Merge pull request #35 from wolfSSL/keccak

Added support for SHA-3-384 hash algorithm

Author: dgarske

Makefile

@@ -27,17 +27,17 @@ endif
 ## Architecture/CPU configuration
 include arch.mk
 
+
 ## DSA Settings
 ifeq ($(SIGN),ECC256)
-  KEYGEN_OPTIONS=--ecc256
-  SIGN_OPTIONS=--ecc256
+  KEYGEN_OPTIONS+=--ecc256
+  SIGN_OPTIONS+=--ecc256
   PRIVATE_KEY=ecc256.der
   WOLFCRYPT_OBJS+= \
     $(MATH_OBJS) \
 	./lib/wolfssl/wolfcrypt/src/ecc.o \
 	./lib/wolfssl/wolfcrypt/src/memory.o \
 	./lib/wolfssl/wolfcrypt/src/wc_port.o \
-    ./lib/wolfssl/wolfcrypt/src/sha256.o \
     ./lib/wolfssl/wolfcrypt/src/hash.o \
     ./src/xmalloc_ecc.o
   CFLAGS+=-DWOLFBOOT_SIGN_ECC256 -DXMALLOC_USER \
@@ -46,13 +46,12 @@ ifeq ($(SIGN),ECC256)
 endif
 
 ifeq ($(SIGN),ED25519)
-  KEYGEN_OPTIONS=--ed25519
-  SIGN_OPTIONS=--ed25519
+  KEYGEN_OPTIONS+=--ed25519
+  SIGN_OPTIONS+=--ed25519
   PRIVATE_KEY=ed25519.der
   WOLFCRYPT_OBJS+= ./lib/wolfssl/wolfcrypt/src/sha512.o \
 	./lib/wolfssl/wolfcrypt/src/ed25519.o \
 	./lib/wolfssl/wolfcrypt/src/ge_low_mem.o \
-    ./lib/wolfssl/wolfcrypt/src/sha256.o \
     ./lib/wolfssl/wolfcrypt/src/hash.o \
 	./lib/wolfssl/wolfcrypt/src/wolfmath.o \
     ./lib/wolfssl/wolfcrypt/src/fe_low_mem.o
@@ -63,15 +62,14 @@ ifeq ($(SIGN),ED25519)
 endif
 
 ifeq ($(SIGN),RSA2048)
-  KEYGEN_OPTIONS=--rsa2048
-  SIGN_OPTIONS=--rsa2048
+  KEYGEN_OPTIONS+=--rsa2048
+  SIGN_OPTIONS+=--rsa2048
   PRIVATE_KEY=rsa2048.der
   IMAGE_HEADER_SIZE=512
   WOLFCRYPT_OBJS+= \
     $(RSA_EXTRA_OBJS) \
     $(MATH_OBJS) \
 	./lib/wolfssl/wolfcrypt/src/rsa.o \
-	./lib/wolfssl/wolfcrypt/src/sha256.o \
 	./lib/wolfssl/wolfcrypt/src/asn.o \
 	./lib/wolfssl/wolfcrypt/src/hash.o \
 	./src/xmalloc_rsa.o
@@ -81,15 +79,14 @@ ifeq ($(SIGN),RSA2048)
 endif
 
 ifeq ($(SIGN),RSA4096)
-  KEYGEN_OPTIONS=--rsa4096
-  SIGN_OPTIONS=--rsa4096
+  KEYGEN_OPTIONS+=--rsa4096
+  SIGN_OPTIONS+=--rsa4096
   PRIVATE_KEY=rsa4096.der
   IMAGE_HEADER_SIZE=1024
   WOLFCRYPT_OBJS+= \
     $(RSA_EXTRA_OBJS) \
     $(MATH_OBJS) \
 	./lib/wolfssl/wolfcrypt/src/rsa.o \
-	./lib/wolfssl/wolfcrypt/src/sha256.o \
 	./lib/wolfssl/wolfcrypt/src/asn.o \
 	./lib/wolfssl/wolfcrypt/src/hash.o \
 	./lib/wolfssl/wolfcrypt/src/wolfmath.o \

arch.mk

@@ -13,6 +13,18 @@ ARCH_FLASH_OFFSET=0x0
 # Default SPI driver name
 SPI_TARGET=$(TARGET)
 
+## Hash settings
+ifeq ($(HASH),SHA256)
+  WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha256.o
+  CFLAGS+=-DWOLFBOOT_HASH_SHA256
+endif
+
+ifeq ($(HASH),SHA3)
+  WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha3.o
+  CFLAGS+=-DWOLFBOOT_HASH_SHA3_384
+  SIGN_OPTIONS+=--sha3
+endif
+
 ## ARM
 ifeq ($(ARCH),ARM)
   CROSS_COMPILE:=arm-none-eabi-

include/user_settings.h

@@ -108,6 +108,10 @@
 #  define TFM_TIMING_RESISTANT
 #endif
 
+#ifdef WOLFBOOT_HASH_SHA3_384
+# define WOLFSSL_SHA3
+#endif
+
 /* Disables - For minimum wolfCrypt build */
 #define NO_AES
 #define NO_CMAC

include/wolfboot/wolfboot.h

@@ -44,6 +44,7 @@
 #define HDR_IMG_TYPE    0x04
 #define HDR_PUBKEY      0x10
 #define HDR_SIGNATURE   0x20
+#define HDR_SHA3_384    0x13
 #define HDR_PADDING     0xFF
 
 #define HDR_IMG_TYPE_AUTH_ED25519 0x0100
@@ -86,4 +87,21 @@ uint16_t wolfBoot_get_image_type(uint8_t part);
 #define wolfBoot_current_firmware_version() wolfBoot_get_image_version(PART_BOOT)
 #define wolfBoot_update_firmware_version() wolfBoot_get_image_version(PART_UPDATE)
 
+
+/* Hashing function configuration */
+#define WOLFBOOT_SHA_BLOCK_SIZE (16)
+#if defined(WOLFBOOT_HASH_SHA256)
+#   define WOLFBOOT_SHA_HDR HDR_SHA256
+#   define WOLFBOOT_SHA_DIGEST_SIZE (32)
+#   define image_hash image_sha256
+#   define key_hash key_sha256
+#elif defined(WOLFBOOT_HASH_SHA3_384)
+#   define WOLFBOOT_SHA_HDR HDR_SHA3_384
+#   define WOLFBOOT_SHA_DIGEST_SIZE (48)
+#   define image_hash image_sha3_384
+#   define key_hash key_sha3_384
+#else
+#   error "No valid hash algorithm defined!"
+#endif
+
 #endif /* !WOLFBOOT_H */