /* for CUSTOM_RAND_TYPE */ + +#include +#include +#include +#include + + +/* TIME CODE */ +/* TODO: Implement real RTC */ +/* Optionally you can define NO_ASN_TIME to disable all cert time checks */ +static int gTimeMs; +static int hw_get_time_sec(void) +{ + #warning Must implement your own time source if validating certificates + + return ++gTimeMs; +} + +/* This is used by wolfCrypt asn.c for cert time checking */ +unsigned long my_time(unsigned long* timer) +{ + (void)timer; + return hw_get_time_sec(); +} + +#ifndef WOLFCRYPT_ONLY +/* This is used by TLS only */ +unsigned int LowResTimer(void) +{ + return hw_get_time_sec(); +} +#endif + +#ifndef NO_CRYPT_BENCHMARK +/* This is used by wolfCrypt benchmark tool only */ +double current_time(int reset) +{ + double time; + int timeMs = gTimeMs; + (void)reset; + time = (timeMs / 1000); // sec + time += (double)(timeMs % 1000) / 1000; // ms + return time; +} +#endif + +/* RNG CODE */ +/* TODO: Implement real RNG */ +static unsigned int gCounter; +unsigned int hw_rand(void) +{ + #warning Must implement your own random source + + return ++gCounter; +} + +unsigned int my_rng_seed_gen(void) +{ + return hw_rand(); +} + +int my_rng_gen_block(unsigned char* output, unsigned int sz) +{ + uint32_t i = 0; + + while (i < sz) + { + /* If not aligned or there is odd/remainder */ + if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz || + ((uint32_t)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0 + ) { + /* Single byte at a time */ + output[i++] = (unsigned char)my_rng_seed_gen(); + } + else { + /* Use native 8, 16, 32 or 64 copy instruction */ + *((CUSTOM_RAND_TYPE*)&output[i]) = my_rng_seed_gen(); + i += sizeof(CUSTOM_RAND_TYPE); + } + } + + return 0; +} + + +#ifdef XMALLOC_OVERRIDE +void *myMalloc(size_t n, void* heap, int type) +{ + (void)n; + (void)heap; + (void)type; + + #warning Must implement your own malloc + + return NULL; +} +void myFree(void *p, void* heap, int type) +{ + (void)p; + (void)heap; + (void)type; + + #warning Must implement your own free +} + +/* Required for normal math (!USE_FAST_MATH) */ +void *myRealloc(void *p, size_t n, void* heap, int type) +{ + (void)p; + (void)n; + (void)heap; + (void)type; + + #warning Must implement your own realloc + + return NULL; +} +#endif /* XMALLOC_OVERRIDE */ diff --git a/IDE/GCC-ARM/include.am b/IDE/GCC-ARM/include.am index 634fedf3d..f755b35cf 100644 --- a/IDE/GCC-ARM/include.am +++ b/IDE/GCC-ARM/include.am @@ -4,6 +4,7 @@ EXTRA_DIST+= IDE/GCC-ARM/Header/user_settings.h EXTRA_DIST+= IDE/GCC-ARM/Source/armtarget.c +EXTRA_DIST+= IDE/GCC-ARM/Source/wolf_main.c EXTRA_DIST+= IDE/GCC-ARM/Source/benchmark_main.c EXTRA_DIST+= IDE/GCC-ARM/Source/test_main.c EXTRA_DIST+= IDE/GCC-ARM/Source/tls_client.c