123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197 |
- #!/usr/bin/env bash
- WOLF_ROOT=$(eval "pwd")
- echo "WOLF_ROOT set to: \"$WOLF_ROOT\""
- cd ../ || exit 5
- APP_ROOT=$(eval "pwd")
- echo "APP_ROOT set to: \"$APP_ROOT\""
- cd ../../ || exit 5
- FIRMWARE_ROOT=$(eval "pwd")
- echo "FIRMWARE_ROOT set to: \"$FIRMWARE_ROOT\""
- cd "$WOLF_ROOT" || exit 5
- WOLFCRYPT_SRC_LIST=(wolfcrypt_first hmac random sha256 rsa ecc aes des3 sha
- sha512 sha3 dh cmac fips fips_test wolfcrypt_last asn coding
- dsa error hash logging md5 memory signature tfm wc_encrypt
- wc_port wolfmath
- )
- assumptions(){
- printf '%s\n' "ASSUMPTIONS:"
- printf '%s\n' "It is assumed that the firmware directory layout is as follows:"
- printf '%s\n' "firmware-root/"
- printf '%s\n' "firmware-root/dir1/"
- printf '%s\n' "firmware-root/dir1/app-root/"
- printf '%s\n' "firmware-root/dir1/app-root/wolfssl-x.x.x-commercial-fips-stm32l4-v2/"
- printf '\n\n%s\n' "It is also assumed this script will be run from the directory:"
- printf '%s\n' "firmware-root/dir1/app-root/wolfssl-x.x.x-commercial-fips-stm32l4-v2/"
- printf '%s\n' "with the command:"
- printf '%s\n' "./scripts/stm32l4-v4_0_2_build.sh"
- }
- flatten_wolfcrypt_sources(){
- if [ -d "$WOLF_ROOT" ]; then
- for TARGET_FILE in "${WOLFCRYPT_SRC_LIST[@]}"
- do
- if [ -f "$APP_ROOT/$TARGET_FILE".c ]; then
- printf '%s\n' "Removing: APP_ROOT/$TARGET_FILE.c"
- rm "$APP_ROOT/$TARGET_FILE".c
- fi
- printf '%s\n' "WOLF_ROOT/wolfcrypt/src/$TARGET_FILE.c --> APP_ROOT/$TARGET_FILE.c"
- cp "$WOLF_ROOT/wolfcrypt/src/$TARGET_FILE".c "$APP_ROOT/"
- done
- # uncomment to copy over the test app for testing purposes
- #cp "$WOLF_ROOT/wolfcrypt/test/test.c" ./
- else
- printf '%s\n' "Please update the MY_WOLF_RELEASE_VARIABLE to the name"
- printf '%s\n' "of the release you received most recently. Currently"
- printf '%s\n' "it is set to \"$MY_WOLF_RELEASE_NAME\""
- fi
- }
- update_user_settings(){
- if [ -f user_settings.h ]; then
- printf '%s\n' "Removing old user_settings.h"
- rm user_settings.h
- fi
- printf '%s\n' "Generating new user_settings.h..."
- touch user_settings.h
- printf '%s\n' "#ifndef STM32L4_V_4_0_1_USER_SETTINGS_H" > user_settings.h
- {
- printf '%s\n' "#define STM32L4_V_4_0_1_USER_SETTINGS_H";
- printf '%s\n' "";
- printf '%s\n' "/* FIPS SETTINGS - BEGIN */";
- printf '%s\n' "#define HAVE_FIPS";
- printf '%s\n' "#define HAVE_FIPS_VERSION 2";
- printf '%s\n' "#define NO_THREAD_LS";
- printf '%s\n' "#define NO_STRICT_ECDSA_LEN";
- printf '%s\n' "#define HAVE_ECC";
- printf '%s\n' "#define HAVE_HKDF";
- printf '%s\n' "#define HAVE_AESCCM";
- printf '%s\n' "#define HAVE_AES_ECB";
- printf '%s\n' "#define HAVE_ECC_CDH";
- printf '%s\n' "#define HAVE_FFDHE_Q";
- printf '%s\n' "#define HAVE_FFDHE_2048"; # NEW
- printf '%s\n' "#define HAVE_HASHDRBG";
- printf '%s\n' "#define WOLFSSL_SHA3";
- printf '%s\n' "#define WOLFSSL_CMAC";
- printf '%s\n' "#define WOLFSSL_SHA224";
- printf '%s\n' "#define WOLFSSL_SHA384";
- printf '%s\n' "#define WOLFSSL_SHA512";
- printf '%s\n' "#define WOLFSSL_KEY_GEN";
- printf '%s\n' "#define WOLFSSL_PUBLIC_MP";
- printf '%s\n' "#define WOLFSSL_AES_DIRECT";
- printf '%s\n' "#define WOLFSSL_AES_COUNTER";
- printf '%s\n' "#define WOLFSSL_BASE64_ENCODE";
- printf '%s\n' "#define WOLFSSL_VALIDATE_FFC_IMPORT";
- printf '%s\n' "#define WOLFSSL_VALIDATE_ECC_IMPORT";
- printf '%s\n' "#define WC_RSA_PSS";
- printf '%s\n' "#define WC_RSA_NO_PADDING";
- # NEW printf '%s\n' "#define WC_RSA_BLINDING";
- printf '%s\n' "#define FP_MAX_BITS 8192";
- printf '%s\n' "";
- printf '%s\n' "/* For operational testing use only in validation effort */";
- # printf '%s\n' "/* #define HAVE_FORCE_FIPS_FAILURE */";
- printf '%s\n' "#define HAVE_FORCE_FIPS_FAILURE";
- printf '%s\n' "/* FIPS SETTINGS - END */";
- printf '%s\n' "";
- printf '%s\n' "/* Debugging */";
- printf '%s\n' "/* #define WOLFSSL_DEBUG_MEMORY */";
- printf '%s\n' "/* #define WOLFSSL_TRACK_MEMORY */";
- printf '%s\n' "/* #define WOLFSSL_DEBUG_MEMORY_PRINT */";
- printf '%s\n' "/* Debugging */";
- printf '%s\n' "";
- printf '%s\n' "/* Environment settings */";
- printf '%s\n' "#define NO_FILESYSTEM";
- printf '%s\n' "#define USE_FAST_MATH";
- printf '%s\n' "#define NO_MAIN_DRIVER";
- printf '%s\n' "#define WOLFCRYPT_ONLY";
- printf '%s\n' "#define WC_RSA_BLINDING";
- printf '%s\n' "#define SINGLE_THREADED";
- printf '%s\n' "#define TFM_TIMING_RESISTANT";
- printf '%s\n' "#define ECC_TIMING_RESISTANT";
- printf '%s\n' "#define USE_CERT_BUFFERS_256";
- printf '%s\n' "#define USE_CERT_BUFFERS_2048";
- printf '%s\n' "#define WOLFSSL_STM32L4";
- printf '%s\n' "#define WOLFSSL_STM32_CUBEMX";
- printf '%s\n' "#define WOLFSSL_CUBEMX_USE_LL";
- printf '%s\n' "#define STM32_RNG";
- printf '%s\n' "#define NO_STM32_CRYPTO";
- printf '%s\n' "#define NO_STM32_HASH";
- printf '%s\n' "#define NO_OLD_RNGNAME";
- printf '%s\n' "/* Environment settings */";
- printf '%s\n' "";
- printf '%s\n' "/* Tuning options */";
- printf '%s\n' "#define ALT_ECC_SIZE";
- printf '%s\n' "#define NO_RC4";
- printf '%s\n' "#define NO_MD4";
- printf '%s\n' "#define NO_PSK";
- printf '%s\n' "#define GCM_SMALL";
- printf '%s\n' "#define TFM_ECC256";
- printf '%s\n' "#define ECC_SHAMIR";
- printf '%s\n' "#define HAVE_AESGCM";
- printf '%s\n' "#define NO_PWDBASED";
- printf '%s\n' "/* Tuning options */";
- printf '%s\n' "";
- printf '%s\n' "/* Non-FIPS related settings */";
- printf '%s\n' "#define HAVE_TLS_EXTENSIONS";
- printf '%s\n' "#define HAVE_EXTENDED_MASTER";
- printf '%s\n' "#define HAVE_SUPPORTED_CURVES";
- printf '%s\n' "/* Non-FIPS related settings */";
- printf '%s\n' "";
- printf '%s\n' "/* Agent harness settings */";
- printf '%s\n' "#define USE_NORMAL_PRINTF";
- printf '%s\n' "#define STM32L4R9I_DISCO";
- printf '%s\n' "#define USE_NORMAL_SCAN";
- printf '%s\n' "#define HAVE_FIPS";
- printf '%s\n' "#define HAVE_FIPS_VERSION 2";
- printf '%s\n' "#define VERIFY_GENERATED_PSS_SIGS";
- printf '%s\n' "/* Agent harness settings */";
- printf '%s\n' "";
- printf '%s\n' "#endif /* STM32L4_V_4_0_1_USER_SETTINGS_H */";
- printf '%s\n' "";
- } >> user_settings.h
- printf '%s\n' "new user_settings.h has been created"
- }
- assumptions
- if [ -f wolfssl/ssl.h ]; then
- if [ -f "$FIRMWARE_ROOT"/project.mk ]; then
- printf '%s\n' "Found ../../../project.mk, wolfSSL properly placed in"
- printf '%s\n' "application root directory"
- else
- printf '%s\n' "Failed to locate ../../../project.mk, wolfSSL in wrong"
- printf '%s\n' "location or assumptions need updated."
- fi
- else
- printf '%s\n' "Run this script from the wolfSSL root directory"
- exit 1
- fi
- flatten_wolfcrypt_sources
- # optional test application, remove if not testing
- if [ -f "$APP_ROOT/test.c" ]; then
- printf '%s\n' "Removing: $APP_ROOT/test.c"
- rm "$APP_ROOT/test.c"
- fi
- printf '%s\n' "WOLF_ROOT/wolfcrypt/test/test.c --> APP_ROOT/test.c"
- cp "$WOLF_ROOT/wolfcrypt/test/test.c" "$APP_ROOT/"
- # optional test application section end
- # used during fips validation only, these will not be in final distribution
- #./scripts/flatten-agent-sources.sh
- #./scripts/flatten-op-test.sh
- # used during fips validation only, these will not be in final distribution
- update_user_settings
- cd "$FIRMWARE_ROOT"
- make clean
- make -j 1
- cd "$APP_ROOT"
- make install-target
|