Почетна Преглед Помоћ
Пријавите се
OWEALs
/
wolfssl
огледало од https://github.com/wolfSSL/wolfssl.git
2
0
Креирај огранак 0
Датотеке Дискусије 8 Вики
Дрво: b6d6b1db77
Гране Ознаке
wolfssl
/
IDE
/
GCC-ARM
David Garske fca5895090 Example for FIPS Linker Descriptor to explicitly set wolfCrypt FIPS boundaries. пре 4 година
..
Header 45c5a2d39c update copyright to 2020 пре 4 година
Source b67fd249e2 Fix for cppcheck пре 4 година
Makefile f44d42b1c8 Enhancements to the GCC-ARM example to support FIPS and additional build options. Added examples for memory overrides and standard library overrides. Fixes for building without test, benchmark or TLS. Changed the ARM startup code to only work for the Cortex M0 example using the define `USE_WOLF_ARM_STARTUP`. пре 5 година
Makefile.bench 7f30397252 Remove execute bit on all code files. пре 6 година
Makefile.client a02903c43e Improvements to Makefile templates. Added missing Makefile. Added new static library support. пре 6 година
Makefile.common ee45cfdbcb Refactor and rename of cryptodev to cryptocb. Refactor API names from `wc_CryptoDev` to use `wc_CryptoCb`. Backwards compatibility is retained for anyone using old `WOLF_CRYPTO_DEV` name. Added comment about fall-through case when CryptoCb return `NOT_COMPILED_IN`. пре 5 година
Makefile.static 7f30397252 Remove execute bit on all code files. пре 6 година
Makefile.test 7f30397252 Remove execute bit on all code files. пре 6 година
README.md e3653a7a07 Various spelling corrections. пре 4 година
include.am fca5895090 Example for FIPS Linker Descriptor to explicitly set wolfCrypt FIPS boundaries. пре 4 година
linker.ld 7f30397252 Remove execute bit on all code files. пре 6 година
linker_fips.ld fca5895090 Example for FIPS Linker Descriptor to explicitly set wolfCrypt FIPS boundaries. пре 4 година

README.md

Example Project for GCC ARM

This example is for Cortex M series, but can be adopted for other architectures.

Design

  • All library options are defined in Header/user_settings.h.
  • The memory map is located in the linker file in linker.ld.
  • Entry point function is reset_handler in armtarget.c.
  • The RTC and RNG hardware interface needs implemented for real production applications in armtarget.c

Building

  1. Make sure you have gcc-arm-none-eabi installed.
  2. Modify the Makefile.common:
    • Use correct toolchain path TOOLCHAIN.
    • Use correct architecture 'ARCHFLAGS'. See GCC ARM Options -mcpu=name.
    • Confirm memory map in linker.ld matches your flash/ram or comment out SRC_LD = -T./linker.ld in Makefile.common.
  3. Use make to build the static library (libwolfssl.a), wolfCrypt test/benchmark and wolfSSL TLS client targets as .elf and .hex in /Build.

Building for Raspberry Pi

Example Makefile.common changes for Raspberry Pi with Cortex-A53:

  1. In Makefile.common change ARCHFLAGS to -mcpu=cortex-a53 -mthumb.
  2. Comment out SRC_LD, since custom memory map is not applicable.
  3. Clear TOOLCHAIN, so it will use default gcc. Set TOOLCHAIN =
  4. Comment out LDFLAGS += --specs=nano.specs and LDFLAGS += --specs=nosys.specs to nosys and nano.

Note: To comment out a line in a Makefile use place # in front of line.

Building for FIPS

  1. Request evaluation from wolfSSL by emailing fips@wolfss.com.
  2. Modify user_settings.h so section for HAVE_FIPS is enabled.
  3. Use make.
  4. Run the wolfCrypt test ./Build/WolfCryptTest.elf to generate the FIPS boundary HASH

Example:

$ Crypt Test
error    test passed!
base64   test passed!
base16   test passed!
asn      test passed!
in my Fips callback, ok = 0, err = -203
message = In Core Integrity check FIPS error
hash = F607C7B983D1D283590448A56381DE460F1E83CB02584F4D77B7F2C583A8F5CD
In core integrity hash check failure, copy above hash
into verifyCore[] in fips_test.c and rebuild
SHA      test failed!
 error = -1802
Crypt Test: Return code -1
  1. Update the ../../wolfcrypt/src/fips_test.c array static const char verifyCore[] = {} with the correct core hash check.
  2. Build again using make.
  3. Run the wolfCrypt test.

Building with configure

The configure script in the main project directory can perform a cross-compile build with the the gcc-arm-none-eabi tools. Assuming the tools are installed in your executable path:

$ ./configure \
    --host=arm-non-eabi \
    CC=arm-none-eabi-gcc \
    AR=arm-none-eabi-ar \
    STRIP=arm-none-eabi-strip \
    RANLIB=arm-none-eabi-ranlib \
    --prefix=/path/to/build/wolfssl-arm \
    CFLAGS="-march=armv8-a --specs=nosys.specs \
        -DHAVE_PK_CALLBACKS -DWOLFSSL_USER_IO -DNO_WRITEV" \
    --disable-filesystem --enable-fastmath \
    --disable-shared
$ make
$ make install

If you are building for a 32-bit architecture, add -DTIME_T_NOT_64BIT to the list of CFLAGS.

Example Build Output

make clean && make

   text    data     bss     dec     hex   filename
  50076    2508      44   52628    cd94   ./Build/WolfCryptTest.elf

   text    data     bss     dec     hex   filename
  39155    2508      60   41723    a2fb   ./Build/WolfCryptBench.elf

   text    data     bss     dec     hex filename
  70368     464      36   70868   114d4 ./Build/WolfSSLClient.elf

Performance Tuning Options

These settings are located in Header/user_settings.h.

  • DEBUG_WOLFSSL: Undefine this to disable debug logging.
  • NO_ERROR_STRINGS: Disables error strings to save code space.
  • NO_INLINE: Disabling inline function saves about 1KB, but is slower.
  • WOLFSSL_SMALL_STACK: Enables stack reduction techniques to allocate stack sections over 100 bytes from heap.
  • USE_FAST_MATH: Uses stack based math, which is faster than the heap based math.
  • ALT_ECC_SIZE: If using fast math and RSA/DH you can define this to reduce your ECC memory consumption.
  • FP_MAX_BITS: Is the maximum math size (key size * 2). Used only with USE_FAST_MATH.
  • ECC_TIMING_RESISTANT: Enables timing resistance for ECC and uses slightly less memory.
  • ECC_SHAMIR: Doubles heap usage, but slightly faster
  • RSA_LOW_MEM: Half as much memory but twice as slow. Uses Non-CRT method for private key.
  • AES GCM: GCM_SMALL, GCM_WORD32 or GCM_TABLE: Tunes performance and flash/memory usage.
  • CURVED25519_SMALL: Enables small versions of Ed/Curve (FE/GE math).
  • USE_SLOW_SHA: Enables smaller/slower version of SHA.
  • USE_SLOW_SHA256: About 2k smaller and about 25% slower
  • USE_SLOW_SHA512: Over twice as small, but 50% slower
  • USE_CERT_BUFFERS_1024 or USE_CERT_BUFFERS_2048: Size of RSA certs / keys to test with.
  • BENCH_EMBEDDED: Define this if using the wolfCrypt test/benchmark and using a low memory target.
  • ECC_USER_CURVES: Allows user to define curve sizes to enable. Default is 256-bit on. To enable others use HAVE_ECC192, HAVE_ECC224, etc....
  • TFM_ARM, TFM_SSE2, TFM_AVR32, TFM_PPC32, TFM_MIPS, TFM_X86 or TFM_X86_64: These are assembly optimizations available with USE_FAST_MATH.
  • Single Precision Math for ARM: See WOLFSSL_SP. Optimized math for ARM performance of specific RSA, DH and ECC algorithms.