wolfSSL
diff --git a/‎.gitignore‎
Lines changed: 7 additions & 0 deletions b/‎.gitignore‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 56 additions & 15 deletions b/‎Makefile‎
Lines changed: 56 additions & 15 deletions
diff --git a/‎include/loader.h‎
Lines changed: 7 additions & 7 deletions b/‎include/loader.h‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎include/target.h‎
Lines changed: 5 additions & 5 deletions b/‎include/target.h‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎include/user_settings.h‎
Lines changed: 25 additions & 7 deletions b/‎include/user_settings.h‎
Lines changed: 25 additions & 7 deletions
diff --git a/‎lib/wolfssl‎ b/‎lib/wolfssl‎
diff --git a/‎src/image.c‎
Lines changed: 34 additions & 0 deletions b/‎src/image.c‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎src/mem.c‎
Lines changed: 0 additions & 76 deletions b/‎src/mem.c‎
Lines changed: 0 additions & 76 deletions
@@ -49,6 +49,13 @@
 
 # automatically generated source files
 src/ed25519_pub_key.c
+src/ecc256_pub_key.c
+
+# keygen binaries
+tools/ed25519/ed25519_sign
+tools/ed25519/ed25519_keygen
+tools/ecc256/ecc256_sign
+tools/ecc256/ecc256_keygen
 
 # Vim swap files
 .*.swp
 
@@ -1,12 +1,13 @@
 CROSS_COMPILE:=arm-none-eabi-
 CC:=$(CROSS_COMPILE)gcc
 LD:=$(CROSS_COMPILE)gcc
+AS:=$(CROSS_COMPILE)gcc
 
 
 OBJCOPY:=$(CROSS_COMPILE)objcopy
 SIZE:=$(CROSS_COMPILE)size
 BOOT_IMG?=test-app/image.bin
-BOOT0_OFFSET?=0x20000
+BOOT0_OFFSET?=0x10000
 SIGN?=ED25519
 TARGET?=stm32f4
 DEBUG?=0
@@ -19,7 +20,7 @@ LSCRIPT:=hal/$(TARGET).ld
 OBJS:= \
 ./hal/$(TARGET).o \
 ./src/loader.o \
-./src/mem.o \
+./src/string.o \
 ./src/crypto.o \
 ./src/wolfboot.o \
 ./src/image.o \
@@ -29,33 +30,63 @@ OBJS:= \
 ./lib/wolfssl/wolfcrypt/src/wolfmath.o \
 ./lib/wolfssl/wolfcrypt/src/fe_low_mem.o 
 
+
 ifeq ($(TARGET),samr21)
   CORTEX_M0=1
 endif
 
+ifeq ($(SIGN),ECC256)
+  KEYGEN_TOOL=tools/ecc256/ecc256_keygen
+  SIGN_TOOL=tools/ecc256/ecc256_sign
+  PRIVATE_KEY=ecc256.der
+else
+  KEYGEN_TOOL=tools/ed25519/ed25519_keygen
+  SIGN_TOOL=tools/ed25519/ed25519_sign
+  PRIVATE_KEY=ed25519.der
+endif
+
+MATH_OBJS:=./lib/wolfssl/wolfcrypt/src/sp_int.o
+  
+
+
 ifeq ($(CORTEX_M0),1)
   CFLAGS:=-mcpu=cortex-m0
+  MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_c32.o
 else
   CFLAGS:=-mcpu=cortex-m3
+  MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_cortexm.o
+endif
+
+ifeq ($(FASTMATH),1)
+  MATH_OBJS:=./lib/wolfssl/wolfcrypt/src/integer.o
+  CFLAGS+=-DUSE_FAST_MATH
 endif
 
 CFLAGS+=-mthumb -Wall -Wextra -Wno-main -Wstack-usage=1024 -ffreestanding -Wno-unused \
 	-Ilib/bootutil/include -Iinclude/ -Ilib/wolfssl -nostartfiles \
-	-nostdlib \
 	-DWOLFSSL_USER_SETTINGS \
+	-mthumb -mlittle-endian -mthumb-interwork \
 	-DPLATFORM_$(TARGET)
 
 ifeq ($(SIGN),ED25519)
   OBJS+= ./lib/wolfssl/wolfcrypt/src/sha512.o \
 	./lib/wolfssl/wolfcrypt/src/ed25519.o \
 	./lib/wolfssl/wolfcrypt/src/ge_low_mem.o \
     ./src/ed25519_pub_key.o
-  CFLAGS+=-DWOLFBOOT_SIGN_ED25519
+  CFLAGS+=-DWOLFBOOT_SIGN_ED25519 -nostdlib -DWOLFSSL_STATIC_MEMORY
+  LDFLAGS+=-nostdlib
 endif
 
-ifeq ($(SIGN),EC256)
-  OBJS+= ./ext/wolfssl/wolfcrypt/src/ecc.o
-  CFLAGS+=-DWOLFBOOT_SIGN_EC256
+ifeq ($(SIGN),ECC256)
+  OBJS+= \
+    $(MATH_OBJS) \
+	./lib/wolfssl/wolfcrypt/src/ecc.o \
+	./lib/wolfssl/wolfcrypt/src/ge_low_mem.o \
+	./lib/wolfssl/wolfcrypt/src/memory.o \
+	./lib/wolfssl/wolfcrypt/src/wc_port.o \
+    ./src/ecc256_pub_key.o \
+    ./src/xmalloc.o
+  CFLAGS+=-DWOLFBOOT_SIGN_ECC256 -DXMALLOC_USER
 endif
 
 ifeq ($(DEBUG),1)
@@ -68,7 +99,9 @@ ifeq ($(VTOR),0)
     CFLAGS+=-DNO_VTOR
 endif
 
-LDFLAGS:=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles -mcpu=cortex-m3 -mthumb -nostdlib
+LDFLAGS:=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles -mcpu=cortex-m3 -mthumb 
+
+ASFLAGS:=$(CFLAGS)
 
 all: factory.bin
 
@@ -92,16 +125,22 @@ test-app/image.bin:
 tools/ed25519/ed25519_sign:
 	make -C tools/ed25519
 
+tools/ecc256/ecc256_sign:
+	make -C tools/ecc256
+
 ed25519.der: tools/ed25519/ed25519_sign
 	tools/ed25519/ed25519_keygen src/ed25519_pub_key.c
 
-factory.bin: $(BOOT_IMG) wolfboot-align.bin tools/ed25519/ed25519_sign ed25519.der
-	tools/ed25519/ed25519_sign $(BOOT_IMG) ed25519.der 1
+ecc256.der: tools/ecc256/ecc256_sign
+	tools/ecc256/ecc256_keygen src/ecc256_pub_key.c
+
+factory.bin: $(BOOT_IMG) wolfboot-align.bin $(SIGN_TOOL) $(PRIVATE_KEY)
+	$(SIGN_TOOL) $(BOOT_IMG) $(PRIVATE_KEY) 1
 	cat wolfboot-align.bin $(BOOT_IMG).v1.signed > $@
 
-second.img: $(BOOT_IMG) wolfboot-align.bin tools/ed25519/ed25519_sign ed25519.der
-	tools/ed25519/ed25519_sign $(BOOT_IMG) ed25519.der 1 65536
-	tools/ed25519/ed25519_sign $(BOOT_IMG) ed25519.der 2
+second.img: $(BOOT_IMG) wolfboot-align.bin $(SIGN_TOOL) $(PRIVATE_KEY)
+	$(SIGN_TOOL) $(BOOT_IMG) $(PRIVATE_KEY) 1 65536
+	$(SIGN_TOOL) $(BOOT_IMG) $(PRIVATE_KEY) 2
 	cat wolfboot-align.bin $(BOOT_IMG).v1.signed $(BOOT_IMG).v2.signed > $@
 
 wolfboot.elf: $(OBJS) $(LSCRIPT)
@@ -110,14 +149,16 @@ wolfboot.elf: $(OBJS) $(LSCRIPT)
 
 src/ed25519_pub_key.c: ed25519.der
 
-keys: ed25519.der
+src/ecc256_pub_key.c: ecc256.der
 
+keys: $(PRIVATE_KEY)
 
 clean:
 	rm -f *.bin *.elf $(OBJS) wolfboot.map *.bin  *.hex
 	make -C test-app clean
 
 distclean: clean
 	make -C tools/ed25519 clean
-	rm -f *.pem *.der tags ./src/ed25519_pub_key.c
+	make -C tools/ecc256 clean
+	rm -f *.pem *.der tags ./src/ed25519_pub_key.c ./src/ecc256_pub_key.c
 
@@ -1,18 +1,18 @@
 #ifndef LOADER_H
 #define LOADER_H
 
-#if defined(WOLFBOOT_SIGN_EC256)
-    extern const unsigned char ecdsa_pub_key[];
-    extern unsigned int ecdsa_pub_key_len;
-#   define KEY_BUFFER  ecdsa_pub_key
-#   define KEY_LEN     ecdsa_pub_key_len
-#   define IMAGE_SIGNATURE_SIZE (72)
-#elif defined(WOLFBOOT_SIGN_ED25519)
+#if defined(WOLFBOOT_SIGN_ED25519)
     extern const unsigned char ed25519_pub_key[];
     extern unsigned int ed25519_pub_key_len;
 #   define KEY_BUFFER  ed25519_pub_key
 #   define KEY_LEN     ed25519_pub_key_len
 #   define IMAGE_SIGNATURE_SIZE (64)
+#elif defined(WOLFBOOT_SIGN_ECC256)
+    extern const unsigned char ecc256_pub_key[];
+    extern unsigned int ecc256_pub_key_len;
+#   define KEY_BUFFER  ecc256_pub_key
+#   define KEY_LEN     ecc256_pub_key_len
+#   define IMAGE_SIGNATURE_SIZE (64)
 #else
 #   error "No public key available for given signing algorithm."
 #endif /* Algorithm selection */
 
@@ -6,11 +6,11 @@
  * Ensure that your firmware entry point is
  * at FLASH_AREA_IMAGE_0_OFFSET + 0x100
  */
-#define WOLFBOOT_SECTOR_SIZE			0x20000
-#define WOLFBOOT_PARTITION_SIZE			0x20000
+#define WOLFBOOT_SECTOR_SIZE			0x1000
+#define WOLFBOOT_PARTITION_SIZE			0x10000
 
-#define WOLFBOOT_PARTITION_BOOT_ADDRESS 0x20000
-#define WOLFBOOT_PARTITION_UPDATE_ADDRESS 0x40000
-#define WOLFBOOT_PARTITION_SWAP_ADDRESS 0x60000
+#define WOLFBOOT_PARTITION_BOOT_ADDRESS 0x10000
+#define WOLFBOOT_PARTITION_UPDATE_ADDRESS 0x20000
+#define WOLFBOOT_PARTITION_SWAP_ADDRESS 0x30000
 
 #endif
@@ -5,9 +5,8 @@
 #define NO_DEV_RANDOM
 #define NO_FILESYSTEM
 #define NO_MAIN_DRIVER
-#define NO_SIG_WRAPPER
 #define NO_OLD_RNGNAME
-#define WOLFSSL_STATIC_MEMORY
+
 //#define WOLFSSL_SMALL_STACK
 #define USE_SLOW_SHA512
 
@@ -21,7 +20,6 @@
 #   define NO_CERT
 #   define NO_SESSION_CACHE
 #   define NO_HC128
-#   define NO_ASN
 #   define NO_DES3
 #   define NO_WOLFSSL_DIR
 #	define NO_PWDBASED
@@ -32,24 +30,44 @@
 
 #define SMALL_SESSION_CACHE
 #define WOLFSSL_DH_CONST
-#define WORD64_AVAILABLE
 #define TFM_TIMING_RESISTANT
-//#define USE_CERT_BUFFERS_2048
 #define NO_RC4
 #define WOLFCRYPT_ONLY
 #define WOLFSSL_NO_SOCK
-
 #   define WC_NO_RNG
+
+#ifdef WOLFBOOT_SIGN_ED25519
 #   define HAVE_ED25519
 #   define ED25519_SMALL
 #   define NO_ED25519_SIGN
 #   define NO_ED25519_EXPORT
 #   define USE_FAST_MATH
+#   define WOLFSSL_SHA512
+#   define NO_ASN
+#endif
+
+#ifdef WOLFBOOT_SIGN_ECC256
+#   define HAVE_ECC
+#   define FP_ECC
+#   define HAVE_ECC_VERIFY
+#   define ECC_ALT_SIZE
+#   define NO_ECC_SIGN
+#   define NO_ECC_EXPORT
+#   define USE_FAST_MATH
+#   define WOLFSSL_SHA512
+#   define WOLFSSL_SP_SMALL
+#   define SP_WORD_SIZE 32
+#   define WOLFSSL_HAVE_SP_ECC
+#   define WOLFSSL_SP_MATH
+#   define NO_ASN
+//#   define NO_ECC_SIGN
+#   define NO_ECC_DHE
+#   define NO_ECC_KEY_EXPORT
+#endif
 
 /* AES */
 #	define NO_AES
 #	define NO_CMAC
 #	define NO_CODING
-#   define WOLFSSL_SHA512
 #   define NO_BIG_INT
 #	define NO_RSA
@@ -48,6 +48,40 @@ static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig)
 }
 #endif
 
+#ifdef WOLFBOOT_SIGN_ECC256
+#include <wolfssl/wolfcrypt/ecc.h>
+#define ECC_KEY_SIZE  32
+#define ECC_SIG_SIZE  64 
+static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig)
+{
+    int ret, res;
+    mp_int r, s;
+    ecc_key ecc;
+    ret = wc_ecc_init(&ecc);
+    if (ret < 0) {
+        /* Failed to initialize key */
+        return -1;
+    }
+    /* Import public key */
+    ret = wc_ecc_import_unsigned(&ecc, KEY_BUFFER, KEY_BUFFER + 32, NULL, ECC_SECP256R1);
+    if ((ret < 0) || ecc.type != ECC_PUBLICKEY) {
+        /* Failed to import ecc key */
+        return -1;
+    }
+
+    /* Import signature into r,s */
+    mp_init(&r);
+    mp_init(&s);
+    mp_read_unsigned_bin(&r, sig, ECC_KEY_SIZE);
+    mp_read_unsigned_bin(&s, sig + ECC_KEY_SIZE, ECC_KEY_SIZE);
+    ret = wc_ecc_verify_hash_ex(&r, &s, hash, SHA256_DIGEST_SIZE, &res, &ecc);
+    if ((ret < 0) || (res == 0)) {
+        return -1;
+    }
+    return 0;
+}
+#endif
+
 
 static uint8_t get_header(struct wolfBoot_image *img, uint8_t type, uint8_t **ptr)
 {