From 981952056198a9c25feeeee788dddcb07a0976f9 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 29 Oct 2024 10:32:11 +0100 Subject: [PATCH] Fixed objects inclusion in SECURE_MODE --- arch.mk | 1 - include/user_settings.h | 1 + options.mk | 40 +++++++++++++++++++++++++++++++++------- 3 files changed, 34 insertions(+), 8 deletions(-) diff --git a/arch.mk b/arch.mk index 96b1aa7cc..caae3a9c8 100644 --- a/arch.mk +++ b/arch.mk @@ -247,7 +247,6 @@ else CORTEXM_ARM_EXTRA_OBJS= CORTEXM_ARM_EXTRA_CFLAGS= SECURE_OBJS+=./src/wc_callable.o - SECURE_OBJS+=./lib/wolfssl/wolfcrypt/src/random.o CFLAGS+=-DWOLFCRYPT_SECURE_MODE SECURE_LDFLAGS+=-Wl,--cmse-implib -Wl,--out-implib=./src/wc_secure_calls.o endif diff --git a/include/user_settings.h b/include/user_settings.h index 6998693ec..5ddaaab61 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -320,6 +320,7 @@ extern int tolower(int c); # define WOLFSSL_AES_COUNTER # define WOLFSSL_AES_DIRECT # define WOLFSSL_AES_GCM +# define GCM_TABLE_4BIT # define ENCRYPT_WITH_AES128 # define WOLFSSL_AES_128 # define HAVE_SCRYPT diff --git a/options.mk b/options.mk index ba8462b7c..73da75430 100644 --- a/options.mk +++ b/options.mk @@ -73,7 +73,6 @@ endif ECC_OBJS= \ - $(MATH_OBJS) \ ./lib/wolfssl/wolfcrypt/src/ecc.o ED25519_OBJS=./lib/wolfssl/wolfcrypt/src/sha512.o \ @@ -89,7 +88,6 @@ ED448_OBJS=./lib/wolfssl/wolfcrypt/src/ed448.o \ RSA_OBJS=\ $(RSA_EXTRA_OBJS) \ - $(MATH_OBJS) \ ./lib/wolfssl/wolfcrypt/src/rsa.o LMS_OBJS=\ @@ -129,6 +127,7 @@ ifeq ($(SIGN),ECC256) KEYGEN_OPTIONS+=--ecc256 SIGN_OPTIONS+=--ecc256 WOLFCRYPT_OBJS+=$(ECC_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) CFLAGS+=-D"WOLFBOOT_SIGN_ECC256" ifeq ($(WOLFBOOT_SMALL_STACK),1) STACK_USAGE=4096 @@ -152,6 +151,7 @@ ifeq ($(SIGN),ECC384) KEYGEN_OPTIONS+=--ecc384 SIGN_OPTIONS+=--ecc384 WOLFCRYPT_OBJS+=$(ECC_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) CFLAGS+=-D"WOLFBOOT_SIGN_ECC384" ifeq ($(WOLFBOOT_SMALL_STACK),1) STACK_USAGE=5880 @@ -176,6 +176,7 @@ ifeq ($(SIGN),ECC521) SIGN_OPTIONS+=--ecc521 CFLAGS+=-D"WOLFBOOT_SIGN_ECC521" WOLFCRYPT_OBJS+=$(ECC_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) ifeq ($(WOLFBOOT_SMALL_STACK),1) STACK_USAGE=4096 else @@ -243,6 +244,7 @@ ifneq ($(findstring RSA2048,$(SIGN)),) endif SIGN_ALG=RSA2048 # helps keystore.c check WOLFCRYPT_OBJS+= $(RSA_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) CFLAGS+=-D"WOLFBOOT_SIGN_RSA2048" $(RSA_EXTRA_CFLAGS) ifeq ($(WOLFBOOT_SMALL_STACK),1) ifneq ($(SPMATH),1) @@ -275,6 +277,7 @@ ifneq ($(findstring RSA3072,$(SIGN)),) endif SIGN_ALG=RSA3072 # helps keystore.c check WOLFCRYPT_OBJS+= $(RSA_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) CFLAGS+=-D"WOLFBOOT_SIGN_RSA3072" $(RSA_EXTRA_CFLAGS) ifeq ($(WOLFBOOT_SMALL_STACK),1) ifneq ($(SPMATH),1) @@ -311,6 +314,7 @@ ifneq ($(findstring RSA4096,$(SIGN)),) endif SIGN_ALG=RSA4096 # helps keystore.c check WOLFCRYPT_OBJS+= $(RSA_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) CFLAGS+=-D"WOLFBOOT_SIGN_RSA4096" $(RSA_EXTRA_CFLAGS) ifeq ($(WOLFBOOT_SMALL_STACK),1) ifneq ($(SPMATH),1) @@ -490,21 +494,27 @@ ifneq ($(SIGN_SECONDARY),) CFLAGS+=-DWOLFBOOT_SIGN_SECONDARY_$(SIGN_SECONDARY) ifeq ($(SIGN_SECONDARY),RSA2048) WOLFCRYPT_OBJS+=$(RSA_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) endif ifeq ($(SIGN_SECONDARY),RSA3072) WOLFCRYPT_OBJS+=$(RSA_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) endif ifeq ($(SIGN_SECONDARY),RSA4096) WOLFCRYPT_OBJS+=$(RSA_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) endif ifeq ($(SIGN_SECONDARY),ECC256) WOLFCRYPT_OBJS+=$(ECC_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) endif ifeq ($(SIGN_SECONDARY),ECC384) WOLFCRYPT_OBJS+=$(ECC_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) endif ifeq ($(SIGN_SECONDARY),ECC521) WOLFCRYPT_OBJS+=$(ECC_OBJS) + WOLFCRYPT_OBJS+=$(MATH_OBJS) endif ifeq ($(SIGN_SECONDARY),ED25519) WOLFCRYPT_OBJS+=$(ED25519_OBJS) @@ -703,11 +713,14 @@ ifeq ($(WOLFCRYPT_TZ_PKCS11),1) CFLAGS+=-DCK_CALLABLE="__attribute__((cmse_nonsecure_entry))" CFLAGS+=-Ilib/wolfPKCS11 CFLAGS+=-DWP11_HASH_PIN_COST=3 - OBJS+=src/pkcs11_store.o - OBJS+=src/pkcs11_callable.o + WOLFCRYPT_OBJS+=src/pkcs11_store.o + WOLFCRYPT_OBJS+=src/pkcs11_callable.o WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/pwdbased.o WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/hmac.o WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/dh.o + ifeq ($(findstring random.o,$(WOLFCRYPT_OBJS)),) + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/random.o + endif WOLFCRYPT_OBJS+=./lib/wolfPKCS11/src/crypto.o \ ./lib/wolfPKCS11/src/internal.o \ ./lib/wolfPKCS11/src/slot.o \ @@ -717,10 +730,23 @@ ifeq ($(WOLFCRYPT_TZ_PKCS11),1) WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/aes.o endif ifeq ($(findstring RSA,$(SIGN)),) - WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/rsa.o + ifeq ($(findstring RSA,$(SIGN_SECONDARY)),) + WOLFCRYPT_OBJS+=$(RSA_OBJS) + endif + endif + ifeq ($(findstring ECC,$(SIGN)),) + ifeq ($(findstring ECC,$(SIGN_SECONDARY)),) + WOLFCRYPT_OBJS+=$(ECC_OBJS) + endif endif ifeq ($(findstring ECC,$(SIGN)),) - WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/ecc.o + ifeq ($(findstring ECC,$(SIGN_SECONDARY)),) + ifeq ($(findstring RSA,$(SIGN)),) + ifeq ($(findstring RSA,$(SIGN_SECONDARY)),) + WOLFCRYPT_OBJS+=$(MATH_OBJS) + endif + endif + endif endif endif @@ -865,7 +891,7 @@ ifeq ($(FLASH_MULTI_SECTOR_ERASE),1) endif CFLAGS+=$(CFLAGS_EXTRA) -OBJS:=$(OBJS_EXTRA) $(OBJS) +OBJS+=$(OBJS_EXTRA) ifeq ($(USE_GCC_HEADLESS),1) ifneq ($(ARCH),RENESAS_RX)